0

我无法让 tomcat 加载自签名证书。我按照站点上的说明进行操作,修改了 server.xml 文件中的连接器,将安全约束添加到我的 tomcat.conf 文件中。以下是我的 catalina.out 的输出:

Using CATALINA_BASE:   /usr/share/tomcat5
Using CATALINA_HOME:   /usr/share/tomcat5
Using CATALINA_TMPDIR: /usr/share/tomcat5/temp
Using JRE_HOME:       /usr/lib/jvm/jre
Created MBeanServer with ID: -hnoxxr:gj0olj3z.0:s15425714.domainepardefaut.fr:1
17-Jan-11 2:13:25 AM org.apache.catalina.core.AprLifecycleListener lifecycleEvent
INFO: The Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/lib64/gcj-4.1.2
17-Jan-11 2:13:25 AM org.apache.coyote.http11.Http11BaseProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8081
17-Jan-11 2:13:26 AM org.apache.tomcat.util.net.jsse.JSSESocketFactory getStore
SEVERE: Exception trying to load keystore /usr/share/tomcat5/webapps/.keystore
java.security.KeyStoreException: JKS
   at java.security.KeyStore.getInstance(libgcj.so.7rh)
   at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(tomcat-util-5.5.23.jar.so)
   at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(tomcat-util-5.5.23.jar.so)
   at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(tomcat-util-5.5.23.jar.so)
   at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(tomcat-util-5.5.23.jar.so)
   at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(tomcat-util-5.5.23.jar.so)
   at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(tomcat-util-5.5.23.jar.so)
   at org.apache.coyote.http11.Http11BaseProtocol.init(tomcat-http-5.5.23.jar.so)
   at org.apache.catalina.connector.Connector.initialize(catalina-5.5.23.jar.so)
   at org.apache.catalina.core.StandardService.initialize(catalina-5.5.23.jar.so)
   at org.apache.catalina.core.StandardServer.initialize(catalina-5.5.23.jar.so)
   at org.apache.catalina.startup.Catalina.load(catalina-5.5.23.jar.so)
   at org.apache.catalina.startup.Catalina.load(catalina-5.5.23.jar.so)
   at java.lang.reflect.Method.invoke(libgcj.so.7rh)
   at org.apache.catalina.startup.Bootstrap.load(bootstrap.jar.so)
   at org.apache.catalina.startup.Bootstrap.main(bootstrap.jar.so)
17-Jan-11 2:13:26 AM org.apache.coyote.http11.Http11BaseProtocol init
SEVERE: Error initializing endpoint
java.io.IOException: Exception trying to load keystore /usr/share/tomcat5/webapps/.keystore: JKS
   at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(tomcat-util-5.5.23.jar.so)
   at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(tomcat-util-5.5.23.jar.so)
   at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(tomcat-util-5.5.23.jar.so)
   at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(tomcat-util-5.5.23.jar.so)
   at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(tomcat-util-5.5.23.jar.so)
   at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(tomcat-util-5.5.23.jar.so)
   at org.apache.coyote.http11.Http11BaseProtocol.init(tomcat-http-5.5.23.jar.so)
   at org.apache.catalina.connector.Connector.initialize(catalina-5.5.23.jar.so)
   at org.apache.catalina.core.StandardService.initialize(catalina-5.5.23.jar.so)
   at org.apache.catalina.core.StandardServer.initialize(catalina-5.5.23.jar.so)
   at org.apache.catalina.startup.Catalina.load(catalina-5.5.23.jar.so)
   at org.apache.catalina.startup.Catalina.load(catalina-5.5.23.jar.so)
   at java.lang.reflect.Method.invoke(libgcj.so.7rh)
   at org.apache.catalina.startup.Bootstrap.load(bootstrap.jar.so)
   at org.apache.catalina.startup.Bootstrap.main(bootstrap.jar.so)
17-Jan-11 2:13:26 AM org.apache.catalina.startup.Catalina load
SEVERE: Catalina.start
LifecycleException:  Protocol handler initialization failed: java.io.IOException: Exception trying to load keystore /usr/share/tomcat5/webapps/.keystore: JKS
   at org.apache.catalina.connector.Connector.initialize(catalina-5.5.23.jar.so)
   at org.apache.catalina.core.StandardService.initialize(catalina-5.5.23.jar.so)
   at org.apache.catalina.core.StandardServer.initialize(catalina-5.5.23.jar.so)
   at org.apache.catalina.startup.Catalina.load(catalina-5.5.23.jar.so)
   at org.apache.catalina.startup.Catalina.load(catalina-5.5.23.jar.so)
   at java.lang.reflect.Method.invoke(libgcj.so.7rh)
   at org.apache.catalina.startup.Bootstrap.load(bootstrap.jar.so)
   at org.apache.catalina.startup.Bootstrap.main(bootstrap.jar.so)
17-Jan-11 2:13:26 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 744 ms
17-Jan-11 2:13:26 AM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
17-Jan-11 2:13:26 AM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/5.5.23
17-Jan-11 2:13:26 AM org.apache.catalina.core.StandardHost start
INFO: XML validation disabled
