配置Tomcat以使用cacerts以外的信任存储 [英] Configure Tomcat to use a trust store other than cacerts
问题描述
我在Windows上运行Tomcat 6,并且希望Tomcat使用除cacerts之外的其他信任存储来处理Java客户端Web请求。我尝试添加此设置:
I'm running Tomcat 6 on Windows and would like to have Tomcat use a different trust store other than cacerts for Java client web requests. I've tried adding this setting:
-Djavax.net.ssl.trustStore="C:\ca.keystore"
到密钥注册表:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Apache Software Foundation\Procrun 2.0\Tomcat6\Parameters\Java
但这似乎不起作用。它仍然使用JRE cacerts商店。我们的Java代码向HTTPS端点发出Web请求,我希望将证书保存在JRE之外的密钥存储区中,因为在卸载/更新java时它会被删除。
That doesn't seem to work though. It still uses the JRE cacerts store. Our Java code makes web requests to HTTPS endpoints and I would like to keep the certificates in a key store other than the JRE one because it gets removed when java is uninstalled/updated.
推荐答案
原来我错过了 trustStorePassword
。以下是解决方案:
Turns out I was missing trustStorePassword
. Here is the solution:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Apache Software Foundation\Procrun 2.0\Tomcat6\Parameters\Java
-Djavax.net.ssl.trustStore="C:\ca.keystore"
-Djavax.net.ssl.trustStorePassword="password"
更新:此设置之间的一些评论似乎有些混淆和 truststoreFile
来自 server.xml
。我创建了一个博客条目来解释问题(非常详细)以及此解决方案如何解决它以及为什么更改 server.xml
不会。
Update: There seems to be some confusion in some of the comments here between what this setting and truststoreFile
from server.xml
do. I created a blog entry to explain the problem (in great detail) and how this solution addresses it and why the changing server.xml
does not.
这篇关于配置Tomcat以使用cacerts以外的信任存储的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!