我試圖通過https在遠程服務器上連接到Tomcat;我找到了很多答案,但沒有人爲我工作;我在Ubuntu Server 14.04上使用Apache,Tomcat 7。Tomcat 7和無效的密鑰庫格式
首先,我創建的證書密鑰庫寫作:
keytool -genkey -alias tomcat -keyalg RSA
後,我已經編輯 「/etc/tomcat7/server.xml」 使用SSL端口8443:
<Connector port="8443" SSLEnabled="true"
protocol="org.apache.coyote.http11.Http11Protocol"
keystoreType="JKS"
maxThreads="150" scheme="https" secure="true"
keystoreFile="/usr/lib/jvm/java-7-openjdk-amd64/bin/keytool"
keystorePass="***********" keyAlias="tomcat"
clientAuth="false" sslProtocol="TLS"/>
哪裏**********是密碼;通過重啓動Tomcat:
sudo service tomcat7 restart
我收到以下錯誤文件 「/var/log/tomcat7/catalina.out」:
SEVERE: Failed to initialize connector [Connector[HTTP/1.1-8443]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8443]]
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:813)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:638)
at org.apache.catalina.startup.Catalina.load(Catalina.java:663)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)
Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:980)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
... 12 more
Caused by: java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:650)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
at java.security.KeyStore.load(KeyStore.java:1214)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:392)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:291)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:549)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:489)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:434)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:181)
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:397)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:640)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434)
at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:978)
... 13 more
密鑰庫類型爲JKS,我
$JAVA_HOME/bin/keytool -list
已返回:
「VE通過命令驗證它Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
tomcat, 17-Oct-2015, PrivateKeyEntry,
Certificate fingerprint (SHA1): 33:14:32:DD:DA:20:BF:CF:70:32:F5:0E:E9:F1:C1:5B:4E:C3:DB:AB
其中$ JAVA_HOME是「/ usr/lib/jvm/java-7-openjdk-amd64」;
因此,當我嘗試連接到「https://myServerIp:8443/」或「https://myDomainName:8443/」時,出現「無法連接」錯誤。
'keytool'是用於管理密鑰存儲,所以我想爲密鑰存儲文件的路徑程序(/ usr/lib中/ JVM/Java的7-的OpenJDK,AMD64 /斌/ keytool' )在你的tomcat配置中是不正確的。 – Titus
@Titus如果我運行'/ usr/lib/jvm/java-7 -openjdk-amd64/bin/keytool -list'(這與編寫'$ JAVA_HOME/bin/keytool -list'相同),它給了我問題底部的數據,是否意味着這是一個正確的密鑰庫文件? – Daniele
在Linux系統中,當您調用'keytool -list'時,'keytool'程序將讀取該文件('.keystore') – Titus