17-Jan-11 2:13:26 AM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive myapp.war
17-Jan-11 2:13:26 AM org.apache.catalina.loader.WebappClassLoader validateJarFile
INFO: validateJarFile(/usr/share/tomcat5/webapps/myapp/WEB-INF/lib/servlet.jar) - jar not loaded. See Servlet Spec 2.3, section 9.7.2. Offending class: javax/servlet/Servlet.class
log4j:WARN No appenders could be found for logger (org.apache.commons.digester.Digester.sax).
log4j:WARN Please initialize the log4j system properly.
17-Jan-11 2:13:27 AM org.apache.catalina.startup.TldConfig lifecycleEvent
SEVERE: Error processing TLD files for context path /myapp
javax.servlet.ServletException: Exception processing TLD at resource path /WEB-INF/struts-tiles.tld in context /myapp
   at org.apache.catalina.startup.TldConfig.tldScanTld(catalina-5.5.23.jar.so)
   at org.apache.catalina.startup.TldConfig.execute(catalina-5.5.23.jar.so)
   at org.apache.catalina.startup.TldConfig.lifecycleEvent(catalina-5.5.23.jar.so)
   at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(catalina-5.5.23.jar.so)
   at org.apache.catalina.core.StandardContext.start(catalina-5.5.23.jar.so)
   at org.apache.catalina.core.ContainerBase.addChildInternal(catalina-5.5.23.jar.so)
   at org.apache.catalina.core.ContainerBase.addChild(catalina-5.5.23.jar.so)
   at org.apache.catalina.core.StandardHost.addChild(catalina-5.5.23.jar.so)
   at org.apache.catalina.startup.HostConfig.deployWAR(catalina-5.5.23.jar.so)
   at org.apache.catalina.startup.HostConfig.deployWARs(catalina-5.5.23.jar.so)
   at org.apache.catalina.startup.HostConfig.deployApps(catalina-5.5.23.jar.so)
   at org.apache.catalina.startup.HostConfig.start(catalina-5.5.23.jar.so)
   at org.apache.catalina.startup.HostConfig.lifecycleEvent(catalina-5.5.23.jar.so)
   at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(catalina-5.5.23.jar.so)
   at org.apache.catalina.core.ContainerBase.start(catalina-5.5.23.jar.so)
   at org.apache.catalina.core.StandardHost.start(catalina-5.5.23.jar.so)
   at org.apache.catalina.core.ContainerBase.start(catalina-5.5.23.jar.so)
   at org.apache.catalina.core.StandardEngine.start(catalina-5.5.23.jar.so)
   at org.apache.catalina.core.StandardService.start(catalina-5.5.23.jar.so)
   at org.apache.catalina.core.StandardServer.start(catalina-5.5.23.jar.so)
   at org.apache.catalina.startup.Catalina.start(catalina-5.5.23.jar.so)
   at java.lang.reflect.Method.invoke(libgcj.so.7rh)
   at org.apache.catalina.startup.Bootstrap.start(bootstrap.jar.so)
   at org.apache.catalina.startup.Bootstrap.main(bootstrap.jar.so)
17-Jan-11 2:13:29 AM org.apache.catalina.loader.WebappClassLoader validateJarFile
INFO: validateJarFile(/usr/share/tomcat5/webapps/ROOT/WEB-INF/lib/servlet.jar) - jar not loaded. See Servlet Spec 2.3, section 9.7.2. Offending class: javax/servlet/Servlet.class
log4j:WARN No appenders could be found for logger (org.apache.commons.digester.Digester.sax).
log4j:WARN Please initialize the log4j system properly.
17-Jan-11 2:13:29 AM org.apache.catalina.startup.TldConfig lifecycleEvent
SEVERE: Error processing TLD files for context path 
javax.servlet.ServletException: Exception processing TLD at resource path /WEB-INF/struts-tiles.tld in context 
   at org.apache.catalina.startup.TldConfig.tldScanTld(catalina-5.5.23.jar.so)
   at org.apache.catalina.startup.TldConfig.execute(catalina-5.5.23.jar.so)
   at org.apache.catalina.startup.TldConfig.lifecycleEvent(catalina-5.5.23.jar.so)
   at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(catalina-5.5.23.jar.so)
   at org.apache.catalina.core.StandardContext.start(catalina-5.5.23.jar.so)
   at org.apache.catalina.core.ContainerBase.addChildInternal(catalina-5.5.23.jar.so)
   at org.apache.catalina.core.ContainerBase.addChild(catalina-5.5.23.jar.so)
   at org.apache.catalina.core.StandardHost.addChild(catalina-5.5.23.jar.so)
   at org.apache.catalina.startup.HostConfig.deployDirectory(catalina-5.5.23.jar.so)
   at org.apache.catalina.startup.HostConfig.deployDirectories(catalina-5.5.23.jar.so)
   at org.apache.catalina.startup.HostConfig.deployApps(catalina-5.5.23.jar.so)
   at org.apache.catalina.startup.HostConfig.start(catalina-5.5.23.jar.so)
   at org.apache.catalina.startup.HostConfig.lifecycleEvent(catalina-5.5.23.jar.so)
   at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(catalina-5.5.23.jar.so)
   at org.apache.catalina.core.ContainerBase.start(catalina-5.5.23.jar.so)
   at org.apache.catalina.core.StandardHost.start(catalina-5.5.23.jar.so)
   at org.apache.catalina.core.ContainerBase.start(catalina-5.5.23.jar.so)
   at org.apache.catalina.core.StandardEngine.start(catalina-5.5.23.jar.so)
