我按照说明生成了密钥和证书。我能够成功导入证书。我无法正确获取连接器。
以下是步骤和消息。
生成密钥
keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore myKey.jks -dname "CN=dnsName.com
生成证书签名请求。
keytool -certreq -alias server -file myCSR.csr -keystore myKey.jks
从CA下载证书:将myCSR内容复制到goDaddy,然后下载3个文件:serialNumber-root.crt,bundle-intermediate.crt,*.pem
Tomcat Web服务器SSL证书安装:
keytool -import -alias root -keystore myKey.jks -trustcacerts -file serialNumber-root.crt
keytool -import -alias intermed -keystore myKey.jks -trustcacerts -file bundle-intermediate.crt
keytool -import -alias tomcat -keystore myKey.jks -trustcacerts -file serialNumber-root.crt
此时一切都很成功。
tomcat/conf/server.xml 一个。给了我java.lang.Exception: Unable to load certificate key E:\tomcat\certificate\myKey.jks (error:0906D06C:PEM routines:PEM_read_bio:no start line)
<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150" SSLEnabled="true" >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateKeyFile="E:\tomcat\certificate\myKey.jks"
certificateFile="E:\tomcat\certificate\serialNumber-root.crt"
certificateChainFile="E:\tomcat\certificate\serialNumber-root.crt"
type="RSA" />
</SSLHostConfig>
</Connector>
OR
<Connector port="8443" scheme="https" secure="true" SSLEnabled="true"
SSLCertificateFile="E:\tomcat\certificate\serialNumber-root.crt"
SSLCertificateKeyFile="myKey.jks"
SSLPassword="password"
SSLCertificateChainFile="E:\tomcat\certificate\serialNumber-root.crt"
keyAlias="server" SSLProtocol="TLSv1"/>
湾给了我java.lang.IllegalArgumentException: java.io.IOException: Alias name [server] does not identify a key entry
<Connector
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="E:\tomcat\certificate\myKey.jks"
keystorePass="password"
keyAlias="server"
clientAuth="false" sslProtocol="TLS"
/>
℃。 java.lang.IllegalArgumentException: Illegal character in opaque part at index 2: c:\certificate\myKey.jks
<Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25"
maxSpareThreads="150" scheme="https" secure="true" SSLEnabled="true"
clientAuth="false" sslProtocol="TLS" keyAlias="server"
keystoreFile="c:\certificate\myKey.jks"
keystorePass="password" />
答案 0 :(得分:0)
您是否尝试使用“ org.apache.coyote.http11.Http11NioProtocol”代替“ org.apache.coyote.http11.Http11AprProtocol”?
<Connector executor="tomcatThreadPool"
port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
<Connector
port="443"
protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true"
maxThreads="150"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
keystoreFile="mySSL.jks"
keystorePass="changeit" />
答案 1 :(得分:-1)
现在,我安装了SSL证书并成功启动了tomcat,但我不能http://localhost:8443。 我得到了页面 无法显示消息 •确保网址http://localhost:443正确无误。
真诚地感谢任何建议。
TryStrToFloattomcat日志结束: 02-May-2018 09:06:14.192 INFO [main] org.apache.coyote.AbstractProtocol.start启动ProtocolHandler [&#34; http-nio-8080&#34;] 02-May-2018 09:06:14.207 INFO [main] org.apache.coyote.AbstractProtocol.start启动ProtocolHandler [&#34; https-openssl-nio-8443&#34;] 02-May-2018 09:06:14.207 INFO [main] org.apache.coyote.AbstractProtocol.start启动ProtocolHandler [&#34; ajp-nio-8009&#34;]