我是服务器端的新手,想知道如何在 Linux 环境中的 eclipse 的 tomcat 中配置 AJP 连接器以启用 SSL。
我想在不使用密钥库的情况下在 tomcat 中启用 SSL。我创建了 key.pem、cert.pem 和 cert.crt。但不知道下一步该怎么做。有人能帮忙吗?使用了以下命令:
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 999
openssl x509 -outform der -in cert.pem -out cert.crt
服务器.xml
<Connector
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
SSLCertificateFile="/root/keyTest/cert.pem"
SSLCertificateKeyFile="/root/keyTest/key.pem"
clientAuth="optional" SSLProtocol="TLSv1"/>
但出现错误
SEVERE: Failed to load keystore type JKS with path /root/.keystore due to /root/.keystore (No such file or directory)
java.io.FileNotFoundException: /root/.keystore (No such file or directory)
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.<init>(FileInputStream.java:146)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:413)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:319)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:577)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:517)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:462)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:209)
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:398)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:646)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434)
at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:978)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:821)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:638)
at org.apache.catalina.startup.Catalina.load(Catalina.java:663)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)
May 12, 2015 3:58:56 PM org.apache.coyote.AbstractProtocol init
SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-bio-8443"]
java.io.FileNotFoundException: /root/.keystore (No such file or directory)
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.<init>(FileInputStream.java:146)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:413)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:319)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:577)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:517)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:462)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:209)
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:398)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:646)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434)
at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:978)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:821)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:638)
at org.apache.catalina.startup.Catalina.load(Catalina.java:663)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)
May 12, 2015 3:58:56 PM org.apache.catalina.core.StandardService initInternal
SEVERE: Failed to initialize connector [Connector[HTTP/1.1-8443]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8443]]
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:821)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:638)
at org.apache.catalina.startup.Catalina.load(Catalina.java:663)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)
Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:980)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
... 12 more
Caused by: java.io.FileNotFoundException: /root/.keystore (No such file or directory)
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.<init>(FileInputStream.java:146)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:413)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:319)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:577)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:517)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:462)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:209)
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:398)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:646)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434)
at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:978)
... 13 more
答案1
能够实现相同的功能。
参考 :-http://eves4code.blogspot.in/2015/05/configure-ssl-in-tomcat-localhost-using.html?q=ssl
请参阅以下步骤。
- openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 999 openssl x509 -outform der -in cert.pem -out your-cert.crt
将以上3个文件复制到/opt/apache-tomcat-7.0.57/conf/
在 server.xml 中
- 如果您使用 APR 连接器,则不能使用密钥库。 https://stackoverflow.com/questions/6306314/tomcat-7-ssl-failed
您只需使用密钥库(或等效物),因为您需要证书才能在浏览器中使用 HTTPS。您可以使用 OpenSSL 生成的 PKCS#12 文件作为 PKCS12 类型的密钥库。或者,您可以使用 APR 连接器并直接使用 PEM 格式的密钥和证书。 https://stackoverflow.com/questions/30190681/enable-ssl-in-tmcat-without-using-keystore 从以下位置下载 Tomcat Native 源代码https://tomcat.apache.org/download-native.cgi 下载 APR Nativehttp://apr.apache.org/download.cgi 安装 Apr/Native:http://www.sheroz.com/installing-apache-tomcat-native-linux-ubuntu-1204
cd tomcat-native-1.1.27-src/jni/native ./configure --with-apr=/usr/local/apr --with-java-home=/home/foo/jdk1.7.0_25 --with-ssl=yes make sudo make install 参考:https://stackoverflow.com/questions/18776378/tomcat-apr-native-library-not-loaded-even-when-present-and-configured https://stackoverflow.com/questions/8716259/what-does-the-apr-based-apache-tomcat-native-library-was-not-found-mean
从 /usr/local/apr/lib/ 复制 tcnative-1.dll(或 Linux 的 libtcnative.so)并将其放在 tomcat 的 bin 文件夹中,并在 eclipse 中将系统属性添加到 tomcat 服务器的启动配置中。-Djava.library.path=c:\dev\tomcat\bin
查找 catalina home $ /opt/apache-tomcat-7.0.57/bin/catalina.sh 版本 使用 CATALINA_BASE: /usr/local/apache-tomcat-7.0.29 使用 CATALINA_HOME: /usr/local/apache-tomcat-7.0.29 使用 CATALINA_TMPDIR: /usr/local/apache-tomcat-7.0.29/temp 使用 JRE_HOME: /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home 使用 CLASSPATH: /usr/local/apache-tomcat-7.0.29/bin/bootstrap.jar:/usr/local/apache-tomcat-7.0.29/bin/tomcat-juli.jar 服务器版本: Apache Tomcat/7.0.29 服务器建立时间: 2012 年 7 月 3 日 11:31:52 服务器编号: 7.0.29.0 操作系统名称:Mac OS X 操作系统版本:10.7.4 架构:x86_64 JVM 版本:1.6.0_33-b03-424-11M3720 JVM 供应商:Apple Inc. 参考:https://stackoverflow.com/questions/11496280/how-do-i-find-the-value-of-catalina-home
创建/opt/apache-tomcat-7.0.64/bin/setenv.sh
JRE_HOME = / usr / java /最新CATALINA_PID =“$CATALINA_BASE/tomcat.pid导出LD_LIBRARY_PATH ='$LD_LIBRARY_PATH:在/ usr / local / apr / lib'
参考 :http://tomcat.apache.org/tomcat-7.0-doc/RUNNING.txt https://stackoverflow.com/questions/9480210/tomcat-7-setenv-sh-is-not-found
catalin_pid - PID 文件位于您告诉 catalina 脚本放置它的任何位置。CATALINA_PID 是一个输入变量,而不是输出。您提供路径/文件,tomcat 会将其 PID 编号以一行文本的形式写入该文件。请参阅:http://www.coderanch.com/t/503086/Tomcat/Expression-Tomcat-pid
JRE 主目录http://www.unix.com/shell-programming-and-scripting/43918-how-find-jre-installed-linux-machine.html
http://snipplr.com/view/50950/
tomcat配置中添加环境变量https://stackoverflow.com/questions/6926382/eclipse-tomcat-apr
- 转到本地主机:8080
粘贴到项目的 web.xml secureapp / 机密参考:http://java.dzone.com/articles/setting-ssl-tomcat-5-minutes 无需此步骤 /7. 下次从 Eclipse 中删除 tomcat 后,我们需要再次配置 tomcat-native。服务器 -> 单击 tomcat -> 概述 -> 单击“打开启动配置”-> 选项卡“环境 -> 新建...”
LD_LIBRARY_PATH - /usr/local/apr 环境变量
看 :https://stackoverflow.com/questions/6926382/eclipse-tomcat-apr
tomcat 进程必须能够找到共享库。在 Linux 上,您可以使用 LD_LIBRARY_PATH 环境变量来实现此目的。