   at org.apache.catalina.core.StandardService.start(catalina-5.5.23.jar.so)
   at org.apache.catalina.core.StandardServer.start(catalina-5.5.23.jar.so)
   at org.apache.catalina.startup.Catalina.start(catalina-5.5.23.jar.so)
   at java.lang.reflect.Method.invoke(libgcj.so.7rh)
   at org.apache.catalina.startup.Bootstrap.start(bootstrap.jar.so)
   at org.apache.catalina.startup.Bootstrap.main(bootstrap.jar.so)
17-Jan-11 2:13:31 AM org.apache.coyote.http11.Http11BaseProtocol start
INFO: Starting Coyote HTTP/1.1 on http-8081
17-Jan-11 2:13:31 AM org.apache.catalina.connector.MapperListener init
INFO: Registering Hosts
17-Jan-11 2:13:31 AM org.apache.catalina.connector.MapperListener init
INFO: Registering WebModule Contexts
17-Jan-11 2:13:31 AM org.apache.catalina.connector.MapperListener init
INFO: Registering Servlets
17-Jan-11 2:13:31 AM org.apache.tomcat.util.net.jsse.JSSESocketFactory getStore
SEVERE: Exception trying to load keystore /usr/share/tomcat5/webapps/.keystore
java.security.KeyStoreException: JKS
   at java.security.KeyStore.getInstance(libgcj.so.7rh)
   at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(tomcat-util-5.5.23.jar.so)
   at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(tomcat-util-5.5.23.jar.so)
   at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(tomcat-util-5.5.23.jar.so)
   at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(tomcat-util-5.5.23.jar.so)
   at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(tomcat-util-5.5.23.jar.so)
   at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(tomcat-util-5.5.23.jar.so)
   at org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(tomcat-util-5.5.23.jar.so)
   at org.apache.coyote.http11.Http11BaseProtocol.start(tomcat-http-5.5.23.jar.so)
   at org.apache.coyote.http11.Http11Protocol.start(tomcat-http-5.5.23.jar.so)
   at org.apache.catalina.connector.Connector.start(catalina-5.5.23.jar.so)
   at org.apache.catalina.core.StandardService.start(catalina-5.5.23.jar.so)
   at org.apache.catalina.core.StandardServer.start(catalina-5.5.23.jar.so)
   at org.apache.catalina.startup.Catalina.start(catalina-5.5.23.jar.so)
   at java.lang.reflect.Method.invoke(libgcj.so.7rh)
   at org.apache.catalina.startup.Bootstrap.start(bootstrap.jar.so)
   at org.apache.catalina.startup.Bootstrap.main(bootstrap.jar.so)
17-Jan-11 2:13:31 AM org.apache.coyote.http11.Http11BaseProtocol start
SEVERE: Error starting endpoint
java.io.IOException: Exception trying to load keystore /usr/share/tomcat5/webapps/.keystore: JKS
   at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(tomcat-util-5.5.23.jar.so)
   at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(tomcat-util-5.5.23.jar.so)
   at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(tomcat-util-5.5.23.jar.so)
   at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(tomcat-util-5.5.23.jar.so)
   at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(tomcat-util-5.5.23.jar.so)
   at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(tomcat-util-5.5.23.jar.so)
   at org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(tomcat-util-5.5.23.jar.so)
   at org.apache.coyote.http11.Http11BaseProtocol.start(tomcat-http-5.5.23.jar.so)
   at org.apache.coyote.http11.Http11Protocol.start(tomcat-http-5.5.23.jar.so)
   at org.apache.catalina.connector.Connector.start(catalina-5.5.23.jar.so)
   at org.apache.catalina.core.StandardService.start(catalina-5.5.23.jar.so)
   at org.apache.catalina.core.StandardServer.start(catalina-5.5.23.jar.so)
   at org.apache.catalina.startup.Catalina.start(catalina-5.5.23.jar.so)
   at java.lang.reflect.Method.invoke(libgcj.so.7rh)
   at org.apache.catalina.startup.Bootstrap.start(bootstrap.jar.so)
   at org.apache.catalina.startup.Bootstrap.main(bootstrap.jar.so)
17-Jan-11 2:13:31 AM org.apache.catalina.startup.Catalina start
SEVERE: Catalina.start: 
LifecycleException:  service.getName(): "Catalina";  Protocol handler start failed: java.io.IOException: Exception trying to load keystore /usr/share/tomcat5/webapps/.keystore: JKS
   at org.apache.catalina.connector.Connector.start(catalina-5.5.23.jar.so)
   at org.apache.catalina.core.StandardService.start(catalina-5.5.23.jar.so)
   at org.apache.catalina.core.StandardServer.start(catalina-5.5.23.jar.so)
   at org.apache.catalina.startup.Catalina.start(catalina-5.5.23.jar.so)
   at java.lang.reflect.Method.invoke(libgcj.so.7rh)
   at org.apache.catalina.startup.Bootstrap.start(bootstrap.jar.so)
   at org.apache.catalina.startup.Bootstrap.main(bootstrap.jar.so)
17-Jan-11 2:13:31 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 5535 ms

