记录在此,供参考:
(一般在windows上会出现这个情况)
在配置tomcat的https/SSL时,一般情况是这样:
1、 生成密钥:Java环境变量下输入
keytool -v -genkey -alias tomcat -keyalg RSA -keystored:/tomcat.keystore -validity 3600
根据提示输入密码,要记住改密码,后面tomcat配置要用到,第二个密码默认回车即可。
keytool –genkey自动使用默认的算法生成公钥和私钥
-alias [名称] 给证书取别名
-keyalg 指定密钥的算法,如需指定密钥的长度,可以再加上keysize参数。密钥长度默认为1024位,使用DSA算法时,密钥长度必须在512到1024之间,并且是64的整数倍
-keystore 指定密钥库的名称。密钥库其实是存放密钥和证书的文件,密钥库对应的文件如果不存在自动创建。
-validity证书的有效日期,默认是90天,这里是10年。
2、配置tomcat:
编辑server.xml,找到下面这两段,并将<connector>的注释去掉,添加红色字体部分,具体路径和密码根据实际情况:
<!-- Define a SSL HTTP/1.1 Connector onport 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<Connector port="8443"protocol=" HTTP/1.1" SSLEnabled="true"
maxThreads="150"scheme="https" secure="true"
clientAuth="false"
keystoreFile="D:\Program Files\Apache SoftwareFoundation\Tomcat 6.0\conf\tomcat.keystore"
keystorePass="tomcat123"
sslProtocol="TLS" />
3、 重启tomcat服务,然后就可以在浏览器中输入https://localhost:8443进行访问了。
但是如果之前配置过APR,光这样改还不行,重启后会提示:
2013-4-1911:47:38 org.apache.coyote.http11.Http11AprProtocol init
严重: Errorinitializing endpoint
java.lang.Exception: No Certificate file specified or invalid file format
atorg.apache.tomcat.jni.SSLContext.setCertificate(Native Method)
at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:761)
atorg.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:109)
atorg.apache.catalina.connector.Connector.initialize(Connector.java:1123)
at org.apache.catalina.core.StandardService.initialize(StandardService.java:703)
atorg.apache.catalina.core.StandardServer.initialize(StandardServer.java:838)
atorg.apache.catalina.startup.Catalina.load(Catalina.java:538)
atorg.apache.catalina.startup.Catalina.load(Catalina.java:562)
at sun.reflect.NativeMethodAccessorImpl.invoke0(NativeMethod)
atsun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
atsun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(UnknownSource)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261)
atorg.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
2013-4-1911:47:38 org.apache.catalina.core.StandardService initialize
严重: Failed toinitialize connector [Connector[HTTP/1.1-8443]]
LifecycleException:Protocol handler initialization failed: java.lang.Exception: NoCertificate file specified or invalid file format
atorg.apache.catalina.connector.Connector.initialize(Connector.java:1125)
at org.apache.catalina.core.StandardService.initialize(StandardService.java:703)
atorg.apache.catalina.core.StandardServer.initialize(StandardServer.java:838)
atorg.apache.catalina.startup.Catalina.load(Catalina.java:538)
at org.apache.catalina.startup.Catalina.load(Catalina.java:562)
atsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
那么还应该再修改一个地方,就是Connector的protocol属性值要从HTTP/1.1改成org.apache.coyote.http11.Http11Protocol,这样才可以:
改完后:
<Connectorport="8443" protocol="org.apache.coyote.http11.Http11Protocol"SSLEnabled="true"
maxThreads="150"scheme="https" secure="true"
clientAuth="false"
keystoreFile="D:\ProgramFiles\Apache Software Foundation\Tomcat 6.0\conf\tomcat.keystore"
keystorePass="tomcat123"
sslProtocol="TLS" />
这样再重启就不会有问题了:
2013-4-1913:25:11 org.apache.catalina.core.AprLifecycleListener init
信息: Loaded APR basedApache Tomcat Native library 1.1.24 using APR version 1.4.6.
2013-4-1913:25:11 org.apache.catalina.core.AprLifecycleListener init
信息: APR capabilities:IPv6 [true], sendfile [true], accept filters [false], random [true].
2013-4-1913:25:11 org.apache.catalina.core.AprLifecycleListener initializeSSL
信息: OpenSSLsuccessfully initialized with version OpenSSL 1.0.1c 10 May 2012
2013-4-1913:25:11 org.apache.coyote.http11.Http11AprProtocol init
信息: InitializingCoyote HTTP/1.1 on http-8080
2013-4-1913:25:12 org.apache.coyote.http11.Http11Protocol init
信息: InitializingCoyote HTTP/1.1 on http-8443
2013-4-1913:25:12 org.apache.coyote.ajp.AjpAprProtocol init
信息: InitializingCoyote AJP/1.3 on ajp-8009
2013-4-1913:25:12 org.apache.catalina.startup.Catalina load
信息: Initializationprocessed in 1934 ms
2013-4-1913:25:12 org.apache.catalina.core.StandardService start
信息: Starting serviceCatalina
2013-4-1913:25:12 org.apache.catalina.core.StandardEngine start
信息: Starting ServletEngine: Apache Tomcat/6.0.36
2013-4-1913:25:12 org.apache.catalina.startup.HostConfig deployDescriptor
信息: Deployingconfiguration descriptor manager.xml
2013-4-1913:25:12 org.apache.catalina.startup.HostConfig deployDirectory
信息: Deploying webapplication directory docs
2013-4-1913:25:12 org.apache.catalina.startup.HostConfig deployDirectory
信息: Deploying webapplication directory ROOT
2013-4-1913:25:12 org.apache.catalina.startup.HostConfig deployDirectory
信息: Deploying webapplication directory test
2013-4-1913:25:13 org.apache.coyote.http11.Http11AprProtocol start
信息: Starting CoyoteHTTP/1.1 on http-8080
2013-4-1913:25:13 org.apache.coyote.http11.Http11Protocol start
信息: Starting CoyoteHTTP/1.1 on http-8443
2013-4-1913:25:13 org.apache.coyote.ajp.AjpAprProtocol start
信息: Starting CoyoteAJP/1.3 on ajp-8009
2013-4-1913:25:13 org.sapache.catalina.startup.Catalina start
信息: Server startup in 1222 ms
PS:未配置APR时,启动tomcat显示:
信息: The APR based Apache Tomcat Native library which allows optimalperformance in production environments was notfound on the java.library.path:
配置后显示:
信息: Loaded APR based Apache Tomcat Native library 1.1.24 using APRversion 1.4.6.
2013-4-1913:25:11 org.apache.catalina.core.AprLifecycleListener init
信息: APR capabilities:IPv6 [true], sendfile [true], accept filters [false], random [true].
2013-4-1913:25:11 org.apache.catalina.core.AprLifecycleListener initializeSSL
信息: OpenSSL successfully initialized with version OpenSSL 1.0.1c 10May 2012
如何配置APR?
对于 Windows ,去官网下载 tomcat-native ,根据自己系统情况将其中 32 或 64 位的 tcnative-1.dll 解压到一个环境变量中存在的目录中,比如你放 tomcat 目录下,需要保证 tomcat 的路径在环境变量中,或者直接放到 java 目录下也行;对于 linux, 一般默认配置好了。