在Tomcat中使用多个密钥库

时间:2014-04-28 14:01:16

标签: java tomcat ssl keystore

我有多个密钥库:K1存储我的应用程序在连接到外部ssl服务时使用的公用密钥。此外,我还有密钥库K2,它包含客户端应用程序连接到我的服务器应用程序时使用的证书。 我用

-Djavax.net.ssl.trustStore=<path to K1>

<Connector port="8443" SSLEnabled="true" maxHttpHeaderSize="8192"
                   protocol="org.apache.coyote.http11.Http11Protocol"
                   maxThreads="150" minSpareThreads="25" maxSpareThreads="200"
                   enableLookups="false" disableUploadTimeout="true"
                   acceptCount="100" scheme="https" secure="true"
                   clientAuth="false" sslProtocol="TLS"
                   keystoreFile="<K2>" keystorePass="..." keystoreType="JKS"
                   keyAlias="tomcat"/>

在我的tomcat配置中。当我添加第一行(-D)以使用另一个https服务时,Tomcat开始失败并且它的https连接器未运行:

2014年4月28日上午9:05:56 org.apache.tomcat.util.net.jsse.JSSESocketFactory getStore 严重:由于Keystore被篡改或密码错误,无法加载带有路径/ data / iris / apps / iris-us-dev / security / riskblotter-keystore的密钥库类型JKS 不正确 java.io.IOException:密钥库被篡改,或密码不正确

INFO: Starting Coyote HTTP/1.1 on http-8080
Apr 28, 2014 9:05:56 AM org.apache.jk.common.ChannelSocket init
INFO: JK: ajp13 listening on /0.0.0.0:8009
Apr 28, 2014 9:05:56 AM org.apache.jk.server.JkMain start
INFO: Jk running ID=0 time=0/23  config=null
Apr 28, 2014 9:05:56 AM org.apache.tomcat.util.net.jsse.JSSESocketFactory getStore
SEVERE: Failed to load keystore type JKS with path <PATH TO K1> due to Keystore was tampered with, or password w
as incorrect
java.io.IOException: Keystore was tampered with, or password was incorrect
        at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
        at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
        at java.security.KeyStore.load(KeyStore.java:1185)

看起来它试图将K1用作HTTPS连接器的密钥库,而应该使用K2。在这种情况下是否可以有多个密钥库?

0 个答案:

没有答案