我启动tomcat后进行了端口扫描。标准端口与 8005 一起使用,但 SSL 端口不存在。我在某处错过了一步吗?

4

4 回答 4

2

我猜你使用的是用 gcj 编译的 tomcat 5.5,在一些带有 java-1.5.0-gcj 的 Linux 发行版(debian 或 ubuntu?)上。你可以在这里找到一些关于主题的帮助: https ://bugzilla.redhat.com/show_bug.cgi?id=238613

检查异常消息中指示的密钥库是否确实存在,并且它是 JKS 格式。或者将 server.xml 中的 keystoreFile 属性指向 JVM 提供的 cacerts 文件(如果我的猜测是正确的,应该是 /usr/lib/jvm/java-1.5.0-gcj-4.3-1.5.0.0/jre/lib /security/cacerts )并在那里导入您的自签名证书。Stock cacerts 文件具有默认密码 = changeit

但是我建议您使用来自您的发行版的 sun-jvm 或 openjdk-1.6.0,以避免很多麻烦,特别是如果它是您的第一个 ssl 部署之一。

编辑:让我在这里附加我的工作配置:

<连接器端口="8443" maxHttpHeaderSize="8192"
       maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
       enableLookups="false" disableUploadTimeout="true"
       acceptCount="100" 方案="https" 安全="真"
       clientAuth="false" sslProtocol="TLS"
       keystoreFile="/etc/pki/java/cacerts"
       keystorePass="changeit" keystoreType="JKS"
       keyAlias="tomcat"
/>

在 /etc/pki/java/cacerts 密钥库中,我生成了一个密钥对:

$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore /etc/pki/java/cacerts

注意:如果您没有在 server.xml 中指定密钥别名,则使用在密钥库中找到的第一个密钥对。

重要提示:密钥库密码必须与私钥密码相同!

于 2011-01-17T02:21:30.150 回答
1

You are trying to use a JKS format key store. This format was defined by Sun, and is not supported by GNU Classpath.

GNU Classpath might support a "PKCS12" key store (because it is a standard, unlike JKS). A new command in the keytool utility from a Java 6 runtime will allow you to "import" an existing JKS key store into a new PKCS #12 key store. Of course, GNU Classpath can't perform this conversion either, but if you use an OpenJDK product to do the conversion, the resulting store might work with GNU Classpath at run time.

于 2011-01-17T18:32:53.563 回答
0

您正在运行 GNU CLASSPATH,而不是 Java。删除它并安装 JDK。

于 2011-01-17T02:20:34.190 回答
0

If you are using the GNU jvm and keytool, you can add the following options to the Tomcat connector in server.xml in order to get it to work:

keystoreType="gkr"
algorithm="JessieX509"

该算法在http://developer.classpath.org/doc/javax/net/ssl/KeyManagerFactory.html#getDefaultAlgorithm中提到:

于 2012-06-08T21:38:17.047 回答