Fatal编程技术网
  • java/
  • Java Tomcat失败,出现不可恢复的密钥异常:无法恢复密钥

Java Tomcat失败,出现不可恢复的密钥异常:无法恢复密钥

java tomcat

Java Tomcat失败,出现不可恢复的密钥异常:无法恢复密钥,java,tomcat,Java,Tomcat,我在服务器上运行了ApacheTomcat/7.0.68,我正在尝试为它自动更新证书 证书和私钥通过Java的keytool从PKCS#12文件导入(摘自Powershell脚本): &$keytool-importkeystore-srckeystore$certfile-srcstoretype PKCS12-srcstorepass$srcspassword-srcalas tomcat-keystore$keystore-deststorepass$dstpassword-destala

我在服务器上运行了ApacheTomcat/7.0.68,我正在尝试为它自动更新证书

证书和私钥通过Java的keytool从PKCS#12文件导入(摘自Powershell脚本):

&$keytool-importkeystore-srckeystore$certfile-srcstoretype PKCS12-srcstorepass$srcspassword-srcalas tomcat-keystore$keystore-deststorepass$dstpassword-destalas teamcity-destkeypass$dstpassword-noprompt
当我重新启动Tomcat时,它会弹出以下日志行:

INFO: Initializing ProtocolHandler ["http-nio-443"]
jul. 14, 2017 5:03:31 PM org.apache.coyote.AbstractProtocol init
SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-nio-443"]
java.security.UnrecoverableKeyException: Cannot recover key
  at sun.security.provider.KeyProtector.recover(KeyProtector.java:328)
  at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:146)
  at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:56)
  at sun.security.provider.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:96)
  at sun.security.provider.JavaKeyStore$DualFormatJKS.engineGetKey(JavaKeyStore.java:70)
  at java.security.KeyStore.getKey(KeyStore.java:1023)
  at sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:133)
  at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:70)
  at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256)
  at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:608)
  at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:537)
  at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:495)
  at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:650)
  at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434)
  at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
  at org.apache.catalina.connector.Connector.initInternal(Connector.java:978)
  at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
  at org.apache.catalina.core.StandardService.initInternal(StandardService.java:560)
  at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
  at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:820)
  at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
  at org.apache.catalina.startup.Catalina.load(Catalina.java:642)
  at org.apache.catalina.startup.Catalina.load(Catalina.java:667)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  at java.lang.reflect.Method.invoke(Method.java:497)
  at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:253)
  at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:427)

INFO:初始化ProtocolHandler[“http-nio-443”]
2017年7月14日下午5:03:31 org.apache.coyote.AbstractProtocol init
严重:未能初始化与ProtocolHandler[“http-nio-443”]关联的端点
java.security.UnrecoverableKeyException:无法恢复密钥
位于sun.security.provider.KeyProtector.recover(KeyProtector.java:328)
位于sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:146)
位于sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:56)
位于sun.security.provider.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:96)
位于sun.security.provider.JavaKeyStore$DualFormatJKS.engineGetKey(JavaKeyStore.java:70)
位于java.security.KeyStore.getKey(KeyStore.java:1023)
位于sun.security.ssl.SunX509KeyManagerImpl.(SunX509KeyManagerImpl.java:133)
位于sun.security.ssl.keymanagerfactorympl$SunX509.engineInit(keymanagerfactorympl.java:70)
位于javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256)
位于org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManager(JSSESocketFactory.java:608)
位于org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManager(JSSESocketFactory.java:537)
位于org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:495)
位于org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:650)
位于org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434)
位于org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
位于org.apache.catalina.connector.connector.initInternal(connector.java:978)
位于org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
位于org.apache.catalina.core.StandardService.initInternal(StandardService.java:560)
位于org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
位于org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:820)
位于org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
位于org.apache.catalina.startup.catalina.load(catalina.java:642)
位于org.apache.catalina.startup.catalina.load(catalina.java:667)
在sun.reflect.NativeMethodAccessorImpl.invoke0(本机方法)处
位于sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
在sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)中
位于java.lang.reflect.Method.invoke(Method.java:497)
位于org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:253)
位于org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:427)
但当我试图通过keytool更改密码时,它可以读取条目并更改密码

PS:我确保条目的密码与商店的密码相同,因为至少有一些版本的Tomcat需要这个密码。

最终解决了这个问题。事实证明,在密钥库中使用与密钥库密码不同的完全不相关的密钥会破坏Tomcat,如中所述

我必须在pkcs12和Java密钥库上设置相同的密码!