错误:在 Tomcat 中实施 SSL 期间,别名 [null] 未标识关键条目 [英] Error: Alias name [null] does not identify a key entry during implementing SSL in Tomcat
问题描述
我第一次尝试在 tomcat 8 中实现 SSL.
I am trying to implement SSL in tomcat 8 first time.
我有第三方签署的 .pem 文件形式的 X.509 证书.
I have third party signed X.509 certificate in the form of .pem file.
但是当我尝试启动tomcat时配置后,它给了我以下错误:
However after configuration when I try to start tomcat, it is giving me following error:
2017 年 11 月 22 日 18:48:01.735 信息 [主要]org.apache.coyote.AbstractProtocol.init 初始化 ProtocolHandler[https-jsse-nio-8443"] 2017 年 11 月 22 日 18:48:01.897 严重 [主要]org.apache.coyote.AbstractProtocol.init 初始化端点失败与 ProtocolHandler ["https-jsse-nio-8443"] 相关联java.lang.IllegalArgumentException: java.io.IOException: 别名[null] 不标识关键条目在...
22-Nov-2017 18:48:01.735 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["https-jsse-nio-8443"] 22-Nov-2017 18:48:01.897 SEVERE [main] org.apache.coyote.AbstractProtocol.init Failed to initialize end point associated with ProtocolHandler ["https-jsse-nio-8443"] java.lang.IllegalArgumentException: java.io.IOException: Alias name [null] does not identify a key entry at ...
以下是我遵循的步骤:
- 将certificate.pem 重命名为certificate.p7b.
- 应用以下命令将证书导入密钥库:
D:\keytest2>keytool -import -alias tomcat -trustcacerts -file certificate.p7b -keystore keystore.kdb
输入密钥库密码:test
重新输入新密码:测试
Enter keystore password: test
Re-enter new password: test
...
...
证书已添加到密钥库
...
...
Certificate was added to keystore
- 检查导入的证书:
D:\keytest2>keytool -list -v -keystore keystore.kd
这给了我以下输出:
密钥库类型:JKS密钥库提供者:SUN
Keystore type: JKS Keystore provider: SUN
您的密钥库包含 1 个条目
Your keystore contains 1 entry
别名:tomcat创建日期:2017 年 11 月 22 日条目类型:trustedCertEntry......
Alias name: tomcat Creation date: Nov 22, 2017 Entry type: trustedCertEntry ... ...
Tomcat 配置:
<Connector port="8443" protocol="HTTP/1.1"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
keystoreFile="file:///D:/keytest2/keystore.kdb" keystorePass="test"
clientAuth="false" sslProtocol="TLS">
请指导我哪里做错了.
推荐答案
问题是由于在 tomcat 配置中缺少参数keyAlias".
The issue was due to missing parameter "keyAlias" in tomcat configuration.
但是放置别名并没有解决我的问题.它开始用别名而不是空值抛出相同的错误:)
However putting alias didnot solve my problem. It started throwing same error with the alias name instead of null :).
根据@dev_thompson_085 的评论,我知道我丢失了此过程的密钥文件.因此,我按照以下网址尝试使用自签名 X.509 证书:https://www.ibm.com/support/knowledgecenter/en/SSWHYP_4.0.0/com.ibm.apimgmt.cmc.doc/task_apionprem_gernerate_self_signed_openSSL.html
As per the comment of @dev_thompson_085, I came to know that I was missing the key file for this process. So I tried same with self-signed X.509 certificate as per the url: https://www.ibm.com/support/knowledgecenter/en/SSWHYP_4.0.0/com.ibm.apimgmt.cmc.doc/task_apionprem_gernerate_self_signed_openSSL.html
它对这两个文件都非常有效.
And it worked very well with both files.
这篇关于错误:在 Tomcat 中实施 SSL 期间,别名 [null] 未标识关键条目的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!