堆栈内存溢出
  简体   繁体   English

将 SSL 证书安装到 tomcat 服务器后连接被拒绝

[英]Connection refused after installing SSL certificates into tomcat server

 原文  2017-03-07 06:52:46       java/ tomcat/ ssl

问题描述

I got 3 security certificates from godaddy.我从 Godaddy 获得了 3 个安全证书。

1. gdig2.crt --- intermediate certificate 1. gdig2.crt ---中级证书

2. gd_bundle-g2-g1.crt ---- root certificate 2.gd_bundle-g2-g1.crt ----根证书

3. 731e59c245c09675.crt ----- certificate issued 3. 731e59c245c09675.crt -----证书颁发

I created keystore using keytool and cofigured all three above certificates like this.我使用 keytool 创建了密钥库,并像这样配置了上述所有三个证书。

1.configuring root certificate 1.配置根证书

keytool -import -alias root -keystore /home/ec2-user/Temp/keystoreft -trustcacerts -file /home/ec2-user/Temp/gd_bundle-g2-g1.crt keytool -import -alias root -keystore /home/ec2-user/Temp/keystoreft -trustcacerts -file /home/ec2-user/Temp/gd_bundle-g2-g1.crt

2.configuring intermediated certificate 2.配置中间证书

keytool -import -alias intermed -keystore /home/ec2-user/Temp/keystoreft -trustcacerts -file /home/ec2-user/Temp/gdig2.crt keytool -import -alias intermed -keystore /home/ec2-user/Temp/keystoreft -trustcacerts -file /home/ec2-user/Temp/gdig2.crt

3.configuring other certificate 3.配置其他证书

keytool -import -alias tomcat -keystore /home/ec2-user/Temp/keystoreft -trustcacerts -file /home/ec2-user/Temp/731e59c245c09675.crt keytool -import -alias tomcat -keystore /home/ec2-user/Temp/keystoreft -trustcacerts -file /home/ec2-user/Temp/731e59c245c09675.crt

configuring tomcat to use ssl certificates in server.xml file在 server.xml 文件中配置 tomcat 以使用 ssl 证书

 <connector port="8443" protocol="HTTP/1.1" maxThreads="150" scheme="https" secure="true" SSLEnabled="true" keystoreFile="/home/ec2-user/Temp/keystoreft" keystorePass="12345678" clientAuth="false" keyAlias="keystoreft" sslProtocol="TLS"/>

when i try to access the website it is giving error connection refused exception on browser.当我尝试访问该网站时,它在浏览器上出现错误连接拒绝异常。

4 个解决方案

解决方案1
 3  2017-03-07 07:24:51

'Connection refused' has nothing to do with certificates or SSL whatsoever. “连接被拒绝”与证书或 SSL 无关。 It means there was nothing listening at the IP:port named.这意味着在指定的 IP:port 上没有任何监听。 Check your Connector configuration in server.xml.检查 server.xml 中的连接器配置。 Note that it is listening on 8443, not 443 which is the default, so you have to include :8443 in the URL.请注意,它正在侦听 8443,而不是默认的 443,因此您必须在 URL 中包含 :8443。

In step 3 you are presumably importing your own signed certificate, in which case you must (a) omit the -trustcacerts argument and (b) use the same alias that you did when generating the key pair and CSR.在第 3 步中,您可能要导入自己的签名证书,在这种情况下,您必须 (a) 省略-trustcacerts参数,并且 (b) 使用与生成密钥对和 CSR 时相同的别名。

解决方案2
 1  2020-10-11 22:47:19

I was facing same issue in Tomcat9 after following the documentation from CA.在遵循 CA 的文档后,我在 Tomcat9 中遇到了同样的问题。 I fixed them as follows我固定它们如下

Add the following configuration in server.xml在server.xml中添加如下配置

<Connector SSLEnabled="true" acceptCount="100" clientAuth="false" 
       disableUploadTimeout="true" enableLookups="false" 
       keystoreFile="<jks_file_name>" keystorePass="<password>" 
       maxThreads="25" port="8443" 
       protocol="org.apache.coyote.http11.Http11NioProtocol" 
       scheme="https" secure="true" sslProtocol="TLS"/>

解决方案3
 0  2019-08-30 07:28:50

I ran into the same problem, the issue is Wrong Keystore Password .我遇到了同样的问题,问题是Wrong Keystore Password

Updating the keystore password will solve the issue.更新密钥库密码将解决该问题。 Also look in your logs to see more details.还可以查看您的日志以查看更多详细信息。

解决方案4
 -2  2018-08-05 17:23:37

Please use 8443 in the url of the browser it should work.请在浏览器的 url 中使用 8443 它应该可以工作。

Also ensure you have opened 8443 in the server security settings or firewall, Note if you are using AWS, then plz make sure HTTPS is opened for inbound access.还要确保您在服务器安全设置或防火墙中打开了 8443,请注意,如果您使用的是 AWS,请确保为入站访问打开了 HTTPS。

third, if you think u need to map 8443 to port 80 (default one).第三,如果您认为您需要将 8443 映射到端口 80(默认值)。 use the below command.使用下面的命令。

Changing traffic:改变交通:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8443 <br>

Remove routing:删除路由:

iptables -t nat -D PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8443 <br>

Make sure that if you aren't admin or root, just add sudo .确保如果您不是管理员或 root,只需添加sudo

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 SSL握手后连接被拒绝 - Connection refused after SSL handshake 在 Tomcat 服务器上从 Ionos 安装 SSL 证书,“未找到 Android SSL 连接的信任锚点” - Installing SSL certificate from Ionos on Tomcat server, "Trust Anchor not found for Android SSL Connection" 安装SSL证书后,Glassfish对HTTPS没有响应 - Glassfish no response on HTTPS after installing SSL-certificates Tomcat 7拒绝连接 - Connection refused with Tomcat 7 Java SSL连接被拒绝 - Java SSL connection refused 远程Tomcat服务器:java.net.ConnectException:连接被拒绝 - remote Tomcat server : java.net.ConnectException: Connection refused 将75个客户端连接到服务器后,连接被拒绝 - Connection refused after connecting 75 clients to server 拒绝Tomcat连接的Netbeans调试 - Netbeans Debugging with Tomcat Connection Refused SSL 证书导入需要在 Tomcat 或 JDK 中完成 - SSl Certificates import need to be done in Tomcat or JDK 如何将SSL证书添加到Docker容器中的Tomcat? - How to add SSL certificates to Tomcat in Docker container?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM