Tomcat 7.0配置SSL的问题及解决办法
2014-09-01 17:57
459 查看
Tomcat 7.0配置SSL的问题及解决办法
以前一直在用Tomcat 6.0.29版本,今下载了apache-tomcat-7.0.33-windows-x86.zip试试,结果在配置SSL时遇到一些问题。
Tomcat 6版本配置SSL过程有两步:1、用JDK自带的keytool.exe来生成私有密钥和自签发的证书,如下:
Java代码
keytool -genkey -keyalg RSA -alias tomcat
keytool -genkey -keyalg RSA -alias tomcat
按提示输入相关内容后,这条命令将在默认密钥库文件里新增一个别名为tomcat的私有密钥项及其自签发的证书。默认密钥库文件为:
Java代码
%USERPROFILE%\.keystore
%USERPROFILE%\.keystore
2、修改Tomcat的conf\server.xml文件,即增加下面一段:
Java代码
<Connector port= "8443" protocol= "HTTP/1.1" SSLEnabled= "true" maxThreads= "150" scheme= "https" secure= "true" clientAuth= "false"sslProtocol= "TLS" keystoreFile= "${user.home}/.keystore"
keystorePass= "changeit" />
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="${user.home}/.keystore" keystorePass="changeit" />
这里的${user.home}就是上面的%USERPROFILE%,只是一个是Java语法,另一个是Windows语法。
设置好就能正常启动Tomcat了。
可是按同样的方法来配置Tomcat 7却启动不起来,报如下错误:
Java代码
严重: Failed to initialize end point associated with ProtocolHandler [ "http-apr-8443" ] java.lang.Exception: Connector attribute SSLCertificateFile must be defined when using SSL with APR at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java: 494 )
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java: 610) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java: 429) at org.apache.catalina.connector.Connector.initInternal(Connector.java:981 ) at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java: 102) at org.apache.catalina.core.StandardService.initInternal(StandardService.java: 559) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java: 102) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java: 814)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java: 102) at org.apache.catalina.startup.Catalina.load(Catalina.java: 633 ) at org.apache.catalina.startup.Catalina.load(Catalina.java: 658 ) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39 ) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java: 25 ) at java.lang.reflect.Method.invoke(Method.java: 597 )
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java: 281 ) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java: 450 ) - 12 - 2 12 :01 : 16 org.apache.catalina.core.StandardService initInternal 严重: Failed to initialize connector
[Connector[HTTP/ 1.1 - 8443 ]] org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/ 1.1 - 8443 ]] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java: 106 ) at org.apache.catalina.core.StandardService.initInternal(StandardService.java: 559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java: 102) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java: 814) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java: 102) at
org.apache.catalina.startup.Catalina.load(Catalina.java: 633 ) at org.apache.catalina.startup.Catalina.load(Catalina.java: 658 ) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39 )
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java: 25 ) at java.lang.reflect.Method.invoke(Method.java: 597 ) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java: 281 ) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java: 450 )
Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed at org.apache.catalina.connector.Connector.initInternal(Connector.java: 983) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java: 102)
... 12 more Caused by: java.lang.Exception: Connector attribute SSLCertificateFile must be defined when using SSL with APR at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java: 494 ) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java: 610)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java: 429) at org.apache.catalina.connector.Connector.initInternal(Connector.java:981 ) ... 13 more
