配置Tomcat以使用cacerts以外的信任存储 [英] Configure Tomcat to use a trust store other than cacerts

问题描述

我在Windows上运行Tomcat 6，并且希望Tomcat使用除cacerts之外的其他信任存储来处理Java客户端Web请求。我尝试添加此设置：

I'm running Tomcat 6 on Windows and would like to have Tomcat use a different trust store other than cacerts for Java client web requests. I've tried adding this setting:

-Djavax.net.ssl.trustStore="C:\ca.keystore"

到密钥注册表：

 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Apache Software Foundation\Procrun 2.0\Tomcat6\Parameters\Java

但这似乎不起作用。它仍然使用JRE cacerts商店。我们的Java代码向HTTPS端点发出Web请求，我希望将证书保存在JRE之外的密钥存储区中，因为在卸载/更新java时它会被删除。

That doesn't seem to work though. It still uses the JRE cacerts store. Our Java code makes web requests to HTTPS endpoints and I would like to keep the certificates in a key store other than the JRE one because it gets removed when java is uninstalled/updated.

推荐答案

原来我错过了 trustStorePassword 。以下是解决方案：

Turns out I was missing trustStorePassword. Here is the solution:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Apache Software Foundation\Procrun 2.0\Tomcat6\Parameters\Java 

-Djavax.net.ssl.trustStore="C:\ca.keystore" 
-Djavax.net.ssl.trustStorePassword="password"

更新：此设置之间的一些评论似乎有些混淆和 truststoreFile 来自 server.xml 。我创建了一个博客条目来解释问题（非常详细）以及此解决方案如何解决它以及为什么更改 server.xml 不会。

Update: There seems to be some confusion in some of the comments here between what this setting and truststoreFile from server.xml do. I created a blog entry to explain the problem (in great detail) and how this solution addresses it and why the changing server.xml does not.

这篇关于配置Tomcat以使用cacerts以外的信任存储的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！