不能让PFX/SSL在Tomcat中工作
不能让PFX/SSL在Tomcat中工作
提问于 2016-12-07 02:07:59
我在Tomcat7上设置SSL时遇到了问题。我有一个使用私钥导出的PFX文件,无论我如何尝试,在启动Tomcat时都会得到以下错误:
密钥存储密码不一致
我在IIS和OpenSSL中都验证了密码确实是正确的。
我正在运行Windows 2012 R2,并让Tomcat作为Windows运行,作为本地系统运行(默认安装)
Server.xml
<Connector port="8443" scheme="https" secure="true"
protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/mypfx.pfx"
keystoreType="PKCS12" keystorePass="mypass" />
</SSLHostConfig>
</Connector>catalina.log
07-Dec-2016 01:56:25.253 SEVERE [main] org.apache.catalina.core.StandardService.initInternal Failed to initialize connector [Connector[HTTP/1.1-8443]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8443]]
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at org.apache.catalina.startup.Catalina.load(Catalina.java:606)
at org.apache.catalina.startup.Catalina.load(Catalina.java:629)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:311)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494)
Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:970)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
... 12 more
Caused by: java.lang.IllegalArgumentException: java.io.IOException: keystore password was incorrect
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:103)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:81)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:245)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:875)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:213)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:558)
at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:65)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:968)
... 13 more
Caused by: java.io.IOException: keystore password was incorrect
at sun.security.pkcs12.PKCS12KeyStore.engineLoad(Unknown Source)
at sun.security.provider.KeyStoreDelegator.engineLoad(Unknown Source)
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(Unknown Source)
at java.security.KeyStore.load(Unknown Source)
at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:136)
at org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:187)
at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:185)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:101)
... 20 more
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded回答 2
Stack Overflow用户
发布于 2017-08-03 23:10:48
您的配置应该是"certificateKeystorePassword"而不是"keystorePass“。
"keystoreType“也不是一个有效的参数,它应该是"type”
请参阅tomcat文档以获得正确的参数名称:
Stack Overflow用户
发布于 2020-12-07 16:48:28
您可以尝试使用下面的代码:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreType="PKCS12" keystoreFile="conf/mypfx.pfx" keystorePass="mypass"
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA"
/>页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/41008261
复制相关文章
相似问题
腾讯云开发者
