[英]what is keyAlias=“aaaa” in tomcat server.xml file
I have SSL certificate purchased and installed into tomcat. 我已购买SSL证书并将其安装到tomcat中。 I created
tomcat.keystore
file which I include in server.xml
file also put password but not able to understand keyAlias="aaa"
. 我创建了
tomcat.keystore
文件,该文件包含在server.xml
文件中,该文件也放置了密码,但无法理解keyAlias="aaa"
。 If I put keyAlias="localhost" then I get exception given below. 如果我把keyAlias =“ localhost”放进下面的异常中。 And if I remove
keyAlias
itself from the Connector tag then I get another exception which is given below next localhost
exception. 如果我从Connector标记中删除
keyAlias
本身,则会得到另一个异常,该异常在下一个localhost
异常下给出。
java.io.IOException: Alias name localhost does not identify a key entry
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:588)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:526)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:471)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:218)
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:400)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:649)
Here is exception after removing keyAlias
itself from the Connector
tag. 这是从
Connector
标记中删除keyAlias
本身之后的异常。
Aug 08, 2015 2:39:18 PM org.apache.catalina.core.StandardService initInternal
SEVERE: Failed to initialize connector [Connector[HTTP/1.1-443]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-443]]
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:821)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:638)
at org.apache.catalina.startup.Catalina.load(Catalina.java:663)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)
Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:980)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
... 12 more
Caused by: java.net.BindException: Address already in use <null>:443
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:413)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:649)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434)
at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:978)
... 13 more
Caused by: java.net.BindException: Address already in use
at java.net.PlainSocketImpl.socketBind(Native Method)
at java.net.AbstractPlainSocketImpl.bind(AbstractPlainSocketImpl.java:376)
at java.net.ServerSocket.bind(ServerSocket.java:376)
at java.net.ServerSocket.<init>(ServerSocket.java:237)
at java.net.ServerSocket.<init>(ServerSocket.java:181)
at javax.net.ssl.SSLServerSocket.<init>(SSLServerSocket.java:136)
at sun.security.ssl.SSLServerSocketImpl.<init>(SSLServerSocketImpl.java:107)
at sun.security.ssl.SSLServerSocketFactoryImpl.createServerSocket(SSLServerSocketFactoryImpl.java:84)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:219)
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:400)
... 17 more
Following is the content of server.xml
file. 以下是
server.xml
文件的内容。
<Connector port="443" SSLEnabled="true" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="tomcat.keystore"
keystorePass="test" keyAlias="aaa"/>
What is that keyAlias
? 那
keyAlias
是什么? Why am I getting exception after removing it which is Binding exception ? 为什么删除绑定异常后得到异常?
KEYALIAS: KEYALIAS:
https://www.digicert.com/ssl-certificate-installation-tomcat.htm ` https:// www.digicert.com/ ssl- certificate- installation- tomcat.htm`
When you import your certificate into the keystore, you would typically give an "alias": 将证书导入密钥库时,通常会给出“别名”:
keytool -import -trustcacerts -alias server -file your_site_name.p7b -keystore your_site_name.jks
In your server.xml, you must then declare the same "alias": 然后,必须在server.xml中声明相同的 “别名”:
<Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="server" keystoreFile="/home/user_name/your_site_name.jks" keystorePass="your_keystore_password" />
Here are some other links that might help: 以下是一些其他链接可能会有所帮助:
https://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html https://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html
https://www.mulesoft.com/tcat/tomcat-ssl https://www.mulesoft.com/tcat/tomcat-ssl
https://wolfpaulus.com/jounal/mac/tomcat-ssl/ https://wolfpaulus.com/jounal/mac/tomcat-ssl/
SECOND ISSUE, "CAN'T BIND": 第二个问题,“无法绑定”:
As far as "address in use", I would simply try rebooting the server and see if Tomcat starts correctly. 至于“使用中的地址”,我只是尝试重新启动服务器,然后看看Tomcat是否正确启动。
If you encounter the error again, 如果再次遇到错误,
Look in your Tomcat settings to see which port you're trying to use (eg 443) 查看您的Tomcat设置,以查看要使用的端口(例如443)
Check your system to see who else is using the port (lsof, nmap, etc): 检查您的系统以查看还有谁在使用该端口(lsof,nmap等):
http://www.howtogeek.com/howto/28609/how-can-i-tell-what-is-listening-on-a-tcpip-port-in-windows/ http://www.howtogeek.com/howto/28609/how-can-i-tell-what-is-listening-on-a-tcpip-port-in-windows/
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/3/html/Security_Guide/s1-server-ports.html https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/3/html/Security_Guide/s1-server-ports.html
These errors are not related. 这些错误无关。
keyAlias
is documented in the Tomcat documentation, and that is where you should look for its meaning. keyAlias
,在那儿您应该寻找它的含义。 BindException
means that some other process, probably a prior invocation of Tomcat that hasn't exited yet, is using the port. BindException
意味着其他一些进程正在使用该端口,可能是尚未退出的Tomcat的先前调用。 Or possibly you have configured two Connectors to use the same port.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.