堆栈内存溢出
  简体   繁体   English

InvalidAlgorithmParameterException:从 Tomcat 7 升级时,trustAnchors 参数必须为非空

[英]InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty on upgrading from Tomcat 7

 原文  2021-05-01 10:50:04       java/ ssl/ tomcat/ ssl-certificate/ tomcat8

问题描述

I have gone through several questions and answers regarding this but still unable to fix the issue.我已经经历了几个关于这个问题的问题和答案,但仍然无法解决这个问题。

I am upgrading from Tomcat 7 to 8.5.我正在从 Tomcat 7 升级到 8.5。 I have copied the server.xml, web.xml and context.xml from the old server to the new one. I have copied the server.xml, web.xml and context.xml from the old server to the new one. The only change I made is commenting the following line from server.xml我所做的唯一更改是从 server.xml 中评论以下行

<!--Listener className="org.apache.catalina.core.JasperListener" /-->

Connector port specification is as follows:连接器端口规格如下:

<Connector port="50000" protocol="org.apache.coyote.http11.Http11Protocol"
           SSLEnabled="true" acceptCount="100" debug="0" maxProcessors="75"
           minProcessors="5" server="Server for App" clientAuth="false"
           sslProtocol="TLS"  maxThreads="150" scheme="https" secure="true"
           sslEnabledProtocols="TLSv1.2" keystoreFile="/location/keystore.p12"
           truststoreType="PKCS12" keystoreType="PKCS12" keystorePass="***"
           truststoreFile="/location/keystore.p12" truststorePass="***"
           ciphers="***" connectionTimeout="60000" />

Starting Tomcat produces the following error:启动 Tomcat 会产生以下错误:

    SEVERE [main] org.apache.catalina.core.StandardService.initInternal Failed to initialize connector [Connector[org.apache.coyote.http11.Http11Protocol-50000]]
            org.apache.catalina.LifecycleException: Protocol handler initialization failed
                    at org.apache.catalina.connector.Connector.initInternal(Connector.java:1076)
                    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
                    at org.apache.catalina.core.StandardService.initInternal(StandardService.java:552)
                    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
                    at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:846)
                    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
                    at org.apache.catalina.startup.Catalina.load(Catalina.java:639)
                    at org.apache.catalina.startup.Catalina.load(Catalina.java:662)
                    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
                    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                    at java.lang.reflect.Method.invoke(Method.java:498)
                    at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:302)
                    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:472)
            Caused by: java.lang.IllegalArgumentException: the trustAnchors parameter must be non-empty
                    at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:100)
                    at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:72)
                    at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:247)
                    at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1143)
                    at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:222)
                    at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:599)
                    at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:80)
                    at org.apache.catalina.connector.Connector.initInternal(Connector.java:1074)
                    ... 13 more
            Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
                    at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
                    at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:157)
                    at java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:130)
                    at org.apache.tomcat.util.net.SSLUtilBase.getParameters(SSLUtilBase.java:501)
                    at org.apache.tomcat.util.net.SSLUtilBase.getTrustManagers(SSLUtilBase.java:432)
                    at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:245)
                    at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:98)
                    ... 20 more

Setting -Djavax.net.debug=all did not produce much additional clue.设置-Djavax.net.debug=all并没有产生太多额外的线索。

I believe this has something to do with certificates but if I run the old Tomcat 7 with the same settings, it works just fine.我相信这与证书有关,但如果我使用相同的设置运行旧的 Tomcat 7,它就可以正常工作。 Any help is much appreciated.任何帮助深表感谢。

1 个解决方案

解决方案1
 1 已采纳  2021-05-02 08:10:59

Turns out the keystore requires a TrustedCertEntry and it only has a PrivateKeyEntry.原来密钥库需要一个 TrustedCertEntry,它只有一个 PrivateKeyEntry。 I imported one global trusted certificate using keytool and the issue is resolved.我使用 keytool 导入了一个全球可信证书,问题得到解决。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 InvalidAlgorithmParameterException:trustAnchors参数必须为非空 - InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty 如何修复 java.security.InvalidAlgorithmParameterException:连接到 elasticsearch 时 trustAnchors 参数必须为非空 - How to fix java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty when connecting to elasticsearch 客户端身份验证 Tomcat - trustAnchors 参数必须为非空 - Client Authentication Tomcat - trustAnchors parameter must be non-empty 如何在scala的构建工具(sbt)中修复“InvalidAlgorithmParameterException:trustAnchors参数必须为非空”? - How to fix “InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty” in scala's build tool (sbt)? 意外错误:java.security.InvalidAlgorithmParameterException:trustAnchors 参数必须为非空 - Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty javax.net.ssl.SSLException:java.security.InvalidAlgorithmParameterException:trustAnchors参数必须为非空 - javax.net.ssl.SSLException: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty 执行mvn clean程序包时出错:InvalidAlgorithmParameterException:trustAnchors参数必须为非空 - Error on executing mvn clean package: InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty Maven 错误:(重复)java.security.InvalidAlgorithmParameterException:trustAnchors 参数必须为非空 - Maven Error: (repeated) java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty OSX:trustAnchors 参数必须非空 - OSX: the trustAnchors parameter must be non-empty 错误 - trustAnchors 参数必须非空 - Error - trustAnchors parameter must be non-empty
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM