gpt4 book ai didi

java - 使用 .keystore 文件为 tomcat 8.5 配置 SSL - 无法存储非私钥

转载 作者:塔克拉玛干 更新时间:2023-11-01 21:37:32 27 4
gpt4 key购买 nike

我有一个文件 tomcat (2).keystore 文件,我已将其放在 /opt/tomcat/conf 中目录。目录权限设置如下:

root@xxxxxxxxxx:/opt/tomcat# ls -l
total 112
drwxr-x--- 2 root tomcat 4096 Sep 10 03:04 bin
drwxr-x--- 2 root tomcat 4096 Sep 28 05:12 conf
drwxr-x--- 2 root tomcat 4096 Sep 10 03:04 lib
-rw-r----- 1 root tomcat 57092 Aug 2 21:36 LICENSE
drwxr-x--- 2 tomcat tomcat 4096 Sep 28 05:15 logs
-rw-r----- 1 root tomcat 1723 Aug 2 21:36 NOTICE
-rw-r----- 1 root tomcat 7064 Aug 2 21:36 RELEASE-NOTES
-rw-r----- 1 root tomcat 15946 Aug 2 21:36 RUNNING.txt
drwxr-x--- 2 tomcat tomcat 4096 Sep 28 05:15 temp
drwxr-x--- 8 tomcat tomcat 4096 Sep 28 03:52 webapps
drwxr-x--- 3 tomcat tomcat 4096 Sep 10 03:19 work

还有 server.xml具有以下连接器:

<Connector 
port="8080"
maxThreads="1000"

protocol="org.apache.coyote.http11.Http11NioProtocol"
maxHttpHeaderSize="8192"
emptySessionPath="true"
connectionTimeout="20000"
minSpareThreads="20"
acceptCount="100"
disableUploadTimeout="true"
enableLookups="false"
tcpNoDelay="true"

scheme="https"
secure="true"
SSLEnabled="true"
keystoreFile="/opt/tomcat/conf/tomcat (2).keystore"
keystorePass="xxxxxx"
clientAuth="false"
sslProtocol="TLS"
maxPostSize="97589953"
URIEncoding="UTF-8"/>

我还注释掉了以下内容:

<!-- <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> -->

但是,我在 catalina.out 中不断收到以下错误:

java.lang.IllegalArgumentException: java.security.KeyStoreException: Cannot store non-PrivateKeys
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:85)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:225)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:982)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:244)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:620)
at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:66)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:997)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at org.apache.catalina.startup.Catalina.load(Catalina.java:607)
at org.apache.catalina.startup.Catalina.load(Catalina.java:630)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:311)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494)
Caused by: java.security.KeyStoreException: Cannot store non-PrivateKeys
at sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:258)
at sun.security.provider.JavaKeyStore$JKS.engineSetKeyEntry(JavaKeyStore.java:56)
at sun.security.provider.KeyStoreDelegator.engineSetKeyEntry(KeyStoreDelegator.java:117)
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineSetKeyEntry(JavaKeyStore.java:70)
at java.security.KeyStore.setKeyEntry(KeyStore.java:1140)
at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:226)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:112)
... 20 more

有人可以帮忙吗?我还需要从 server.xml 中删除任何其他内容吗? ?

编辑:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 3 entries

root, Dec 19, 2016, trustedCertEntry,
Certificate fingerprint (SHA1): xxxx
tomcat, Dec 19, 2016, PrivateKeyEntry,
Certificate fingerprint (SHA1): xxxx
intermed, Dec 19, 2016, trustedCertEntry,
Certificate fingerprint (SHA1): xxxxx

当我运行 ./keytool -list -keystore "/opt/tomcat/conf/tomcat (2).keystore" 时得到以上信息

最佳答案

有点晚了,迁移到tomcat 8.5.20后遇到了类似的问题。经过更多研究,我想出了一个单独的、合理的解决方案。很多情况下,在生产环境中,证书并不在我们手中,不宜篡改。实际上查看实现,看起来 tomcat 尝试使用 key 存储文件中提到的第一个 key ,除非我们提供 key 别名。因此,在这种情况下,如果我们在连接器中提供 key 别名,它就可以正常工作。

{ keyAlias="tomcat"}

关于java - 使用 .keystore 文件为 tomcat 8.5 配置 SSL - 无法存储非私钥,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/46461569/

27 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com