配置 AJP Connector 以在 Eclipse Tomcat 中启用 SSL

tag-icon tag-icon ssl tomcat openssl eclipse
配置 AJP Connector 以在 Eclipse Tomcat 中启用 SSL

我是服务器端的新手,想知道如何在 Linux 环境中的 eclipse 的 tomcat 中配置 AJP 连接器以启用 SSL。

我想在不使用密钥库的情况下在 tomcat 中启用 SSL。我创建了 key.pem、cert.pem 和 cert.crt。但不知道下一步该怎么做。有人能帮忙吗?使用了以下命令:

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 999

openssl x509 -outform der -in cert.pem -out cert.crt

服务器.xml

<Connector 
          port="8443" maxThreads="200"
          scheme="https" secure="true" SSLEnabled="true"
          SSLCertificateFile="/root/keyTest/cert.pem" 
          SSLCertificateKeyFile="/root/keyTest/key.pem"
          clientAuth="optional" SSLProtocol="TLSv1"/>

但出现错误

SEVERE: Failed to load keystore type JKS with path /root/.keystore due to /root/.keystore (No such file or directory)
    java.io.FileNotFoundException: /root/.keystore (No such file or directory)
        at java.io.FileInputStream.open(Native Method)
        at java.io.FileInputStream.<init>(FileInputStream.java:146)
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:413)
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:319)
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:577)
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:517)
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:462)
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:209)
        at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:398)
        at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:646)
        at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434)
        at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
        at org.apache.catalina.connector.Connector.initInternal(Connector.java:978)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
        at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
        at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:821)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:638)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:663)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)

    May 12, 2015 3:58:56 PM org.apache.coyote.AbstractProtocol init
    SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-bio-8443"]
    java.io.FileNotFoundException: /root/.keystore (No such file or directory)
        at java.io.FileInputStream.open(Native Method)
        at java.io.FileInputStream.<init>(FileInputStream.java:146)
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:413)
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:319)
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:577)
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:517)
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:462)
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:209)
        at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:398)
        at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:646)
        at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434)
        at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
        at org.apache.catalina.connector.Connector.initInternal(Connector.java:978)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
        at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
        at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:821)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:638)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:663)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)

    May 12, 2015 3:58:56 PM org.apache.catalina.core.StandardService initInternal
    SEVERE: Failed to initialize connector [Connector[HTTP/1.1-8443]]
    org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8443]]
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
        at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
        at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:821)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:638)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:663)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)
    Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed
        at org.apache.catalina.connector.Connector.initInternal(Connector.java:980)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
        ... 12 more
    Caused by: java.io.FileNotFoundException: /root/.keystore (No such file or directory)
        at java.io.FileInputStream.open(Native Method)
        at java.io.FileInputStream.<init>(FileInputStream.java:146)
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:413)
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:319)
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:577)
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:517)
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:462)
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:209)
        at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:398)
        at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:646)
        at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434)
        at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
        at org.apache.catalina.connector.Connector.initInternal(Connector.java:978)
        ... 13 more

答案1

能够实现相同的功能。

参考 :-http://eves4code.blogspot.in/2015/05/configure-ssl-in-tomcat-localhost-using.html?q=ssl

请参阅以下步骤。

  1. openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 999 openssl x509 -outform der -in cert.pem -out your-cert.crt

将以上3个文件复制到/opt/apache-tomcat-7.0.57/conf/

在 server.xml 中

  1. 如果您使用 APR 连接器,则不能使用密钥库。 https://stackoverflow.com/questions/6306314/tomcat-7-ssl-failed

您只需使用密钥库(或等效物),因为您需要证书才能在浏览器中使用 HTTPS。您可以使用 OpenSSL 生成的 PKCS#12 文件作为 PKCS12 类型的密钥库。或者,您可以使用 APR 连接器并直接使用 PEM 格式的密钥和证书。 https://stackoverflow.com/questions/30190681/enable-ssl-in-tmcat-without-using-keystore 从以下位置下载 Tomcat Native 源代码https://tomcat.apache.org/download-native.cgi 下载 APR Nativehttp://apr.apache.org/download.cgi 安装 Apr/Native:http://www.sheroz.com/installing-apache-tomcat-native-linux-ubuntu-1204

cd tomcat-native-1.1.27-src/jni/native ./configure --with-apr=/usr/local/apr --with-java-home=/home/foo/jdk1.7.0_25 --with-ssl=yes make sudo make install 参考:https://stackoverflow.com/questions/18776378/tomcat-apr-native-library-not-loaded-even-when-present-and-configured https://stackoverflow.com/questions/8716259/what-does-the-apr-based-apache-tomcat-native-library-was-not-found-mean

从 /usr/local/apr/lib/ 复制 tcnative-1.dll(或 Linux 的 libtcnative.so)并将其放在 tomcat 的 bin 文件夹中,并在 eclipse 中将系统属性添加到 tomcat 服务器的启动配置中。-Djava.library.path=c:\dev\tomcat\bin

查找 catalina home $ /opt/apache-tomcat-7.0.57/bin/catalina.sh 版本 使用 CATALINA_BASE: /usr/local/apache-tomcat-7.0.29 使用 CATALINA_HOME: /usr/local/apache-tomcat-7.0.29 使用 CATALINA_TMPDIR: /usr/local/apache-tomcat-7.0.29/temp 使用 JRE_HOME: /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home 使用 CLASSPATH: /usr/local/apache-tomcat-7.0.29/bin/bootstrap.jar:/usr/local/apache-tomcat-7.0.29/bin/tomcat-juli.jar 服务器版本: Apache Tomcat/7.0.29 服务器建立时间: 2012 年 7 月 3 日 11:31:52 服务器编号: 7.0.29.0 操作系统名称:Mac OS X 操作系统版本:10.7.4 架构:x86_64 JVM 版本:1.6.0_33-b03-424-11M3720 JVM 供应商:Apple Inc. 参考:https://stackoverflow.com/questions/11496280/how-do-i-find-the-value-of-catalina-home

创建/opt/apache-tomcat-7.0.64/bin/setenv.sh

JRE_HOME = / usr / java /最新CATALINA_PID =“$CATALINA_BASE/tomcat.pid导出LD_LIBRARY_PATH ='$LD_LIBRARY_PATH:在/ usr / local / apr / lib'

参考 :http://tomcat.apache.org/tomcat-7.0-doc/RUNNING.txt https://stackoverflow.com/questions/9480210/tomcat-7-setenv-sh-is-not-found

catalin_pid - PID 文件位于您告诉 catalina 脚本放置它的任何位置。CATALINA_PID 是一个输入变量,而不是输出。您提供路径/文件,tomcat 会将其 PID 编号以一行文本的形式写入该文件。请参阅:http://www.coderanch.com/t/503086/Tomcat/Expression-Tomcat-pid

JRE 主目录http://www.unix.com/shell-programming-and-scripting/43918-how-find-jre-installed-linux-machine.html

http://snipplr.com/view/50950/

tomcat配置中添加环境变量https://stackoverflow.com/questions/6926382/eclipse-tomcat-apr

  1. 转到本地主机:8080

  2. https://本地主机:8443

  3. 粘贴到项目的 web.xml secureapp / 机密参考:http://java.dzone.com/articles/setting-ssl-tomcat-5-minutes 无需此步骤 /7. 下次从 Eclipse 中删除 tomcat 后,我​​们需要再次配置 tomcat-native。服务器 -> 单击 tomcat -> 概述 -> 单击“打开启动配置”-> 选项卡“环境 -> 新建...”

LD_LIBRARY_PATH - /usr/local/apr 环境变量

看 :https://stackoverflow.com/questions/6926382/eclipse-tomcat-apr

tomcat 进程必须能够找到共享库。在 Linux 上,您可以使用 LD_LIBRARY_PATH 环境变量来实现此目的。

相关内容