我确切地说明了here。我正在使用Apache Tomcat 8.5并将这些行插入到我的server.xml中:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true" clientAuth="false"
sslProtocol="TLS" keystoreFile="C:/Program Files/certs/mycert.pfx"
keystorePass="myPassword" keystoreType="PKCS12"/>
启动服务器后,我收到以下错误,我无法解决。
...
23-Mar-2017 11:01:07.776 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR based Apache Tomcat Native library 1.2.10 using APR version 1.5.2.
23-Mar-2017 11:01:07.776 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
23-Mar-2017 11:01:07.776 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
23-Mar-2017 11:01:08.870 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized (OpenSSL 1.0.2j 26 Sep 2016)
23-Mar-2017 11:01:09.120 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8080"]
23-Mar-2017 11:01:09.260 INFO [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read
23-Mar-2017 11:01:09.276 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["https-openssl-nio-8443"]
23-Mar-2017 11:01:09.776 WARNING [main]
org.apache.tomcat.util.net.openssl.OpenSSLContext.init Error initializing SSL context
java.lang.NullPointerException
at org.apache.tomcat.util.net.openssl.OpenSSLContext.init(OpenSSLContext.java:281)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:105)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:85)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:226)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:941)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:237)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:558)
at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:65)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:968)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at org.apache.catalina.startup.Catalina.load(Catalina.java:606)
at org.apache.catalina.startup.Catalina.load(Catalina.java:629)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:311)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494)
23-Mar-2017 11:01:09.776 INFO [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read
...
证书是从权威机构生成的。我只获得了.pfx文件和密码。我知道密码是正确的,因为我可以使用openssl来访问certifcate。任何帮助将不胜感激。
编辑: 这在技术上不是一个答案,因为它不能修复.pfx文件和密码的使用。
我在这些命令中使用了keytool:
keytool -importkeystore -srckeystore mycert.pfx
-srcstoretype pkcs12 -destkeystore mynewcert.jks -deststoretype JKS
我回答了问题,keytool发了mynewcert.jks并给了我一个GUID。
然后我将server.xml更改为以下内容:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true" clientAuth="false"
sslProtocol="TLS" keystoreFile="C:/Program Files/certs
/mynewcert.jks" keystorePass="myPassword" />
我重新启动服务器,它产生了与之前收到的完全相同的错误。然后我将以下内容添加到server.xml:
keyAlias="GUID I got from keytool"
现在一切正常。
答案 0 :(得分:1)
我知道问题出在2017年,但我遇到了同样的问题,我认为也许有人会发现同样的问题。
您所说的问题是keyAlias。您可以在cmd上使用以下代码从pfx文件中获取别名:
keytool -list -v -storetype pkcs12 -keystore certificado_mmkt_.pfx
您可以在其中找到一个名为“别名”的字段。在连接器中添加字段keyAlias。在我的情况下,keyAlias为1。
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true" clientAuth="false"
sslProtocol="TLS" keystoreFile="C:/Program Files/certs/mycert.pfx"
keystorePass="myPassword" keystoreType="PKCS12" keyAlias="1"/>