tomcat server.xml文件中的keyAlias =“ aaaa”是什么
[英]what is keyAlias=“aaaa” in tomcat server.xml file
问题描述
I have SSL certificate purchased and installed into tomcat. 
我已购买SSL证书并将其安装到tomcat中。 I created tomcat.keystore file which I include in server.xml file also put password but not able to understand keyAlias="aaa" . 我创建了tomcat.keystore文件,该文件包含在server.xml文件中,该文件也放置了密码,但无法理解keyAlias="aaa" 。 If I put keyAlias="localhost" then I get exception given below. 如果我把keyAlias =“ localhost”放进下面的异常中。 And if I remove keyAlias itself from the Connector tag then I get another exception which is given below next localhost exception. 如果我从Connector标记中删除keyAlias本身,则会得到另一个异常,该异常在下一个localhost异常下给出。
java.io.IOException: Alias name localhost does not identify a key entry
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:588)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:526)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:471)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:218)
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:400)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:649)
Here is exception after removing keyAlias itself from the Connector tag. 这是从Connector标记中删除keyAlias本身之后的异常。
Aug 08, 2015 2:39:18 PM org.apache.catalina.core.StandardService initInternal
SEVERE: Failed to initialize connector [Connector[HTTP/1.1-443]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-443]]
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:821)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:638)
at org.apache.catalina.startup.Catalina.load(Catalina.java:663)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)
Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:980)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
... 12 more
Caused by: java.net.BindException: Address already in use <null>:443
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:413)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:649)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434)
at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:978)
... 13 more
Caused by: java.net.BindException: Address already in use
at java.net.PlainSocketImpl.socketBind(Native Method)
at java.net.AbstractPlainSocketImpl.bind(AbstractPlainSocketImpl.java:376)
at java.net.ServerSocket.bind(ServerSocket.java:376)
at java.net.ServerSocket.<init>(ServerSocket.java:237)
at java.net.ServerSocket.<init>(ServerSocket.java:181)
at javax.net.ssl.SSLServerSocket.<init>(SSLServerSocket.java:136)
at sun.security.ssl.SSLServerSocketImpl.<init>(SSLServerSocketImpl.java:107)
at sun.security.ssl.SSLServerSocketFactoryImpl.createServerSocket(SSLServerSocketFactoryImpl.java:84)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:219)
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:400)
... 17 more
Following is the content of server.xml file. 以下是server.xml文件的内容。
<Connector port="443" SSLEnabled="true" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="tomcat.keystore"
keystorePass="test" keyAlias="aaa"/>
What is that keyAlias ? 那keyAlias是什么? Why am I getting exception after removing it which is Binding exception ? 为什么删除绑定异常后得到异常?
2 个解决方案
解决方案1
5 2015-08-08 19:08:23
KEYALIAS: KEYALIAS:
https://www.digicert.com/ssl-certificate-installation-tomcat.htm ` https:// www.digicert.com/ ssl- certificate- installation- tomcat.htm`
When you import your certificate into the keystore, you would typically give an "alias":
将证书导入密钥库时,通常会给出“别名”: keytool -import -trustcacerts -alias server -file your_site_name.p7b -keystore your_site_name.jksIn your server.xml, you must then declare the same "alias":
然后,必须在server.xml中声明相同的 “别名”: <Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="server" keystoreFile="/home/user_name/your_site_name.jks" keystorePass="your_keystore_password" />Here are some other links that might help:
以下是一些其他链接可能会有所帮助:
https://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html https://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html
https://www.mulesoft.com/tcat/tomcat-ssl https://www.mulesoft.com/tcat/tomcat-ssl
https://wolfpaulus.com/jounal/mac/tomcat-ssl/ https://wolfpaulus.com/jounal/mac/tomcat-ssl/
SECOND ISSUE, "CAN'T BIND": 第二个问题,“无法绑定”:
As far as "address in use", I would simply try rebooting the server and see if Tomcat starts correctly. 至于“使用中的地址”,我只是尝试重新启动服务器,然后看看Tomcat是否正确启动。
If you encounter the error again, 如果再次遇到错误,
Look in your Tomcat settings to see which port you're trying to use (eg 443)
查看您的Tomcat设置,以查看要使用的端口(例如443) Check your system to see who else is using the port (lsof, nmap, etc):
检查您的系统以查看还有谁在使用该端口(lsof,nmap等):
http://www.howtogeek.com/howto/28609/how-can-i-tell-what-is-listening-on-a-tcpip-port-in-windows/ http://www.howtogeek.com/howto/28609/how-can-i-tell-what-is-listening-on-a-tcpip-port-in-windows/
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/3/html/Security_Guide/s1-server-ports.html https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/3/html/Security_Guide/s1-server-ports.html
解决方案2
-2 2015-08-08 22:37:24
These errors are not related. 这些错误无关。
-
keyAliasis documented in the Tomcat documentation, and that is where you should look for its meaning.Tomcat文档中记录了keyAlias,在那儿您应该寻找它的含义。 - The error you have made is to not import the signed certificate with the same alias you used when generating the keypair. 您所犯的错误是不导入与生成密钥对时使用的别名相同的别名的签名证书。 They must be the same so that they keytool will associate the keypair with the certificate and create a key entry instead of a certificate entry. 它们必须相同,以便密钥工具将密钥对与证书关联,并创建密钥条目而不是证书条目。
- The
BindExceptionmeans that some other process, probably a prior invocation of Tomcat that hasn't exited yet, is using the port.BindException意味着其他一些进程正在使用该端口,可能是尚未退出的Tomcat的先前调用。 Or possibly you have configured two Connectors to use the same port.或者可能您已将两个连接器配置为使用同一端口。 It only shows up as an error when you configure the SSL connector correctly. 仅当正确配置SSL连接器时,它才会显示为错误。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.