关于这个问题,我已经回答了好几个问题,但仍然无法解决这个问题。
我正在从Tomcat7升级到8.5。我已将server.xml、web.xml和context.xml从旧服务器复制到新服务器。我所做的唯一更改是对server.xml中的以下行进行注解
<!--Listener className="org.apache.catalina.core.JasperListener" /-->
连接器端口规格如下:
<Connector port="50000" protocol="org.apache.coyote.http11.Http11Protocol"
SSLEnabled="true" acceptCount="100" debug="0" maxProcessors="75"
minProcessors="5" server="Server for App" clientAuth="false"
sslProtocol="TLS" maxThreads="150" scheme="https" secure="true"
sslEnabledProtocols="TLSv1.2" keystoreFile="/location/keystore.p12"
truststoreType="PKCS12" keystoreType="PKCS12" keystorePass="***"
truststoreFile="/location/keystore.p12" truststorePass="***"
ciphers="***" connectionTimeout="60000" />
启动tomcat会产生以下错误:
SEVERE [main] org.apache.catalina.core.StandardService.initInternal Failed to initialize connector [Connector[org.apache.coyote.http11.Http11Protocol-50000]]
org.apache.catalina.LifecycleException: Protocol handler initialization failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:1076)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:552)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:846)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.startup.Catalina.load(Catalina.java:639)
at org.apache.catalina.startup.Catalina.load(Catalina.java:662)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:302)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:472)
Caused by: java.lang.IllegalArgumentException: the trustAnchors parameter must be non-empty
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:100)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:72)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:247)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1143)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:222)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:599)
at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:80)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:1074)
... 13 more
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:157)
at java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:130)
at org.apache.tomcat.util.net.SSLUtilBase.getParameters(SSLUtilBase.java:501)
at org.apache.tomcat.util.net.SSLUtilBase.getTrustManagers(SSLUtilBase.java:432)
at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:245)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:98)
... 20 more
设置-djavax.net.debug=all并没有产生太多额外的线索。
我相信这与证书有关,但如果我使用相同的设置运行旧的Tomcat7,它就可以正常工作。非常感谢您的帮助。
1条答案
按热度按时间fbcarpbf1#
原来密钥库需要一个trustedcertentry,而它只有一个privatekeyentry。我使用keytool导入了一个全局受信任证书,问题得到了解决。