>我已经从以下命令生成了证书
Openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=nginxsvc/O=nginxsvc"
然后在客户端计算机导入中像这样
keytool -import -file C:Code_BaseCertificatesNGINX_150tls.crt -storepass changeit -keystore "C:Program FilesJavajdk1.8.0_152jrelibsecuritycacerts" -alias nginxsvc
并在独立中.xml添加了 Jboss 服务器的文件
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" enable-lookups="false" secure="true">
<ssl name="ssl" password="changeit" certificate-key-file="C:Code_BaseCertificatesNGINX_150tls.key"/>
</connector>
但是当服务器启动时,我得到
11:12:17,279 错误 [org.apache.tomcat.util] (MSC 服务线程 1-3) JBWEB003003:无法加载带有路径的密钥库类型 JKS C:\Code_Base\证书\NGINX_150\tls.key,因为密钥库无效 格式:java.io.IOException:密钥库格式无效 sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:658) [rt.jar:1.8.0_152] 在 sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56) [rt.jar:1.8.0_152] 在 sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) [rt.jar:1.8.0_152] 在 sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70) [rt.jar:1.8.0_152] at java.security.KeyStore.load(KeyStore.java:1445) [rt.jar:1.8.0_152] 在 org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:350) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:265) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:480) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:417) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:180) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:973) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:174) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.apache.catalina.connector.Connector.init(Connector.java:986) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:318) [jboss-as-web-7.5.0.Final-redhat-21.jar:7.5.0.Final-redhat-21] at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1980) [jboss-msc-1.1.5.Final-redhat-1.jar:1.1.5.Final-redhat-1] at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1913) [jboss-msc-1.1.5.Final-redhat-1.jar:1.1.5.Final-redhat-1] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [rt.jar:1.8.0_152] 在 java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [rt.jar:1.8.0_152] at java.lang.Thread.run(Thread.java:748) [RT.jar:1.8.0_152]
11:12:17,283 错误 [org.apache.coyote.http11.Http11Protocol] (MSC 服务线程 1-3) JBWEB003043:初始化终结点时出错: java.io.IOException:密钥库格式无效 sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:658) [rt.jar:1.8.0_152] 在 sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56) [rt.jar:1.8.0_152] 在 sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) [rt.jar:1.8.0_152] 在 sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70) [rt.jar:1.8.0_152] at java.security.KeyStore.load(KeyStore.java:1445) [rt.jar:1.8.0_152] 在 org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:350) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:265) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:480) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:417) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:180) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:973) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:174) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.apache.catalina.connector.Connector.init(Connector.java:986) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:318) [jboss-as-web-7.5.0.Final-redhat-21.jar:7.5.0.Final-redhat-21] atorg.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1980) [jboss-msc-1.1.5.Final-redhat-1.jar:1.1.5.Final-redhat-1] at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1913) [jboss-msc-1.1.5.Final-redhat-1.jar:1.1.5.Final-redhat-1] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [rt.jar:1.8.0_152] 在 java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [rt.jar:1.8.0_152] at java.lang.Thread.run(Thread.java:748) [RT.jar:1.8.0_152]
11:12:17,289 INFO [org.apache.coyote.http11.Http11Protocol] (MSC 服务线程 1-2) JBWEB003001:Coyote HTTP/1.1 初始化于 : http-/0.0.0.0:8080 11:12:17,297 信息 [org.apache.coyote.http11.Http11Protocol] (MSC 服务线程 1-2) JBWEB003000:Coyote HTTP/1.1 起始时间:http-/0.0.0.0:8080 11:12:17,311 错误 [org.jboss.msc.service.fail] (MSC 服务线程 1-3) MSC000001:无法启动服务 jboss.web.connector.https: org.jboss.msc.service.StartException in service jboss.web.connector.https: JBAS018007:启动 Web 连接器时出错 在 org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:393) 在 org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1980) [jboss-msc-1.1.5.Final-redhat-1.jar:1.1.5.Final-redhat-1] at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1913) [jboss-msc-1.1.5.Final-redhat-1.jar:1.1.5.Final-redhat-1] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [rt.jar:1.8.0_152] 在 java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [rt.jar:1.8.0_152] at java.lang.Thread.run(Thread.java:748) [RT.jar:1.8.0_152]导致:生命周期异常:JBWEB000023: 协议处理程序初始化失败 org.apache.catalina.connector.Connector.init(Connector.java:989) at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:318) ...5 更多
需要考虑的一种可能性是密钥库类型的不匹配。
您可以按如下方式检查现有密钥库的密钥库类型:
keytool -list -keystore <path/to/keystore>
这应该在输出中显示密钥库类型值,例如
密钥库类型:PKCS12
这可能与它所期望的缺省密钥库类型(在本例中为JKS)不同
如果是这样,请在 tomcat 服务器配置中使用适当的密钥库类型属性来匹配您的密钥库
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreType="PKCS12"
keystoreFile="path/to/keystore" keystorePass="changeit" />
使用存储类型参数运行keytool:
"%JAVA_HOME%binkeytool" -genkey -alias tomcat -keyalg RSA -storetype JKS