文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >Tomcat 9配置,让我们加密证书

Tomcat 9配置,让我们加密证书
EN

Stack Overflow用户
提问于 2020-12-09 01:59:37
回答 1查看 824关注 0票数 2

我有一个运行tomcat9的VPS,我无法成功地安装证书。我得到了一个使用certbot的证书(让我们加密实体),现在我有了文件:

代码语言:javascript
复制
/etc/letsencrypt/live/mydomain.org/fullchain.pem
/etc/letsencrypt/live/mydomain.org/privkey.pem

我不知道该拿他们怎么办。我学习了很多不同的教程、博客、文档页面(包括这个https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html ),但是它从来都不起作用。

目前,我创建了一个JKS密钥存储库并导入了我的证书。

代码语言:javascript
复制
keytool -importcert -alias root -file /etc/letsencrypt/live/mydomain.org/fullchain.pem -keystore mydomain.jks

server.xml我有

代码语言:javascript
复制
<Connector port="80" protocol="HTTP/1.1"
        connectionTimeout="20000"
        redirectPort="8443" />
<Connector port="443" protocol="HTTP/1.1"
        connectionTimeout="20000"
        redirectPort="8443" />
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
        maxThreads="150" SSLEnabled="true" URIEncoding="UTF-8" >
    <SSLHostConfig>
        <Certificate certificateKeystoreFile="/home/tomcat/files/mydomain.jks"
            keystoreType="JKS" 
            keystorePass="mypassword"/>
    </SSLHostConfig>
</Connector>

但是,当我重新启动我的tomcat9服务时,日志中有以下内容:

代码语言:javascript
复制
SEVERE [main] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector[HTTP/1.1-8443]]
        org.apache.catalina.LifecycleException: Protocol handler initialization failed
                at org.apache.catalina.connector.Connector.initInternal(Connector.java:1013)
                at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
                at org.apache.catalina.core.StandardService.initInternal(StandardService.java:533)
                at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
                at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1057)
                at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
                at org.apache.catalina.startup.Catalina.load(Catalina.java:584)
                at org.apache.catalina.startup.Catalina.load(Catalina.java:607)
                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                at java.lang.reflect.Method.invoke(Method.java:498)
                at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:303)
                at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:473)
        Caused by: java.lang.IllegalArgumentException: Keystore was tampered with, or password was incorrect
                at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99)
                at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
                at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:217)
                at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1141)
                at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1154)
                at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581)
                at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74)
                at org.apache.catalina.connector.Connector.initInternal(Connector.java:1010)
                ... 13 more
        Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
                at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:792)
                at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:57)
                at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
                at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:71)
                at java.security.KeyStore.load(KeyStore.java:1445)
                at org.apache.tomcat.util.security.KeyStoreUtil.load(KeyStoreUtil.java:69)
                at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:217)
                at org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:206)
                at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:283)
                at org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.java:98)
                at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247)
                at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97)
                ... 20 more
        Caused by: java.security.UnrecoverableKeyException: Password verification failed
                at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:790)
                ... 31 more

我更改了密码,我仍然有问题,所以我认为错误来自其他地方。有人能给我一个步骤来安装这个证书吗?

谢谢

ssl
tomcat
lets-encrypt
EN

回答 1

Stack Overflow用户

发布于 2022-02-15 16:19:46

密码的正确密钥是

代码语言:javascript
复制
certificateKeystorePassword

(Credits to Marquinio.)

票数 0
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/65209582

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档