Hi All,
When I want to config SSL in Tomcat: apache-tomcat-7.0.4 in windows XP,
there is some error below , anyone can tell me what is the problem?
step 1:
I generate client /server java key store by code as follow:
import java.io.FileOutputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.security.auth.x500.X500Principal;
import javax.security.auth.x500.X500PrivateCredential;
import org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator;
import org.bouncycastle.x509.X509V3CertificateGenerator;
/**
*
* Tomcat HTTPS client/server key Certificate generator
*
*/
public class TomcatKey {
//Client Certificate
static String TRUST_STORE_NAME = "client";
static char[] TRUST_STORE_PASSWORD = "test".toCharArray();
//Server Certificate
static String SERVER_NAME = "server";
static char[] SERVER_PASSWORD = "test".toCharArray();
static String SERVER_HOST = "localhost";
/**
* @param args
*/
public static void main(String[] args) {
try {
// trustsotre, my root certificate
KeyStore store = KeyStore.getInstance("JKS");
// initialize
store.load(null, null);
KeyPair rootPair = generateKeyPair();
X500PrivateCredential rootCredential = createRootCredential(rootPair);
store.setCertificateEntry(TRUST_STORE_NAME, rootCredential
.getCertificate());
store.store(new FileOutputStream(TRUST_STORE_NAME + ".keystore"),
TRUST_STORE_PASSWORD);
// server credentials
store = KeyStore.getInstance("JKS");
store.load(null, null);
store.setKeyEntry(SERVER_NAME, rootCredential.getPrivateKey(),
SERVER_PASSWORD, new Certificate[] { rootCredential
.getCertificate() });
store.store(new FileOutputStream(SERVER_NAME + ".keystore"),
SERVER_PASSWORD);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchProviderException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
}
//generate Key Pair
public static KeyPair generateKeyPair() throws NoSuchAlgorithmException,
NoSuchProviderException {
// create the keys
java.security.KeyPairGenerator generator =
KeyPairGenerator.getInstance("RSA");
generator.initialize(1024, new SecureRandom());
return generator.generateKeyPair();
}
//generate certificate
public static X500PrivateCredential createRootCredential(KeyPair rootPair)
throws Exception {
X509Certificate rootCert = generateX509V3RootCertificate(rootPair);
return new X500PrivateCredential(rootCert, rootPair.getPrivate());
}
public static X509Certificate generateX509V3RootCertificate(KeyPair
pair)throws NoSuchAlgorithmException,
NoSuchProviderException, CertificateEncodingException, InvalidKeyException,
IllegalStateException, SignatureException {
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
certGen.setIssuerDN(new X500Principal("CN=" + SERVER_HOST+ ", OU=GoldenSF,
O=SHA, C=cn"));
certGen.setNotBefore(new Date(System.currentTimeMillis() - 5000L));
certGen.setSubjectDN(new X500Principal("CN=" + SERVER_HOST+ ",
OU=GoldenSF, O=SHA, C=cn"));
certGen.setPublicKey(pair.getPublic());
certGen.setSignatureAlgorithm("SHA1WithRSA");
certGen.setNotAfter(new Date(System.currentTimeMillis() +
Integer.MAX_VALUE));
return certGen.generate(pair.getPrivate(), new SecureRandom());
}
}
step2:
put the files in apache-tomcat-7.0.4/conf : client.keystore, and
server.keystore
step3:
then update server.xml as follow:
<?xml version='1.0' encoding='utf-8'?>
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" />
<Listener className="org.apache.catalina.core.JasperListener" />
<Listener
className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener
className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<Connector port="443" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
protocol="org.apache.coyote.http11.Http11AprProtocol"
keystoreFile="conf/server.keystore" keystorePass="test"
truststoreFile ="conf/client.keystore" truststorePass="test"/>
<Connector port="8009" enableLookups="false" redirectPort="443"
protocol="AJP/1.3" />
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="%h %l %u %t "%r" %s %b"
resolveHosts="false"/>
</Host>
</Engine>
</Service>
</Server>
step 4:
Start Tomcat 7
result :
信息: Loaded APR based Apache Tomcat Native library 1.1.20.
010-11-24 9:36:38 org.apache.catalina.core.AprLifecycleListener init
信息: APR capabilities: IPv6 [true], sendfile [true], accept filters [false],
random [true].
010-11-24 9:36:38 org.apache.coyote.http11.Http11AprProtocol init
严重: Error initializing endpoint
ava.lang.Exception: No Certificate file specified or invalid file format
at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method)
at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:501)
at
org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:80)
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:873)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:100)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:542)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:100)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:717)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:100)
at org.apache.catalina.startup.Catalina.load(Catalina.java:544)
at org.apache.catalina.startup.Catalina.load(Catalina.java:567)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:262)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:417)
010-11-24 9:36:38 org.apache.catalina.core.StandardService initInternal
严重: Failed to initialize connector [Connector[HTTP/1.1-443]]
ifecycleException: Protocol handler initialization failed:
java.lang.Exception: No Certificate file specified or invalid file format
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:875)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:100)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:542)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:100)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:717)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:100)
at org.apache.catalina.startup.Catalina.load(Catalina.java:544)
at org.apache.catalina.startup.Catalina.load(Catalina.java:567)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:262)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:417)
010-11-24 9:36:38 org.apache.coyote.ajp.AjpAprProtocol init
信息: Initializing Coyote AJP/1.3 on ajp-8009
010-11-24 9:36:38 org.apache.catalina.startup.Catalina load
信息: Initialization processed in 489 ms
Thanks & Regards,
Scott Li
