java - Tomcat 上的 SSL 证书 - 别名 (tomcat) 无法识别密钥
问题描述
我正在使用 Apache Tomcat 中的 SSL 证书。我创建了 CSR 并获得了一个 JKS 文件。然后,当我将 CSR 交给证书颁发机构时,他们就给了我证书。当我使用以下命令测试 JKS 证书时,
keytool -list -keystore ava_bankasia-bd_com.jks
我有以下输出:
Keystore type: PKCS12
Keystore provider: SUN
Your keystore contains 1 entry
tomcat, Jun 22, 2021, trustedCertEntry,
Certificate fingerprint (SHA-256): 7F:F3:C5:60:D1:E6:E5:04:2A:E8:2E:D1:D7:1A:92:DE:39:47:75:BD:06:25:0D:D0:CB:C0:55:BA:D6:2B:28:E9
然后我用以下代码配置了tomcat:
<Connector port="443"
protocol="org.apache.coyote.http11.Http11Protocol"
SSLEnabled="true"
maxThreads="150"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
keystoreFile="/u01/csr_certificate/ava_bankasia-bd_com.jks"
keystorePass="-------"
keyAlias="tomcat" />
我已将它们全部导入 Keystore 好(但显然不是!)但我从 Tomcat 得到的错误是:'java.io.IOException Alias name does not identify a key entry。完整的错误如下:
org.apache.catalina.LifecycleException: Protocol handler initialization failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:1076)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:552)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:846)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.startup.Catalina.load(Catalina.java:639)
at org.apache.catalina.startup.Catalina.load(Catalina.java:662)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:302)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:472)
Caused by: java.lang.IllegalArgumentException: Alias name [tomcat] does not identify a key entry
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:100)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:72)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:247)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1143)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:222)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:599)
at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:80)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:1074)
... 13 more
Caused by: java.io.IOException: Alias name [tomcat] does not identify a key entry
at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:336)
at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:245)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:98)
... 20 more
有任何想法吗?这是我第一次这样做,所以也许我搞砸了一些非常明显的东西?
该站点在端口 80 上运行良好。
很想听听一些建议:)
解决方案
推荐阅读
- javascript - 我可以对 KendoScheduler 数据源的数据进行硬编码吗?
- java - SOAP Header 简单调用
- c - C for Linux 中的全屏操作
- java - 从毫秒到天的 TimeUnit 转换不适合我
- ruby-on-rails - Ruby on Rails 通过 Simple_Form 集合进行分类
- angular - Angular2组件模板更改变量更改
- mongodb - React native 不返回多个组件
- javascript - 如何用5个数字分隔数组
- java - Android Facebook Login with Firebase 在某些设备上不起作用,只有我的
- ios - 以编程方式创建 UIViewController 不会显示子视图或识别手势