在ubuntu上使用APR库使用SSL证书配置tomcat时出错

Question

我已经在运行Ubuntu的64位服务器上安装了Tomcat7，并且正在尝试配置SSL来工作。

我将证书放在/opt/tomcat/conf/目录下，并在server.xml中进行了以下更改

<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />

<Connector executor="tomcatThreadPool" scheme="https" secure="true" port="443"    protocol="org.apache.coyote.http11.Http11AprProtocol"
            connectionTimeout="20000" redirectPort="8443" acceptCount="100" SSLEnabled="true"
            maxConnections="100000"  SSLCertificateFile="/opt/tomcat/conf/SSLCertificateFilenew.crt" SSLCertificatKeyFile="/opt/tomcat/conf/SSLCertificateKeyFilenew.key"
            SSLCertificateChainFile="/opt/tomcat/conf/SSLRootCertificateFile.crt" sslProtocol="TLS"/>

当我启动Appache tomcat服务时，我收到以下错误：

Nov 13, 2013 5:03:40 AM org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.29 using APR version 1.4.8.
Nov 13, 2013 5:03:40 AM org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
Nov 13, 2013 5:03:40 AM org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property  'SSLCertificatKeyFile' to 'SSLCertificateKeyFilenew.key' did not find a matching property.
Nov 13, 2013 5:03:40 AM org.apache.catalina.core.AprLifecycleListener initializeSSL
INFO: OpenSSL successfully initialized (OpenSSL 1.0.1 14 Mar 2012)
Nov 13, 2013 5:03:40 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-apr-80"]
Nov 13, 2013 5:03:40 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-apr-443"]
Nov 13, 2013 5:03:40 AM org.apache.coyote.AbstractProtocol init
SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-apr-443"]
java.lang.Exception: Unable to load certificate key SSLCertificateFilenew.crt  (error:02001002:system library:fopen:No such file or directory)
    at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method)
at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:550)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:623)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:981)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:640)
at org.apache.catalina.startup.Catalina.load(Catalina.java:665)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at      sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:455)
Nov 13, 2013 5:03:40 AM org.apache.catalina.core.StandardService initInternal
SEVERE: Failed to initialize connector [Connector[HTTP/1.1-443]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-443]]
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:640)
at org.apache.catalina.startup.Catalina.load(Catalina.java:665)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at      sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:455)
Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:983)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
... 12 more
 Caused by: java.lang.Exception: Unable to load certificate key   SSLCertificateFilenew.crt (error:02001002:system library:fopen:No such file or directory)
at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method)
at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:550)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:623)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:981)
... 13 more
Nov 13, 2013 5:03:40 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["ajp-apr-8009"]
Nov 13, 2013 5:03:40 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 634 ms
Nov 13, 2013 5:03:40 AM org.apache.catalina.core.StandardService startInternal
INFO: Starting service Catalina
Nov 13, 2013 5:03:40 AM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.47
Nov 13, 2013 5:03:40 AM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive /opt/tomcat/webapps/jabberservlet.war
Nov 13, 2013 5:03:41 AM org.apache.tomcat.websocket.server.WsSci onStartup
INFO: JSR 356 WebSocket (Java WebSocket 1.0) support is not available when running on    Java 6. To suppress this message, run Tomcat on Java 7, remove the WebSocket JARs from   $CATALINA_HOME/lib or add the WebSocketJARs to the   tomcat.util.scan.DefaultJarScanner.jarsToSkip property in   $CATALINA_BASE/conf/catalina.properties. Note that the deprecated Tomcat 7 WebSocket API   will be available. 
Nov 13, 2013 5:03:41 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory /opt/tomcat/webapps/manager
Nov 13, 2013 5:03:41 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory /opt/tomcat/webapps/host-manager
Nov 13, 2013 5:03:41 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory /opt/tomcat/webapps/examples
Nov 13, 2013 5:03:42 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory /opt/tomcat/webapps/ROOT
Nov 13, 2013 5:03:42 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory /opt/tomcat/webapps/docs
Nov 13, 2013 5:03:42 AM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-apr-80"]
Nov 13, 2013 5:03:42 AM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["ajp-apr-8009"]
Nov 13, 2013 5:03:42 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 1509 ms

你能帮我排除这些错误吗？我已经在网上搜索过了，似乎找不到任何解决方案。

谢谢

Answer 1

将SSLPassword添加到连接器对我来说很有效。SSLPassword与keystorePass过去的样子很相似。缺省值为"changeit"

Answer 2

可能是您的sslProtocol=TLS设置引起的，没有这样的参数。http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support_-_APR/Native