以前一直在用Tomcat 6.0.29版本,今下载了apache-tomcat-7.0.33-windows-x86.zip试试,结果在配置SSL时遇到一些问题。
Tomcat 6版本配置SSL过程有两步:
1、用JDK自带的keytool.exe来生成私有密钥和自签发的证书,如下:

  1. keytool -genkey -keyalg RSA -alias tomcat
keytool -genkey -keyalg RSA -alias tomcat

按提示输入相关内容后,这条命令将在默认密钥库文件里新增一个别名为tomcat的私有密钥项及其自签发的证书。默认密钥库文件为:

  1. %USERPROFILE%\.keystore
%USERPROFILE%\.keystore

2、修改Tomcat的conf\server.xml文件,即增加下面一段:

  1. <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"            maxThreads="150" scheme="https" secure="true"            clientAuth="false" sslProtocol="TLS"            keystoreFile="${user.home}/.keystore"            keystorePass="changeit" />
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"            maxThreads="150" scheme="https" secure="true"            clientAuth="false" sslProtocol="TLS"            keystoreFile="${user.home}/.keystore"            keystorePass="changeit" />

这里的${user.home}就是上面的%USERPROFILE%,只是一个是Java语法,另一个是Windows语法。
设置好就能正常启动Tomcat了。
可是按同样的方法来配置Tomcat 7却启动不起来,报如下错误:

  1. 严重: Failed to initialize end point associated with ProtocolHandler ["http-apr-8443"]  java.lang.Exception: Connector attribute SSLCertificateFile must be defined when using SSL with APR          at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:494)          at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:610)          at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:429)          at org.apache.catalina.connector.Connector.initInternal(Connector.java:981)          at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)          at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)          at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)          at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814)          at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)          at org.apache.catalina.startup.Catalina.load(Catalina.java:633)          at org.apache.catalina.startup.Catalina.load(Catalina.java:658)          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)          at java.lang.reflect.Method.invoke(Method.java:597)          at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)          at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:450)  -12-212:01:16 org.apache.catalina.core.StandardService initInternal  严重: Failed to initialize connector [Connector[HTTP/1.1-8443]]  org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8443]]          at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)          at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)          at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)          at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814)          at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)          at org.apache.catalina.startup.Catalina.load(Catalina.java:633)          at org.apache.catalina.startup.Catalina.load(Catalina.java:658)          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)          at java.lang.reflect.Method.invoke(Method.java:597)          at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)          at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:450)  Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed          at org.apache.catalina.connector.Connector.initInternal(Connector.java:983)          at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)          ... 12 more  Caused by: java.lang.Exception: Connector attribute SSLCertificateFile must be defined when using SSL with APR          at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:494)          at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:610)          at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:429)          at org.apache.catalina.connector.Connector.initInternal(Connector.java:981)          ... 13 more
严重: Failed to initialize end point associated with ProtocolHandler ["http-apr-8443"]  java.lang.Exception: Connector attribute SSLCertificateFile must be defined when using SSL with APR          at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:494)          at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:610)          at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:429)          at org.apache.catalina.connector.Connector.initInternal(Connector.java:981)          at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)          at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)          at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)          at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814)          at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)          at org.apache.catalina.startup.Catalina.load(Catalina.java:633)          at org.apache.catalina.startup.Catalina.load(Catalina.java:658)          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)          at java.lang.reflect.Method.invoke(Method.java:597)          at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)          at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:450)  -12-2 12:01:16 org.apache.catalina.core.StandardService initInternal  严重: Failed to initialize connector [Connector[HTTP/1.1-8443]]  org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8443]]          at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)          at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)          at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)          at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814)          at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)          at org.apache.catalina.startup.Catalina.load(Catalina.java:633)          at org.apache.catalina.startup.Catalina.load(Catalina.java:658)          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)          at java.lang.reflect.Method.invoke(Method.java:597)          at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)          at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:450)  Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed          at org.apache.catalina.connector.Connector.initInternal(Connector.java:983)          at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)          ... 12 more  Caused by: java.lang.Exception: Connector attribute SSLCertificateFile must be defined when using SSL with APR          at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:494)          at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:610)          at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:429)          at org.apache.catalina.connector.Connector.initInternal(Connector.java:981)          ... 13 more

仔细看上面的异常信息发现这是APR报的错误。Tomcat 6也有APR包但我从来都没用过。为此查看了Tomcat的ssl-how,在“Edit the Tomcat Configuration File”一节中说到:
Tomcat提供了两个SSL实现,一个是JSSE实现,另一个是APR实现。
Tomcat将自动选择使用哪个实现,即如果安装了APR则自动选择APR,否则选择JSSE。
如果不希望让Tomcat自动选择,而是我们自己指定一个实现则可通过protocol定义,如下:

  1. <Connector protocol="..." />
<Connector protocol="..." />

我又查看了6.0的相同说明,里面与7.0的说明一模一样。因此问题只可能是:是否安装了APR包。
以前只听说过APR但没弄过。APR是什么文件?后来才发现APR文件名为tcnative-1.dll。进一步检查6.0和7.0的安装目录,结果发现6.0里没这个dll文件,而7.0里有。换句话说,6.0默认使用JSSE实现,而7.0默认使用APR实现。
弄明白缘由就好办了。由于习惯使用6.0的配置方式(即JSEE实现),因此只要把上面conf\server.xml里的protocol修改一下就行了:

