Tomcat7中的EV SSL证书

时间:2014-04-28 11:29:22

标签: java ssl tomcat7

我试图将Tomcat7配置为使用Thawte的EV证书,但无法让它运行。

在出现一些问题后,我们终于可以将证书(主证书,辅助证书和SSL证书)安装到密钥库中,现在我们尝试通过server.xml文件配置Tomcat(或尝试关注)关于Tomcat SSL How To的说明,但出了点问题。

此时我们在catalina.out中没有任何错误或警告,但绿色栏不会出现。可能是什么问题?

server.xml中:

<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />

...

<Connector port="8080" protocol="HTTP/1.1"
           connectionTimeout="20000"
           redirectPort="8443" />

...

<!-- Define a SSL HTTP/1.1 Connector on port 8443
     This connector uses the JSSE configuration, when using APR, the
     connector should be using the OpenSSL style configuration
     described in the APR documentation -->
<!-- DEFAULT
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
           maxThreads="150" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS" />
-->
<!-- NOK - From Thawte
<Connector
  className="org.apache.coyote.tomcat4.CoyoteConnector"
  port="8443" minProcessors="5"
  maxProcessors="75"
  enableLookups="false"
  acceptCount="10"
  connectionTimeout="60000" debug="0"
  scheme="https" secure="true">
<Factory
  className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
         clientAuth="false" protocol="TLS"
         keystoreFile="/home/tomcat/ssl/mykeystorename.kdb"
         keystorePass="..."/>
</Connector>
-->
<!--
<Connector
    protocol="HTTP/1.1"
    port="8443" maxThreads="200"
    scheme="https" secure="true" SSLEnabled="true"
    keystoreFile="/home/tomcat/ssl/mykeystorename.kdb"
    keystorePass="..."
    clientAuth="false" sslProtocol="TLS"/>
-->
<!-- -->
<Connector
    port="8443" maxThreads="200"
    scheme="https" secure="true" SSLEnabled="true"
    keyAlias="myalias"
    keystoreFile="/home/tomcat/ssl/mykeystorename.kdb"
    keystorePass="..."
    clientAuth="false" sslProtocol="TLS"/>
<!-- --->

catalina.out中:

...
Apr 28, 2014 10:57:06 AM org.apache.catalina.core.StandardServer await
INFO: A valid shutdown command was received via the shutdown port. Stopping the Server instance.
Apr 28, 2014 10:57:06 AM org.apache.coyote.AbstractProtocol pause
INFO: Pausing ProtocolHandler ["http-bio-8080"]
Apr 28, 2014 10:57:06 AM org.apache.coyote.AbstractProtocol pause
INFO: Pausing ProtocolHandler ["http-bio-8443"]
Apr 28, 2014 10:57:07 AM org.apache.coyote.AbstractProtocol pause
INFO: Pausing ProtocolHandler ["ajp-bio-8009"]
Apr 28, 2014 10:57:07 AM org.apache.catalina.core.StandardService stopInternal
INFO: Stopping service Catalina
...
Apr 28, 2014 10:57:07 AM org.apache.coyote.AbstractProtocol stop
INFO: Stopping ProtocolHandler ["http-bio-8080"]
Apr 28, 2014 10:57:07 AM org.apache.coyote.AbstractProtocol stop
INFO: Stopping ProtocolHandler ["http-bio-8443"]
Apr 28, 2014 10:57:07 AM org.apache.coyote.AbstractProtocol stop
INFO: Stopping ProtocolHandler ["ajp-bio-8009"]
Apr 28, 2014 10:57:07 AM org.apache.coyote.AbstractProtocol destroy
INFO : Destroying ProtocolHandler ["http-bio-8080"]
Apr 28, 2014 10:57:07 AM org.apache.coyote.AbstractProtocol destroy
INFO: Destroying ProtocolHandler ["http-bio-8443"]
Apr 28, 2014 10:57:07 AM org.apache.coyote.AbstractProtocol destroy
INFO: Destroying ProtocolHandler ["ajp-bio-8009"]
...
Apr 28, 2014 10:57:22 AM org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib
Apr 28, 2014 10:57:23 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-8080"]
Apr 28, 2014 10:57:23 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-8443"]
Apr 28, 2014 10:57:23 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["ajp-bio-8009"]
Apr 28, 2014 10:57:23 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 2242 ms
Apr 28, 2014 10:57:23 AM org.apache.catalina.core.StandardService startInternal
INFO: Starting service Catalina
Apr 28, 2014 10:57:23 AM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.42
Apr 28, 2014 10:57:23 AM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive /var/lib/tomcat7/webapps/ROOT.war

1 个答案:

答案 0 :(得分:0)

  1. 您是否确认,用于创建证书签名请求的私钥也存储在Java密钥库中?

  2. 您是否输入了Java密钥库的正确密码?如果不是,您的Java应用程序无法访问密钥库

  3. 您是否为当前的运行时环境安装了Java Cryptographic Extension策略文件(JCE)?

    4. 请先确认这些步骤。您的日志信息不会显示任何异常。您还可以尝试使用带有OpenSSL的tomcat本机客户端APR(带有OpenSSL 1.0.1g的APR 1.1.30以避免Heartbleed错误)来运行SSL。 SSL以原生方式执行得更好。

相关问题
最新问题