如何解决:java.io.IOException: jsse.alias_no_key_entry [英] How to resolve : java.io.IOException: jsse.alias_no_key_entry

问题描述

我有一个安装了 Tomcat 的 Debian 虚拟机.我想安装一个 SSL 证书，以便我的网站在 Https 中.

I have a Debian virtual machine with Tomcat installed. I would like to install an SSL certificate so that my website is in Https.

我的 VM 收到了以下证书文件:

I received the following certificate files with my VM:

my-domain.cer  my-domain.chain.crt.pem  my-domain.crt.pem
my-domain.csr  my-domain.key  my-domain.ch.p7c

我使用以下命令创建了一个密钥库:

I created a keystore with the following command :

keytool -import -trustcacerts -alias tomcat -keystore keystore.jks -file my-domain.cer

然后，我使用以下代码修改了文件 conf/server.xml 文件:

Then, I modified the file conf/server.xml file with the following code:

<Connector acceptCount="100" bindOnInit="false" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false"
        maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" useBodyEncodingForURI="true"
        keyAlias="tomcat" keystoreFile="/usr/local/tomcat/ssl/keystore.jks" keystorePass="PASSWORD" keystoreType="JKS"
        port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true"
        sslEnabledProtocols="TLSv1.2,TLSv1.3" SSLEnabled="true" clientAuth="false"/>

不幸的是，我在启动 tomcat 时出现以下错误:

Unfortunately, I get the following error when starting tomcat :

 org.apache.catalina.LifecycleException: Protocol handler initialization failed
        at org.apache.catalina.connector.Connector.initInternal(Connector.java:983)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
        at org.apache.catalina.core.StandardService.initInternal(StandardService.java:535)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
        at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1055)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:585)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:608)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:306)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:491)
Caused by: java.lang.IllegalArgumentException: jsse.alias_no_key_entry
        at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99)
        at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
        at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:224)
        at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1103)
        at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1116)
        at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:557)
        at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74)
        at org.apache.catalina.connector.Connector.initInternal(Connector.java:980)
        ... 13 more
Caused by: java.io.IOException: jsse.alias_no_key_entry
        at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:330)
        at org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.java:104)
        at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:239)
        at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97)
        ... 20 more

我不明白它来自哪里.因为我的别名是好的...

I do not understand where it can come from. Because my alias is however the good one ...

预先感谢您的帮助

推荐答案

就我而言，此问题的原因是应用程序中存在的 SSL 密钥别名与创建证书时传递的别名不同.

In my case, the cause of this issue was that the SSL key alias present in the application was not same as the alias passed while creating the certificate.

>

keytool -genkeypair -keyalg RSA -alias dummyApp -keystore dummy-app.p12 -storepass 密码 -validity 3650 -keysize 2048 -dname "CN=dummy-app, OU=Enterprise, O=Test, L=未知，ST=未知，C=US" -storetype pkcs12

为了解决这个问题，我必须更正 server.ssl.key-alias 属性的值.按照上面的 SSL 生成示例，它的值应该是 dummyApp.

To fix, this I had to correct the value of the server.ssl.key-alias property. As per the above SSL generation example, its value should be dummyApp.

这篇关于如何解决:java.io.IOException: jsse.alias_no_key_entry的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！