  1. <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"            maxThreads="150" scheme="https" secure="true"            clientAuth="false" sslProtocol="TLS"            keystoreFile="${user.home}/.keystore"            keystorePass="changeit" />
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"            maxThreads="150" scheme="https" secure="true"            clientAuth="false" sslProtocol="TLS"            keystoreFile="${user.home}/.keystore"            keystorePass="changeit" />

重新启动,一切正常。
应用程序HTTP自动跳转到HTTPS,解决如下,打开项目的web.xml,添加如下配置

  1. <security-constraint>
  2. <web-resource-collection >
  3. <web-resource-name >eqm</web-resource-name>
  4. <url-pattern>/*</url-pattern>
  5. </web-resource-collection>
  6. <user-data-constraint>
  7. <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  8. </user-data-constraint>
  9. </security-constraint>
<security-constraint>

       <web-resource-collection >

              <web-resource-name >eqm</web-resource-name>

              <url-pattern>/*</url-pattern>

       </web-resource-collection>

       <user-data-constraint>

              <transport-guarantee>CONFIDENTIAL</transport-guarantee>

       </user-data-constraint>

</security-constraint>

Tomcat 7.0配置SSL的问题及解决办法的更多相关文章

  1. 转:Tomcat 7.0配置SSL的问题及解决办法

    原文:https://dong-shuai22-126-com.iteye.com/blog/1830209

  2. 执行Git命令时出现各种 SSL certificate problem 的解决办法

    执行Git命令时出现各种 SSL certificate problem 的解决办法 来源  https://www.cnblogs.com/chenzc/p/5842932.html 比如我在win ...

  3. FW 执行Git命令时出现各种 SSL certificate problem 的解决办法

    比如我在windows下用Git clone gitURL 就提示  SSL certificate problem: self signed certificate 这种问题,在windows下出现 ...

  4. Win7安装Oracle Instantclient ODBC驱动 后配置DSN时出错的解决办法 SQORAS32

    安装过程简述 oracle官网下载了 instantclient-odbc-nt--.zip instantclient-basic-nt-.zip 我这是32位版的win7,按照需要下载对应的版本. ...

  5. Win 2008 R2安装SQL Server 2008“性能计数器注册表配置单元一致性”失败的解决办法

    Win 2008 R2安装SQL Server 2008“性能计数器注册表配置单元一致性”失败的解决办法(2011-02-23 19:37:32) 转载▼   今天在惠普服务器上安装数据库2008时, ...

  6. Tomcat 8.5 配置 SSL 证书

    前文: 1.以上内容仅支持Linux-Tomcat配置 正文: 说一下我遇到的坑,我使用的服务器是阿里云服务器,阿里云提供的云服务器Tomcat配置SSL是7.0版本,跟8.5出入较大. 以下为阿里提 ...

  7. Tomcat内存溢出的三种情况及解决办法分析

    Tomcat内存溢出的原因 在生产环境中tomcat内存设置不好很容易出现内存溢出.造成内存溢出是不一样的,当然处理方式也不一样. 这里根据平时遇到的情况和相关资料进行一个总结.常见的一般会有下面三种 ...

  8. Apache虚拟主机配置,实现多域名访问本地项目PHP空间,以及配置403Forbidden等错误的解决办法

    第一步: apache主配置文件修改: 用文本编辑器打开apache的conf目录下 httpd.conf 将下面以下代码取消注释 LoadModule rewrite_module  modules ...

  9. struts2,hibernate4,spring3配置时问题汇总及解决办法

    文章转载于wanglihu的博客,原文链接http://wanglihu.iteye.com/blog/1897718 1.java.lang.NoClassDefFoundError: org/ob ...

随机推荐

  1. shell 循环使用

    问题描述:                  shell中for循环while循环的使用 问题解决:              (1)for循环                      (1.1)数 ...

  2. DX SetFVF

    自由顶点格式(flexible vertex format,FVF) http://www.cnblogs.com/xmzyl/articles/1604096.html if( SUCCEEDED( ...

  3. State of Hyperparameter Selection

    State of Hyperparameter Selection DANIEL SALTIEL VIEW NOTEBOOK Historically hyperparameter determina ...

  4. Java Socket 基础例子

    1.服务器端代码 package com.lanber.socket; import java.io.DataInputStream; import java.io.DataOutputStream; ...

  5. ASP .NET 如何在 SQL 查询层面实现分页

    [编者按]本文作者为来自巴基斯坦的软件开发工程师 Aqeeel,主要介绍了在 SQL 查询层面实现 ASP.NET 应用的分页方法. 本文系 OneAPM 工程师编译呈现,以下为正文. GridVie ...

  6. What is the difference between Views and Materialized Views in Oracle?

    aterialized views are disk based and update periodically base upon the query definition. Views are v ...

  7. hdu 4586 Play the Dice

    思路:设期望值为s,前m个是再来一次机会,则有 s=(a[1]+s)/n+(a[2]+s)/n+……+(a[m]+s)/n+a[m+1]/n…… 化简:(n-m)s=sum 当sum=0时,为0: 当 ...

  8. Happy Number

    https://leetcode.com/problems/happy-number/ Write an algorithm to determine if a number is "hap ...

  9. Linqer工具

    这些天写Linq挺烦人的,就上网搜搜可有什么好的sql转Linq的工具,咦,马上就看上了Linqer. 哈哈,介绍一下使用方法吧: 官方下载网站:http://sqltolinq.com/downlo ...

  10. [优先队列]HDOJ5289 Assignment

    题意:有多少个区间,区间内最大的数减去最小的数差小于k 对每个数它所在的区间,可以只往前找(类似dp的无后效性) 比如对位置3的数,可以往前找的区间是[3, 3], [2, 3], [1, 3], [ ...