![](/img/trans.png)
[英]GoDaddy SSL Certificate installation in tomcat… No certificate matches private key
[英]Tomcat godaddy ssl certificate private keys error
我已经从godaddy购买了ssl证书,并且在配置它与Tomcat一起运行时遇到了一些麻烦。 特别是我得到以下错误消息:
java.security.KeyStoreException: Cannot store non-PrivateKeys
Godaddy提供了3个证书文件,我尝试将它们添加到密钥库中,如下所示:
keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file gd_bundle-g2-g1.crt
keytool -import -alias intermed -keystore tomcat.keystore -trustcacerts -file gdig2.crt.pem
keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file <random hex string>.crt
我在这里找到的网址 : http : //www.calamitycoder.com/WebSiteNotes/goDaddySHA2SSL.php
我已经将Tomcat的server.xml配置为:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
keystoreFile="${user.home}/tomcat.keystore" keystorePass="password"
clientAuth="false" sslProtocol="TLS">
`
Tomcat版本是8.5.20。
任何帮助将不胜感激。 不确定这是否是Tomcat版本,因为经过许多小时的搜索后,我并未发现太多有关此错误的信息。 谢谢 !
更新:
我删除了当前键:
sudo keytool -delete -alias root -keystore tomcat.keystore
sudo keytool -delete -alias intermed -keystore tomcat.keystore
sudo keytool -delete -alias tomcat -keystore tomcat.keystore
并添加了注释中建议的键:
keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file gd_bundle-g2-g1.crt
keytool -import -alias tomcat -keystore tomcat.keystore -file <random hex string>.crt
但不幸的是发现了同样的错误:
Caused by: java.security.KeyStoreException: Cannot store non-PrivateKeys
at sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:258)
at sun.security.provider.JavaKeyStore$JKS.engineSetKeyEntry(JavaKeyStore.java:56)
at sun.security.provider.KeyStoreDelegator.engineSetKeyEntry(KeyStoreDelegator.java:117)
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineSetKeyEntry(JavaKeyStore.java:70)
at java.security.KeyStore.setKeyEntry(KeyStore.java:1140)
at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:226)
我将继续尝试,任何其他想法都将受到欢迎。 谢谢 !
其他研究:
哥达迪证书
CentOS 7.3.1611
唯一更改-Tomcat 8.5.20从8.5.3升级
conf / server.xml
Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="tomcat.keystore" keystorePass="secret"
clientAuth="false" ciphers="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA"
sslProtocol="TLSv1.2"
在Tomcat 8.5.3中工作,但在8.5.20中工作
org.apache.coyote.AbstractProtocol.init Failed to initialize end point associated with ProtocolHandler ["https-jsse-nio-8443"]
java.lang.IllegalArgumentException: java.security.KeyStoreException: Cannot store non-PrivateKeys
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:85)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:225)
更改它以直接使用证书文件。 并且还将密钥文件添加到配置中。
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateKeyFile="conf/*.key"
certificateFile="conf/<random hex string>.crt"
certificateChainFile="conf/gd_bundle-g2-g1.crt"
type="RSA" />
</SSLHostConfig>
</Connector>
从8.5.20开始,我的证书带有相同的错误消息,因此我必须使用
<Connector keyAlias="tomcat" .... >
在连接器中。 在添加别名之前,Tomcat尝试使用随附的CA证书失败。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.