严重: Failed to initialize end point associated with ProtocolHandler ["http-apr-8443"] java.lang.Exception: Connector attribute SSLCertificateFile must be defined when using SSL with APR at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:494) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:610) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:429) at org.apache.catalina.connector.Connector.initInternal(Connector.java:981) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.startup.Catalina.load(Catalina.java:633) at org.apache.catalina.startup.Catalina.load(Catalina.java:658) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:450) -12-2 12:01:16 org.apache.catalina.core.StandardService initInternal 严重: Failed to initialize connector [Connector[HTTP/1.1-8443]] org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8443]] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.startup.Catalina.load(Catalina.java:633) at org.apache.catalina.startup.Catalina.load(Catalina.java:658) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:450) Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed at org.apache.catalina.connector.Connector.initInternal(Connector.java:983) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) ... 12 more Caused by: java.lang.Exception: Connector attribute SSLCertificateFile must be defined when using SSL with APR at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:494) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:610) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:429) at org.apache.catalina.connector.Connector.initInternal(Connector.java:981) ... 13 more
仔细看上面的异常信息发现这是APR报的错误。Tomcat 6也有APR包但我从来都没用过。为此查看了Tomcat的ssl-how,在“Edit the Tomcat Configuration File”一节中说到:
Tomcat提供了两个SSL实现,一个是JSSE实现,另一个是APR实现。
Tomcat将自动选择使用哪个实现,即如果安装了APR则自动选择APR,否则选择JSSE。
如果不希望让Tomcat自动选择,而是我们自己指定一个实现则可通过protocol定义,如下:
Java代码
<Connector protocol= "..." />
<Connector protocol="..." />
我又查看了6.0的相同说明,里面与7.0的说明一模一样。因此问题只可能是:是否安装了APR包。
以前只听说过APR但没弄过。APR是什么文件?后来才发现APR文件名为tcnative-1.dll。进一步检查6.0和7.0的安装目录,结果发现6.0里没这个dll文件,而7.0里有。换句话说,6.0默认使用JSSE实现,而7.0默认使用APR实现。
弄明白缘由就好办了。由于习惯使用6.0的配置方式(即JSEE实现),因此只要把上面conf\server.xml里的protocol修改一下就行了:
Java代码
<Connector port= "8443" protocol= "org.apache.coyote.http11.Http11Protocol"SSLEnabled= "true" maxThreads= "150" scheme= "https" secure= "true" clientAuth= "false" sslProtocol= "TLS" keystoreFile="${user.home}/.keystore"
keystorePass= "changeit" />
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="${user.home}/.keystore" keystorePass="changeit" />
重新启动,一切正常。
应用程序HTTP自动跳转到HTTPS,解决如下,打开 项目的web.xml ,添加如下配置
Java代码
<security-constraint> <web-resource-collection > <web-resource-name >eqm</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
<security-constraint> <web-resource-collection > <web-resource-name >eqm</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
相关文章推荐
- Tomcat 7.0配置SSL的问题及解决办法
- Tomcat 7.0配置SSL的问题及解决办法
- Linux下tomcat配置ssl中报错问题的解决javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExcepti
- Tomcat 配置多个WEB应用的问题解决办法
- MyEclipse8.5配置tomcat7.0 出现A java Exception has occured的解决办法
- Linux下tomcat配置ssl中报错的问题[已解决] CertificateException No subject alternative names present
- Mac os x 下配置Intellij IDEA + Tomcat 出现权限问题的解决办法
- Mac os x 下配置Intellij IDEA + Tomcat 出现权限问题的解决办法
- Mac os x 下配置Intellij IDEA + Tomcat 出现权限问题的解决办法
- Mac os x 下配置Intellij IDEA + Tomcat 出现权限问题的解决办法
- Eclipse4.3.0+jdk1.7+tomcat7.0配置出现的问题整理及解决
- 配置tomcat到系统服务方法及一般问题解决办法
- Mac下配置Intellij IDEA + Tomcat 出现权限问题的解决办法
- tomcat 连接池配置,以及遇到的各种问题,解决办法
- 【Mac os x 下配置Intellij IDEA + Tomcat 出现权限问题的解决办法】
- SSL配置tomcat时出现 Keystore was tampered with, or password was incorrect错误的解决办法
- Windows server 2008下配置tomcat到系统服务方法及一般问题解决办法
- Mac os x 下配置Intellij IDEA + Tomcat 出现权限问题的解决办法
- Mac os x 下配置Intellij IDEA + Tomcat 出现权限问题的解决办法
- Windows server 2008下配置tomcat到系统服务方法及一般问题解决办法