是什麼keyAlias在tomcat的server.xml文件

Question

=「AAAA」我有SSL證書購買並安裝到Tomcat。我創建tomcat.keystore文件，其中包括我在server.xml文件也把密碼，但無法理解keyAlias="aaa"。如果我把keyAlias =「localhost」，那麼我會在下面給出異常。如果我從連接器標籤中刪除keyAlias本身，那麼我會得到另一個例外，下面給出localhost例外。

java.io.IOException: Alias name localhost does not identify a key entry 
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:588) 
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:526) 
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:471) 
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:218) 
    at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:400) 
    at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:649) 

下面是從Connector標籤移除keyAlias本身後例外。

Aug 08, 2015 2:39:18 PM org.apache.catalina.core.StandardService initInternal 
SEVERE: Failed to initialize connector [Connector[HTTP/1.1-443]] 
org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-443]] 
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106) 
    at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559) 
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) 
    at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:821) 
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) 
    at org.apache.catalina.startup.Catalina.load(Catalina.java:638) 
    at org.apache.catalina.startup.Catalina.load(Catalina.java:663) 
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
    at java.lang.reflect.Method.invoke(Method.java:606) 
    at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280) 
    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454) 
Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed 
    at org.apache.catalina.connector.Connector.initInternal(Connector.java:980) 
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) 
    ... 12 more 
Caused by: java.net.BindException: Address already in use <null>:443 
    at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:413) 
    at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:649) 
    at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434) 
    at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119) 
    at org.apache.catalina.connector.Connector.initInternal(Connector.java:978) 
    ... 13 more 
Caused by: java.net.BindException: Address already in use 
    at java.net.PlainSocketImpl.socketBind(Native Method) 
    at java.net.AbstractPlainSocketImpl.bind(AbstractPlainSocketImpl.java:376) 
    at java.net.ServerSocket.bind(ServerSocket.java:376) 
    at java.net.ServerSocket.<init>(ServerSocket.java:237) 
    at java.net.ServerSocket.<init>(ServerSocket.java:181) 
    at javax.net.ssl.SSLServerSocket.<init>(SSLServerSocket.java:136) 
    at sun.security.ssl.SSLServerSocketImpl.<init>(SSLServerSocketImpl.java:107) 
    at sun.security.ssl.SSLServerSocketFactoryImpl.createServerSocket(SSLServerSocketFactoryImpl.java:84) 
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:219) 
    at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:400) 
    ... 17 more 

以下是server.xml文件的內容。

<Connector port="443" SSLEnabled="true" protocol="org.apache.coyote.http11.Http11Protocol" 
      maxThreads="150" scheme="https" secure="true" 
      clientAuth="false" sslProtocol="TLS" 
      keystoreFile="tomcat.keystore" 
      keystorePass="test" keyAlias="aaa"/> 

什麼是keyAlias？爲什麼在刪除它是Binding異常之後得到異常？

Answer 1

KEYALIAS：

https://www.digicert.com/ssl-certificate-installation-tomcat.htm`

1. 當您導入證書到密鑰庫中，一般會給出一個 「別名」：

   keytool -import -trustcacerts -alias server -file your_site_name.p7b -keystore your_site_name.jks

2. 在您的服務器.xml，則必須聲明相同的「別名」：

   <Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="server" keystoreFile="/home/user_name/your_site_name.jks" keystorePass="your_keystore_password" />

3. 下面是其他一些鏈接，可以幫助：

https://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html

https://www.mulesoft.com/tcat/tomcat-ssl

https://wolfpaulus.com/jounal/mac/tomcat-ssl/

第二個問題，「不能綁定「：

至於‘使用地址’，我只想嘗試重新啓動服務器，看看Tomcat的正常啓動。

如果再次遇到錯誤，

1. 看着你的Tomcat的設置，看看你正在嘗試使用（如443）

2. 檢查您的系統，看看還有誰是哪個端口使用的端口（lsof的，NMAP等）：

http://www.howtogeek.com/howto/28609/how-can-i-tell-what-is-listening-on-a-tcpip-port-in-windows/

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/3/html/Security_Guide/s1-server-ports.html

Answer 2

這些錯誤是不相關的。

1. keyAlias記錄在Tomcat文檔中，這是您應該查找其含義的地方。
2. 您所犯的錯誤是不要使用您在生成密鑰對時使用的相同別名導入簽名證書。它們必須相同才能使keytool將密鑰對與證書相關聯，並創建一個密鑰條目而不是證書條目。
3. BindException意味着一些其他進程，可能是之前尚未退出的Tomcat調用，正在使用該端口。或者您可能已經配置了兩個連接器以使用相同的端口。它只在正確配置SSL連接器時顯示爲錯誤。