按照官方教程配置好server.xml后,无论怎么启动tomcat,死活都无法访问加密网页。在cmd下开启tomcat发现如下报错
27-Aug-2018 15:39:26.420 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log Server version: Apache Tomcat/9.0.11
27-Aug-2018 15:39:26.424 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log Server built: Aug 11 2018 19:47:23 UTC
27-Aug-2018 15:39:26.424 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log Server number: 9.0.11.0
27-Aug-2018 15:39:26.424 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name: Windows 10
27-Aug-2018 15:39:26.425 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version: 10.0
27-Aug-2018 15:39:26.425 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture: amd64
27-Aug-2018 15:39:26.425 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home: D:\jdk\jre
27-Aug-2018 15:39:26.425 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version: 1.8.0_171-b11
27-Aug-2018 15:39:26.426 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor: Oracle Corporation
27-Aug-2018 15:39:26.426 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE: D:\apachetomcat9_0_11
27-Aug-2018 15:39:26.426 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME: D:\apachetomcat9_0_11
27-Aug-2018 15:39:26.426 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=D:\apachetomcat9_0_11\conf\logging.properties
27-Aug-2018 15:39:26.426 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
27-Aug-2018 15:39:26.427 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djdk.tls.ephemeralDHKeySize=2048
27-Aug-2018 15:39:26.427 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources
27-Aug-2018 15:39:26.427 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dignore.endorsed.dirs=
27-Aug-2018 15:39:26.427 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=D:\apachetomcat9_0_11
27-Aug-2018 15:39:26.427 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=D:\apachetomcat9_0_11
27-Aug-2018 15:39:26.428 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=D:\apachetomcat9_0_11\temp
27-Aug-2018 15:39:26.428 信息 [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR based Apache Tomcat Native library [1.2.17] using APR version [1.6.3].
27-Aug-2018 15:39:26.428 信息 [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
27-Aug-2018 15:39:26.428 信息 [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
27-Aug-2018 15:39:27.074 信息 [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 1.0.2o 27 Mar 2018]
27-Aug-2018 15:39:27.177 信息 [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-80"]
27-Aug-2018 15:39:27.341 信息 [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read
27-Aug-2018 15:39:27.346 信息 [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["https-openssl-nio2-443"]
27-Aug-2018 15:39:27.591 严重 [main] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector[org.apache.coyote.http11.Http11Nio2Protocol-443]]
org.apache.catalina.LifecycleException: Protocol handler initialization failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:935)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:533)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:852)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.startup.Catalina.load(Catalina.java:633)
at org.apache.catalina.startup.Catalina.load(Catalina.java:656)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:306)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:491)
Caused by: java.lang.IllegalArgumentException: Cannot recover key
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:85)
at org.apache.tomcat.util.net.Nio2Endpoint.bind(Nio2Endpoint.java:158)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1044)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:540)
at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:932)
... 13 more
Caused by: java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(KeyProtector.java:328)
at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:146)
at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:56)
at sun.security.provider.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:96)
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineGetKey(JavaKeyStore.java:70)
at java.security.KeyStore.getKey(KeyStore.java:1023)
at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:246)
at org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.java:79)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:112)
... 19 more
27-Aug-2018 15:39:27.594 信息 [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["ajp-nio-8009"]
27-Aug-2018 15:39:27.601 信息 [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read
27-Aug-2018 15:39:27.602 信息 [main] org.apache.catalina.startup.Catalina.load Initialization processed in 1461 ms
27-Aug-2018 15:39:27.627 信息 [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina]
在debug的时候,我们看到官网写着这么几句话:
也就是说,如果我们配置的keystore密码与key密码不相同的话,不但要设置keystore,还得设置key密码。
于是添加如下:certificateKeyPassword="**************" 到配置当中
<Connector port="443" protocol="org.apache.coyote.http11.Http11Nio2Protocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="D:/apachetomcat9_0_11/conf/test.keystore" certificateKeystorePassword="123456"
certificateKeyPassword="thepasswdofcertificate"/>
</SSLHostConfig>
</Connector>