{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 劫难 的问题《Tomcat 7 and invalid keystore format》','https://www.manongdao.com/q-446974.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm trying to connect to Tomcat through https on a remote server; I've found many answers, but no one has worked for me; I'm using Apache, Tomcat 7 on Ubuntu Server 14.04.
First, I created the certificate keystore writing:
keytool -genkey -alias tomcat -keyalg RSA
after I' ve edited "/etc/tomcat7/server.xml" to use ssl on port 8443:
<Connector port="8443" SSLEnabled="true"
protocol="org.apache.coyote.http11.Http11Protocol"
keystoreType="JKS"
maxThreads="150" scheme="https" secure="true"
keystoreFile="/usr/lib/jvm/java-7-openjdk-amd64/bin/keytool"
keystorePass="***********" keyAlias="tomcat"
clientAuth="false" sslProtocol="TLS"/>
where ********** is the password; restarting Tomcat through:
sudo service tomcat7 restart
I'm getting the following error in file "/var/log/tomcat7/catalina.out":
SEVERE: Failed to initialize connector [Connector[HTTP/1.1-8443]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8443]]
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:813)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:638)
at org.apache.catalina.startup.Catalina.load(Catalina.java:663)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)
Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:980)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
... 12 more
Caused by: java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:650)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
at java.security.KeyStore.load(KeyStore.java:1214)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:392)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:291)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:549)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:489)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:434)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:181)
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:397)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:640)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434)
at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:978)
... 13 more
The keystore type is JKS, I've verified it through the command:
$JAVA_HOME/bin/keytool -list
which has returned:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
tomcat, 17-Oct-2015, PrivateKeyEntry,
Certificate fingerprint (SHA1): 33:14:32:DD:DA:20:BF:CF:70:32:F5:0E:E9:F1:C1:5B:4E:C3:DB:AB
where $JAVA_HOME is "/usr/lib/jvm/java-7-openjdk-amd64";
So when I try to connect to "https://myServerIp:8443/" or to "https://myDomainName:8443/" I get "Unable to connect" error.
Now it works correctly, in short:
.keystorefileThanks to @Titus I've understood where the problem was: when I run the command
or the command
the program
keytoolcreate a file.keystorein a folder of the server; the directory/usr/lib/jvm/java-7-openjdk-amd64/jre/bincontains a file namedkeystore, but this file is not correct to setup tomcat or for some reason it doesn't work in my case. To specify the path of the file.keystorewe can run the commandand after that I've configured Tomcat editing the file
/etc/tomcat7/server.xmlwith the file just created:just to further support this answer for beginners like me. On Windows OS
First go to C:\Program Files\Java\jdk1.8, Press
Shift + right-clickto open command pront: write thiskeytool.exe -genkey -alias tomcat -keyalg RSA -keystore /{user.name}/.keystore, A sequence of question will then follow after that you will see a new .keytore generated at the specify pathNow you need to go to server.xml and modify this two
keystoreFile="${user.home}/.keystore" keystorePass="changeit"with the appropriate one.