堆栈内存溢出
  简体   繁体   English

ssl tomcat证书错误

[英]ssl tomcat certificate error

 原文  2011-03-14 11:20:13       tomcat/ ssl

问题描述

I followed the following steps at http://www.globalsign.com/support/install/install_tomcat.php , using the following entry in server.xml : 我使用server.xml的以下条目在http://www.globalsign.com/support/install/install_tomcat.php上执行了以下步骤: 

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" 
    keystoreFile="D:\Tomcat\ukdp.keystore" keystorePass="123456" keyAlias="ukdp"
           maxThreads="150" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS" />

But the following exception occurs during startup: 但是在启动期间发生以下异常: 

SEVERE: Error initializing endpoint
java.io.IOException: Alias name ukdp does not identify a key entry
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:412)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:378)
at 

org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:125)
    at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:496)
    at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:177)
    at org.apache.catalina.connector.Connector.initialize(Connector.java:1059)
    at org.apache.catalina.core.StandardService.initialize(StandardService.java:677)
    at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:792)
    at org.apache.catalina.startup.Catalina.load(Catalina.java:518)
    at org.apache.catalina.startup.Catalina.load(Catalina.java:538)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:260)
    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412)
Mar 14, 2011 4:14:56 PM org.apache.catalina.startup.Catalina load

When I remove the keyAlias entry as follows: 当我删除keyAlias条目时,如下所示: 

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" 
keystoreFile="D:\Tomcat\ukdp.keystore" keystorePass="123456" 
       maxThreads="150" scheme="https" secure="true"
       clientAuth="false" sslProtocol="TLS" />

The following exception occurs during startup: 启动期间发生以下异常: 

SEVERE: Socket accept failed
java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:150)
    at org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:310)
    at java.lang.Thread.run(Unknown Source)
Mar 14, 2011 4:20:31 PM org.apache.tomcat.util.net.JIoEndpoint$Acceptor run
SEVERE: Socket accept failed
java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:150)
    at org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:310)
    at java.lang.Thread.run(Unknown Source)
Mar 14, 2011 4:20:31 PM org.apache.tomcat.util.net.JIoEndpoint$Acceptor run
SEVERE: Socket accept failed

2 个解决方案

解决方案1
 16  2012-08-16 09:22:17

List the entires in the keystore using 使用列出密钥库中的entires 

keytool -list -keystore D:\Tomcat\ukdp.keystore -storepass 123456

If the entry isn't there, you need to import it as a PrivateKeyEntry . 如果该条目不存在,则需要将其作为PrivateKeyEntry导入。 If it's there, see that it's type is PrivateKeyEntry and not trustedCertEntry . 如果它在那里,请看它的类型是PrivateKeyEntry而不是trustedCertEntry

If the type is trustedCertEntry and you want to change it, the process I found is as follows: 如果类型是trustedCertEntry并且您想要更改它,我找到的过程如下: 

#Convert to the key type to pkcs12
openssl pkcs12 -export -inkey myserverkey.key -in myserver.crt -out tempstore.p12


#Import to keystore:
keytool -importkeystore -srckeystore tempstore.p12 -srcstoretype PKCS12 -destkeystore keystore.jks

#List:
keytool -list -v -keystore keystore.jks
#Note the alias, usually gets "1", we need to change it

#Change alias:
keytool -changealias -alias 1 -destalias mywantedkeyalias -keystore keystore.jks

With the obvious changes of myserverkey.key , myserver.crt , keystore.jks and mywantedkeyalias 随着myserverkey.keymyserver.crtkeystore.jksmywantedkeyalias的明显变化

解决方案2
 5 已采纳  2011-03-14 11:46:13

What's in your keystore for a start. 什么在你的密钥库中开始。 

keytool -list -keystore D:\Tomcat\ukdp.keystore -storepass 123456

If there is really no "udkp" key here's your problem. 如果真的没有“udkp”键这就是你的问题。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Tomcat Godaddy SSL证书私钥错误 - Tomcat godaddy ssl certificate private keys error Tomcat 和 SSL 客户端证书 - Tomcat and SSL Client certificate tomcat 上的 SSL 带通配符证书 - SSL on tomcat with wildcard certificate Tomcat - SSL 证书配置 - Tomcat - SSL certificate configure SSL通配符证书进入Tomcat - SSL Wildcard Certificate into Tomcat 使用ubuntu上的APR库配置带有SSL证书的tomcat时出错 - Error on Configure tomcat with SSL certificate using APR library on ubuntu Ubuntu中Tomcat7上的JAVA应用程序中的SSL证书错误 - SSL Certificate Error in a JAVA application on Tomcat7 in Ubuntu 使用证书.cer在Tomcat上安装SSL - Install SSL on Tomcat with certificate .cer 在Tomcat中安装更新的SSL证书 - Install a renewed SSL certificate in Tomcat Tomcat SSL:找不到可信证书 - Tomcat SSL: No trusted certificate found
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM