stackoom
  简体   繁体   中英

tomcat startup error post ssl certificate setup

 原文  2018-01-30 12:30:57       java/ ssl-certificate/ tomcat8/ pfx

Question

I am getting the below error when starting the server 

30-Jan-2018 07:04:54.821 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8443"]
**30-Jan-2018 07:04:55.157 SEVERE [main] org.apache.coyote.AbstractProtocol.init Failed to initialize end point associated with ProtocolHandler ["http-nio-8443"]
 java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.**
        at sun.security.util.DerInputStream.getLength(DerInputStream.java:561)
        at sun.security.util.DerValue.init(DerValue.java:365)
        at sun.security.util.DerValue.<init>(DerValue.java:320)
        at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1914)
        at java.security.KeyStore.load(KeyStore.java:1445)
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:424)
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:323)
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:581)
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:521)
        at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:357)
        at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:732)
        at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:457)
        at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:120)
        at org.apache.catalina.connector.Connector.initInternal(Connector.java:960)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
        at org.apache.catalina.core.StandardService.initInternal(StandardService.java:567)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
        at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:851)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:576)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:599)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:497)
        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:310)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:484)

**30-Jan-2018 07:04:55.159 SEVERE [main] org.apache.catalina.core.StandardService.initInternal Failed to initialize connector [Connector[HTTP/1.1-8443]]**
 org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8443]]
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
        at org.apache.catalina.core.StandardService.initInternal(StandardService.java:567)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
        at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:851)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)

Any idea anyone. I have defined the connectors in server.xml but I am not so sure about the ssl certificate. I had a .pfx certificate with me. I then created a keystore, imported the certificate and then configured the connectors.then I used this keystore in server.xml

2 answers

solution1
 1 ACCPTED  2018-02-02 07:51:10

with pfx file, there is no need to create a key store as you can directly use pfx file and password inside your connector 

 <Connector server="Application Server" port="8443" protocol="$PROTOCOL"
           maxThreads="100" SSLEnabled="true" scheme="https" secure="true"
           keystoreFile="${PFX_FILE}" keystorePass="${PFX_PWD}"
           keystoreType="PKCS12" clientAuth="false" sslProtocol="TLS" connectionTimeout="80000"/>

solution2
 1  2018-02-02 09:15:40

I then created a keystore, imported the certificate, and then configured the connectors

Not sufficient. You also needed to import the private key. Or use the PFX as a keystore directly.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question SSL Certificate Error in a JAVA application on Tomcat7 in Ubuntu SSL certificate error when we replacing with new PKI in tomcat server EV SSL Certificate in Tomcat7 Install SSL on Tomcat with certificate .cer Install a renewed SSL certificate in Tomcat Error on Tomcat Embedded startup Tomcat server startup error httpclient got a “SSL certificate error” when post to https in glassfish servlet SSL Certificate Chain error SSL Bad Certificate error
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM