`
gwh_08
  • 浏览: 331811 次
  • 性别: Icon_minigender_1
  • 来自: 北京
社区版块
存档分类
最新评论

SSL:No Certificate file specified or invalid file format

    博客分类:
  • ssl
 
阅读更多

tomcat6.0.35配置SSL

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" 
               keystoreFile="C:/server2.jks"
               keystorePass="123456" 
			   truststoreFile="C:/server2.jks" truststorePass="123456"
   />

 没问题。

同样把:

truststoreFile="C:/server2.jks" truststorePass="123456"

 去掉,配置:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" 
               keystoreFile="C:/server2.jks"
               keystorePass="123456" 
   />

 也没问题。

见:http://gwh-08.iteye.com/blog/1517593

但是配置,采用如下命令生成的密钥

keytool -genkey -validity 36000 -alias www.guwh.org -keyalg RSA -keystore d:\gu.keystore -storepass 123456 -dname "CN=wh, OU=wh, O=wh, L=wh, ST=BJ, C=CN"

 

keytool -genkey -validity 36000 -alias www.zlex.org -keyalg RSA -keystore d:\zlex.keystore -storepass 123456 -dname "CN=zlex, OU=zlex, O=zlex, L=zlex, ST=BJ, C=CN"

keytool -export -keystore d:\zlex.keystore -alias www.zlex.org -file d:\zlex.cer -rfc

 

keytool -import -alias www.zlex.org -file d:/zlex.cer -keystore d:/gu.keystore

 配置:server.xml

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
			   keystoreFile="D:/mygu.keystore"  
        keystorePass="123456" 
			   />

 

就会报:

2013-1-30 10:09:32 org.apache.coyote.http11.Http11AprProtocol init
严重: Error initializing endpoint
java.lang.Exception: No Certificate file specified or invalid file format
	at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method)
	at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:733)
	at org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:107)
	at org.apache.catalina.connector.Connector.initialize(Connector.java:1049)
	at org.apache.catalina.core.StandardService.initialize(StandardService.java:703)
	at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:838)
	at org.apache.catalina.startup.Catalina.load(Catalina.java:538)
	at org.apache.catalina.startup.Catalina.load(Catalina.java:562)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261)
	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
2013-1-30 10:09:32 org.apache.catalina.core.StandardService initialize
严重: Failed to initialize connector [Connector[HTTP/1.1-443]]
LifecycleException:  Protocol handler initialization failed: java.lang.Exception: No Certificate file specified or invalid file format
	at org.apache.catalina.connector.Connector.initialize(Connector.java:1051)
	at org.apache.catalina.core.StandardService.initialize(StandardService.java:703)
	at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:838)
	at org.apache.catalina.startup.Catalina.load(Catalina.java:538)
	at org.apache.catalina.startup.Catalina.load(Catalina.java:562)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261)
	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)

 错误。

解决办法是采用下面的配置:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
			   keystoreFile="D:/gu.keystore"  
        keystorePass="123456" 
			   />

 网上说这其实是:

就是将protocol="HTTP/1.1"替换为protocol="org.apache.coyote.http11.Http11Protocol",问题得以解决;

APR给Tomcat的性能提升起到很大作用,建议配置APR方式。

题外话:

如果辨别Tomcat是否采用APR:

启动Tomcat时,如果采用APR,日志中会有如下信息:

信息: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].

 如果没有采用APR,启动时则显示类似的信息:

信息: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: ....后面省略

 

 

 

 

 

分享到:
| java keytool命令总结
评论
1 楼 ebony_fan 2016-07-06  
遇到跟楼主一样的问题,根据你的解决办法已经解决了,感谢分享~
发表评论

您还没有登录,请您登录后再发表评论

相关推荐

Magicbox
Global site tag (gtag.js) - Google Analytics