Tomcat 9 配置让我们加密证书

【问题标题】:Tomcat 9 configuration with let's encrypt certificateTomcat 9 配置让我们加密证书
【发布时间】:2020-12-09 01:59:37
【问题描述】:

我有一个运行 tomcat9 的 VPS,但我无法安装证书。 我使用 certbot(让我们加密实体)获得了证书,现在我有了文件:

/etc/letsencrypt/live/mydomain.org/fullchain.pem
/etc/letsencrypt/live/mydomain.org/privkey.pem

我不知道该怎么处理它们。我关注了很多不同的教程、博客、文档页面,包括这个https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html,但它从来没有用过。

目前,我创建了一个 JKS 密钥库并导入了我的证书

keytool -importcert -alias root -file /etc/letsencrypt/live/mydomain.org/fullchain.pem -keystore mydomain.jks

server.xml我有

<Connector port="80" protocol="HTTP/1.1"
        connectionTimeout="20000"
        redirectPort="8443" />
<Connector port="443" protocol="HTTP/1.1"
        connectionTimeout="20000"
        redirectPort="8443" />
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
        maxThreads="150" SSLEnabled="true" URIEncoding="UTF-8" >
    <SSLHostConfig>
        <Certificate certificateKeystoreFile="/home/tomcat/files/mydomain.jks"
            keystoreType="JKS" 
            keystorePass="mypassword"/>
    </SSLHostConfig>
</Connector>

但是当我重新启动我的 tomcat9 服务时,我在日志中有以下内容:

SEVERE [main] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector[HTTP/1.1-8443]]
        org.apache.catalina.LifecycleException: Protocol handler initialization failed
                at org.apache.catalina.connector.Connector.initInternal(Connector.java:1013)
                at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
                at org.apache.catalina.core.StandardService.initInternal(StandardService.java:533)
                at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
                at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1057)
                at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
                at org.apache.catalina.startup.Catalina.load(Catalina.java:584)
                at org.apache.catalina.startup.Catalina.load(Catalina.java:607)
                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                at java.lang.reflect.Method.invoke(Method.java:498)
                at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:303)
                at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:473)
        Caused by: java.lang.IllegalArgumentException: Keystore was tampered with, or password was incorrect
                at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99)
                at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
                at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:217)
                at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1141)
                at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1154)
                at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581)
                at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74)
                at org.apache.catalina.connector.Connector.initInternal(Connector.java:1010)
                ... 13 more
        Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
                at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:792)
                at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:57)
                at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
                at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:71)
                at java.security.KeyStore.load(KeyStore.java:1445)
                at org.apache.tomcat.util.security.KeyStoreUtil.load(KeyStoreUtil.java:69)
                at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:217)
                at org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:206)
                at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:283)
                at org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.java:98)
                at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247)
                at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97)
                ... 20 more
        Caused by: java.security.UnrecoverableKeyException: Password verification failed
                at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:790)
                ... 31 more

我更改了密码,但问题仍然存在,所以我认为错误来自其他地方。谁能给我一步一步的过程来安装这个证书?

谢谢

【问题讨论】:

标签: ssl tomcat lets-encrypt


【解决方案1】:

密码的正确键是

certificateKeystorePassword

(Credits to Marquinio.)

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 1970-01-01
    • 2019-03-25
    • 2020-07-20
    • 1970-01-01
    • 2016-05-04
    • 1970-01-01
    • 2023-03-15
    • 2020-08-26
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode