Tomcat6 配置为使用 SSL 不起作用
我正在尝试为我的网络应用程序设置 SSL 并遵循教程(http://techtracer.com/2007/09/12/setting-up-ssl-on-tomcat-in-3-easy-steps/),然后点击http://localhost:8443
返回“无法连接”
环境:
Tomcat6,windows 7
Tomcat6 已启动并运行,http://localhost:8080
显示 tomcat 页面。
以下是我到目前为止所采取的步骤:
1.生成密钥库文件
C:\Program Files\Java\jdk1.6.0_21\bin>keytool -genkey -alias masatosanssl -keypass masatosanadmin -keystore masatosanssl.bin -storepass
masatosanadmin
然后我回答了调查问卷。
masatosanssl.bin 已创建,我已将文件移动到我的 webapp 目录,该目录位于:
C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps\head_first\masatosanssl.bin
2。配置 Tomcat 以使用密钥库文件
修改 server.xml
位置:C:\Program Files\Apache Software Foundation\Tomcat 6.0\conf
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps\head_first\masatosanssl.bin"
keystorePass="masatosanadmin"
/>
然后我重新启动 tomcat 并 点击 https://localhost:8443 返回“无法显示页面”, 我尝试将 server.xml keystoreFile 路径更改为相对路径等,但似乎都不起作用。
我在这里缺少什么?
I am trying to setup SSL to my web app and followed tutorial (http://techtracer.com/2007/09/12/setting-up-ssl-on-tomcat-in-3-easy-steps/), then hitting http://localhost:8443
returns "unable to connect"
Environment:
Tomcat6, windows 7
Tomcat6 is up and running, http://localhost:8080
displays tomcat page.
Below is the step I took so far:
1. Generate keystore file
C:\Program Files\Java\jdk1.6.0_21\bin>keytool -genkey -alias masatosanssl -keypass masatosanadmin -keystore masatosanssl.bin -storepass
masatosanadmin
then I answered the questionnaire.
masatosanssl.bin is created and I've moved the file to my webapp dir which is at:
C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps\head_first\masatosanssl.bin
2. Configuring Tomcat for using the Keystore file
Modify server.xml
Location: C:\Program Files\Apache Software Foundation\Tomcat 6.0\conf
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps\head_first\masatosanssl.bin"
keystorePass="masatosanadmin"
/>
Then I restart tomcat and
hit https://localhost:8443 returns "cannot display page",
I've tried changing server.xml keystoreFile path to relative etc but none seems to work.
What am I missing here?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
除了检查日志之外,您不会遗漏任何内容。我遇到了同样的问题,几乎通过互联网到处检查。我试图在 tomcat 7.0 上运行 Web 服务并以与您相同的方式生成密钥库。
Apache 运行 ssl 的文档说的问题是,如果任何有关 SSL 密钥的 APR 实现的设置或 jar 文件位于 tomcat 目录中,则假定您使用的是 openssl 而不是 JSSE 实现,后者可以与 keytool 生成的密钥库一起使用。
为了定位问题的根源,我查看了 [tomcat dir]/conf 中的 server.xml 文件,看到了这一行:
然后我注释掉了这一行并重新启动服务器。现在它就像一个魅力!
除了查看日志之外,我还通过仔细阅读 apache 文档找到了错误根源。这始终是一个好的做法
You are not missing anything except checking the logs. I had the same issue and almost checked everywhere over internet. I was trying to run the web service over tomcat 7.0 and generated the keystore the same way you did.
The issue as Apache documentation for running over ssl says is that if any setting or jar file regarding APR implementation of SSL keys is in tomcat directory, it assumes you are using openssl and not JSSE implementation which can work with keystores generated by keytool.
To localize the source of the problem, I looked at server.xml file in [tomcat dir]/conf and I saw this line was there:
Then I commented out this line and restart the server. It works now like a charm!
I found the source of error by reading apache docs carefully in addition to looking into the logs. It is always a good practice
你检查过Tomcat的日志吗?启动连接器失败通常会生成日志消息,准确描述无法启动的原因。
“返回'无法显示页面'”是什么意思?服务器是否正在侦听该端口?什么是
curl -I http://localhost:8443/
或telnet localhost第8443章 8443
您真的确定要将密钥密码文件存储在可公开访问的目录下,例如
webapps/head_first
吗?通常,该文件应存储在只有运行 Tomcat 的用户才能读取的目录中。Did you check Tomcat's logs? Failures to start a Connector will typically generate log messages describing exactly why it could not be started.
What does "returns 'cannot display page'" mean? Is the server listening on the port or not? What does
curl -I http://localhost:8443/
ortelnet localhost 8443
show?And are you really sure you want to store your keypass file under a publically-accessible directory like
webapps/head_first
? Typically this file should be stored in a directory where only the user that Tomcat runs under can read it.尝试按照 Tomcat 文档中描述的方式进行操作,而不是某些 任意互联网垃圾。
Try doing it the way described in the Tomcat documentation, not some arbitrary Internet junk.