我已经尝试过可能的事情来让它工作。我有一个正在开发的网络应用程序。通过 json 与 java 后端对话的 javascript 前端。整个事情运行在嵌入式tomcat 8 实例上。在我尝试启用 ssl/tls 加密之前,它工作正常。
在添加 ssl 之前
Tomcat tomcat = new Tomcat();
String webappDirLocation = "src/main/webapp/";
String webPort = System.getenv("PORT");
if (webPort == null || webPort.isEmpty()) {
webPort = "8080";
}
tomcat.setPort(Integer.valueOf(webPort));
Connector connector = tomcat.getConnector();
connector.setURIEncoding("UTF-8");
tomcat.addWebapp("/", new File(webappDirLocation).getAbsolutePath());
System.out.println("configuring app with basedir: " + new File("./" + webappDirLocation).getAbsolutePath());
tomcat.start();
tomcat.getServer().await();
在我尝试使用自签名证书添加 ssl 之后。
Tomcat tomcat = new Tomcat();
String tmp = "1q2w3e4r5t";
String filePathToStore = "src/main/app/ssl/keystore.jks";
char[] keystorePasswordCharArray = tmp.toCharArray();
Connector httpsConnector = new Connector();
httpsConnector.setPort(8843);
httpsConnector.setSecure(true);
httpsConnector.setScheme("https");
httpsConnector.setAttribute("keyAlias", "tomcat");
httpsConnector.setAttribute("keystorePass", keystorePasswordCharArray);
httpsConnector.setAttribute("keystoreFile", new File(filePathToStore));
httpsConnector.setAttribute("clientAuth", "false");
httpsConnector.setAttribute("sslProtocol", "TLS");
httpsConnector.setAttribute("SSLEnabled", true);
Service service = tomcat.getService();
service.addConnector(httpsConnector);
Connector defaultConnector = tomcat.getConnector();
defaultConnector.setRedirectPort(443);
String webappDirLocation = "src/main/webapp/";
Connector connector = tomcat.getConnector();
connector.setURIEncoding("UTF-8");
tomcat.addWebapp("/", new File(webappDirLocation).getAbsolutePath());
System.out.println("configuring app with basedir: " + new File("./" + webappDirLocation).getAbsolutePath());
tomcat.start();
tomcat.getServer().await();
我只想要一个简单的、理想地嵌入的 Web 服务,这样部署和配置就很简单。
为了生成密钥对,我使用了以下命令:
keytool -genkeypair -keystore keystore.jks -keyalg RSA -alias tomcat
然后我将 keystore.jks 复制到我的 app/ssl/ 目录中。
它将运行和编译没有错误。当我尝试在 https:\\localhost 访问该站点时,Firefox 抱怨:
(Error code: ssl_error_rx_record_too_long)
并且eclipse控制台会吐出一个痕迹
Jan 06, 2016 9:14:25 PM org.apache.coyote.http11.AbstractHttp11Processor process
INFO: Error parsing HTTP request header
Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Invalid character (CR or LF) found in method name at org.apache.coyote.http11.AbstractNioInputBuffer.parseRequestLine(AbstractNioInputBuffer.java:228)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1010)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:674)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
该站点仍可通过 http:\\localhost:443 访问我需要做什么才能安装证书?从密钥库中导出并将其放入我的浏览器?我希望只是一个警告信息。
继续排除故障,我发现了一个名为 SSLPoke 的简单程序,这是我得到的错误:
java SSLPoke localhost 443
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at sun.security.ssl.InputRecord.handleUnknownRecord(Unknown Source)
at sun.security.ssl.InputRecord.read(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source)
at sun.security.ssl.AppOutputStream.write(Unknown Source)
at sun.security.ssl.AppOutputStream.write(Unknown Source)
at SSLPoke.main(SSLPoke.java:23)
因此,即使我在此处列出,我的连接似乎也不会说 https,但仍然无法弄清楚。