[英]Tomcat godaddy ssl certificate private keys error
I have purchased an ssl certificate from godaddy and am having some trouble configuring it to run with Tomcat. 我已经从godaddy购买了ssl证书,并且在配置它与Tomcat一起运行时遇到了一些麻烦。 In particular I get the following error message :
特别是我得到以下错误消息:
java.security.KeyStoreException: Cannot store non-PrivateKeys
Godaddy gives 3 files for the certificate, and I have attempted to add these to the keystore as follows : Godaddy提供了3个证书文件,我尝试将它们添加到密钥库中,如下所示:
keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file gd_bundle-g2-g1.crt
keytool -import -alias intermed -keystore tomcat.keystore -trustcacerts -file gdig2.crt.pem
keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file <random hex string>.crt
which I found here : http://www.calamitycoder.com/WebSiteNotes/goDaddySHA2SSL.php 我在这里找到的网址 : http : //www.calamitycoder.com/WebSiteNotes/goDaddySHA2SSL.php
I have configured Tomcat's server.xml as : 我已经将Tomcat的server.xml配置为:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
keystoreFile="${user.home}/tomcat.keystore" keystorePass="password"
clientAuth="false" sslProtocol="TLS">
` `
The Tomcat version is 8.5.20. Tomcat版本是8.5.20。
Any help would be greatly appreciated. 任何帮助将不胜感激。 Not sure if this is the Tomcat version as I have not found much regarding this error after many hours of searching.
不确定这是否是Tomcat版本,因为经过许多小时的搜索后,我并未发现太多有关此错误的信息。 Thanks !
谢谢 !
Update : 更新:
I deleted the current keys : 我删除了当前键:
sudo keytool -delete -alias root -keystore tomcat.keystore
sudo keytool -delete -alias intermed -keystore tomcat.keystore
sudo keytool -delete -alias tomcat -keystore tomcat.keystore
and added the keys as recommended in the comments : 并添加了注释中建议的键:
keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file gd_bundle-g2-g1.crt
keytool -import -alias tomcat -keystore tomcat.keystore -file <random hex string>.crt
but unfortunately find the same error : 但不幸的是发现了同样的错误:
Caused by: java.security.KeyStoreException: Cannot store non-PrivateKeys
at sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:258)
at sun.security.provider.JavaKeyStore$JKS.engineSetKeyEntry(JavaKeyStore.java:56)
at sun.security.provider.KeyStoreDelegator.engineSetKeyEntry(KeyStoreDelegator.java:117)
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineSetKeyEntry(JavaKeyStore.java:70)
at java.security.KeyStore.setKeyEntry(KeyStore.java:1140)
at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:226)
I will continue to play around with this, any additional ideas are most welcome. 我将继续尝试,任何其他想法都将受到欢迎。 Thank you !
谢谢 !
Additional Research: 其他研究:
Godaddy Cert 哥达迪证书
CentOS 7.3.1611 CentOS 7.3.1611
Only Change - Tomcat 8.5.20 upgraded from 8.5.3 唯一更改-Tomcat 8.5.20从8.5.3升级
conf/server.xml conf / server.xml
Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="tomcat.keystore" keystorePass="secret"
clientAuth="false" ciphers="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA"
sslProtocol="TLSv1.2"
Works in Tomcat 8.5.3 But in 8.5.20 在Tomcat 8.5.3中工作,但在8.5.20中工作
org.apache.coyote.AbstractProtocol.init Failed to initialize end point associated with ProtocolHandler ["https-jsse-nio-8443"]
java.lang.IllegalArgumentException: java.security.KeyStoreException: Cannot store non-PrivateKeys
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:85)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:225)
Change it to direct using of certificate files. 更改它以直接使用证书文件。 And also add key file to the configuration.
并且还将密钥文件添加到配置中。
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateKeyFile="conf/*.key"
certificateFile="conf/<random hex string>.crt"
certificateChainFile="conf/gd_bundle-g2-g1.crt"
type="RSA" />
</SSLHostConfig>
</Connector>
Since 8.5.20 I had the same error message with my certificates and I had to explicitly set the alias with 从8.5.20开始,我的证书带有相同的错误消息,因此我必须使用
<Connector keyAlias="tomcat" .... >
in the connector. 在连接器中。 Before I added the alias Tomcat tried to use the included CA certificate and failed.
在添加别名之前,Tomcat尝试使用随附的CA证书失败。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.