如何解决:java.io.IOException: jsse.alias_no_key_entry [英] How to resolve : java.io.IOException: jsse.alias_no_key_entry
问题描述
我有一个安装了 Tomcat 的 Debian 虚拟机.我想安装一个 SSL 证书,以便我的网站在 Https 中.
I have a Debian virtual machine with Tomcat installed. I would like to install an SSL certificate so that my website is in Https.
我的 VM 收到了以下证书文件:
I received the following certificate files with my VM:
my-domain.cer my-domain.chain.crt.pem my-domain.crt.pem
my-domain.csr my-domain.key my-domain.ch.p7c
我使用以下命令创建了一个密钥库:
I created a keystore with the following command :
keytool -import -trustcacerts -alias tomcat -keystore keystore.jks -file my-domain.cer
然后,我使用以下代码修改了文件 conf/server.xml
文件:
Then, I modified the file conf/server.xml
file with the following code:
<Connector acceptCount="100" bindOnInit="false" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false"
maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" useBodyEncodingForURI="true"
keyAlias="tomcat" keystoreFile="/usr/local/tomcat/ssl/keystore.jks" keystorePass="PASSWORD" keystoreType="JKS"
port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true"
sslEnabledProtocols="TLSv1.2,TLSv1.3" SSLEnabled="true" clientAuth="false"/>
不幸的是,我在启动 tomcat 时出现以下错误:
Unfortunately, I get the following error when starting tomcat :
org.apache.catalina.LifecycleException: Protocol handler initialization failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:983)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:535)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1055)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.startup.Catalina.load(Catalina.java:585)
at org.apache.catalina.startup.Catalina.load(Catalina.java:608)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:306)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:491)
Caused by: java.lang.IllegalArgumentException: jsse.alias_no_key_entry
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:224)
at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1103)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1116)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:557)
at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:980)
... 13 more
Caused by: java.io.IOException: jsse.alias_no_key_entry
at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:330)
at org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.java:104)
at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:239)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97)
... 20 more
我不明白它来自哪里.因为我的别名是好的...
I do not understand where it can come from. Because my alias is however the good one ...
预先感谢您的帮助
推荐答案
就我而言,此问题的原因是应用程序中存在的 SSL 密钥别名与创建证书时传递的别名不同.
In my case, the cause of this issue was that the SSL key alias present in the application was not same as the alias passed while creating the certificate.
>
keytool -genkeypair -keyalg RSA -alias dummyApp -keystore dummy-app.p12 -storepass 密码 -validity 3650 -keysize 2048 -dname "CN=dummy-app, OU=Enterprise, O=Test, L=未知,ST=未知,C=US" -storetype pkcs12
为了解决这个问题,我必须更正 server.ssl.key-alias
属性的值.按照上面的 SSL 生成示例,它的值应该是 dummyApp
.
To fix, this I had to correct the value of the server.ssl.key-alias
property. As per the above SSL generation example, its value should be dummyApp
.
这篇关于如何解决:java.io.IOException: jsse.alias_no_key_entry的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!