我被告知要更新 tomcat9 的 MicroStrategy SSL 证书。
我也无法将 SSL 恢复到之前的证书。该网站将无法恢复。
Catalina.out 日志。
[main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector] failed to set property [maxThreads] to [150]
31-Aug-2023 23:37:18.562 WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector] failed to set property [SSLEnabled] to [true]
31-Aug-2023 23:37:18.562 WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector] failed to set property [clientAuth] to [false]
31-Aug-2023 23:37:18.562 WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector] failed to set property [sslProtocol] to [TLS]
31-Aug-2023 23:37:18.567 WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector] failed to set property [sslEnabledProtocols] to [TLSv1.2,TLSv1.1,TLSv1]
31-Aug-2023 23:37:18.567 WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector] failed to set property [keystorePass] to [**********]
31-Aug-2023 23:37:18.567 WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector] failed to set property [keystoreFile] to [/usr/local/tomcat9/mstr.johndoe.com.jks]
出于隐私原因刚刚更改了上述域名并屏蔽了密钥库密码。
server.xml file under usr/local/tomcat9/conf
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1" keystorePass="********" keystoreFile="/usr/local/tomcat9/mstr.johndoe.com.jks" />
出于安全考虑,已屏蔽上述密码。
该过程是更改 tomcat9/conf 目录中的 server.xml 文件中的密钥库密码,并将 jks 证书文件复制到 /usr/local/tomcat9 下的位置。
执行上述操作后未续订 SSL。网址已关闭,无法恢复界面。虽然tomcat9服务器已启动并运行,没有错误。
使用 openssl pkcs12 和 keytool 命令创建 .jks 证书
移动 tomcat9 -> tomcat10 后我遇到了类似的问题。在日志文件中也有相同的错误。然后我认识到配置已更改 - 证书部分现在移至 SSLHostConfig->Certificate 小节,密钥名称也更改为
certificateKeystoreFile
和 certificateKeystorePassword
:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true"
scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS">
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateKeystoreFile="/etc/tomcat10/keystore/tomcat.jks"
certificateKeystorePassword="******"
type="RSA"
/>
</SSLHostConfig>
</Connector>
也许这不是你的情况,但错误消息是相同的。