在 ubuntu 16.04 上使用 openssl 生成证书和密钥 pem 文件后,我在 server.xml 文件中配置了 tomcat 连接器,如下所示,但是,当我启动 tomcat 时出现错误。
当我在浏览器中点击此 URL 时:https://本地主机:8443/它给出了以下错误:
This site can’t provide a secure connection localhost sent an invalid response.
生成证书和密钥pem文件的命令如下:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
Tomcat连接器如下:
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" SSLEngine="on" SSLCertificateFile="conf/cert.pem" SSLCertificateKeyFile="conf/key.pem" />
其他内容:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
Generating a 4096 bit RSA private key ..........................................................................
writing new private key to 'key.pem'
Country Name (2 letter code) [AU]:IN State or Province Name (full
name) [Some-State]:MH Locality Name (eg, city) []:Pune Organization
Name (eg, company) [Internet Widgits Pty Ltd]:softdel Organizational
Unit Name (eg, section) []:iot Common Name (e.g. server FQDN or YOUR
name) []:localhost Email Address []:[email protected]
日志:
23-Jun-2018 13:29:35.460 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"]
23-Jun-2018 13:29:35.483 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8443"]
23-Jun-2018 13:29:35.488 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["ajp-nio-8009"]
23-Jun-2018 13:29:35.490 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 5150 ms
23-Jun-2018 13:29:35.656 INFO [http-nio-8443-exec-1] org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header
Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Invalid character found in method name. HTTP method names must be tokens
at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:410)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:291)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:754)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1376)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
23-Jun-2018 13:29:35.659 INFO [http-nio-8443-exec-2] org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header
Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Invalid character found in method name. HTTP method names must be tokens
at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:410)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:291)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:754)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1376)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
23-Jun-2018 13:29:35.720 INFO [http-nio-8443-exec-3] org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header
Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Invalid character found in method name. HTTP method names must be tokens
at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:410)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:291)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:754)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1376)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
2018-06-23 13:29:42 [http-nio-8443-exec-17] INFO org.apache.jsp.index_jsp - - Entered page login
答案1
你需要,但你却没有放SSLEnabled="true"
- 看连接器文档 SSL 部分的第一段。Tomcat 实际上是以 HTTP-not-S 模式进行监听,因此当浏览器发送 SSL/TLS ClientHello 时,Tomcat 认为这是一个无效的 HTTP 请求,并发回一个 HTTP 错误响应,浏览器认为这是一个无效的 SSL/TLS 响应。
我不知道 Ubuntu 软件包是否包含 APR(使用 OpenSSL 堆栈),又名“tomcat-native”。对于 Tomcat 8,PEM 格式的证书和密钥文件仅在使用 APR 时才有效;对于 Java SSL/TLS 堆栈(JSSE),您需要使用 Java 格式的密钥库。对于 Tomcat 8.5 或 9,它将根据需要采用其中任一种并在内部进行转换。文档中也对此进行了描述。
请注意,对于浏览器来说相信您的自签名证书,您需要将其添加到该浏览器的信任库中;如何执行此操作取决于浏览器,有时还取决于平台,而我在 Ubuntu 上不使用任何浏览器,因此我可能无法帮助完成这部分。