apache tomcat 无法加载证书密钥 - 使用 https 时网站关闭
问题描述 投票:0回答:0
我正在使用 certbot 将 https 添加到使用 tomcat9.0.75 的网络应用程序。
我已经能够生成证书文件,对其进行签名,然后移至 /opt/tomcat/conf。
在 server.xml 中配置连接器,如下图所示:
将此约束添加到 web.xml 以重定向到 https:
如果我从 URL 中删除 https,该网站可以正常工作,从端口 8091 到 8443 的重定向可以正常工作,但是如果我将 https 添加到链接,它会显示连接已断开。
这里是 catalina 日志的输出:
15-May-2023 14:00:57.724 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version name: Apache Tomcat/9.0.75
15-May-2023 14:00:57.737 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built: May 4 2023 13:04:05 UTC
15-May-2023 14:00:57.742 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version number: 9.0.75.0
15-May-2023 14:00:57.742 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name: Linux
15-May-2023 14:00:57.742 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version: 5.15.0-1037-azure
15-May-2023 14:00:57.742 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture: amd64
15-May-2023 14:00:57.742 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home: /usr/lib/jvm/java-11-openjdk-amd64
15-May-2023 14:00:57.743 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version: 11.0.18+10-post-Ubuntu-0ubuntu120.04.1
15-May-2023 14:00:57.743 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor: Ubuntu
15-May-2023 14:00:57.744 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE: /opt/tomcat
15-May-2023 14:00:57.745 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME: /opt/tomcat
15-May-2023 14:00:57.783 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: --add-opens=java.base/java.lang=ALL-UNNAMED
15-May-2023 14:00:57.783 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: --add-opens=java.base/java.io=ALL-UNNAMED
15-May-2023 14:00:57.783 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: --add-opens=java.base/java.util=ALL-UNNAMED
15-May-2023 14:00:57.783 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: --add-opens=java.base/java.util.concurrent=ALL-UNNAMED
15-May-2023 14:00:57.783 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED
15-May-2023 14:00:57.784 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=/opt/tomcat/conf/logging.properties
15-May-2023 14:00:57.784 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
15-May-2023 14:00:57.784 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djdk.tls.ephemeralDHKeySize=2048
15-May-2023 14:00:57.784 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources
15-May-2023 14:00:57.784 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.apache.catalina.security.SecurityListener.UMASK=0027
15-May-2023 14:00:57.784 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dignore.endorsed.dirs=
15-May-2023 14:00:57.785 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=/opt/tomcat
15-May-2023 14:00:57.785 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=/opt/tomcat
15-May-2023 14:00:57.785 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=/opt/tomcat/temp
15-May-2023 14:00:57.789 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent An older version [1.2.23] of the Apache Tomcat Native library is installed, while Tomcat recommends a minimum version of [1.2.30]
15-May-2023 14:00:57.789 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded Apache Tomcat Native library [1.2.23] using APR version [1.6.5].
15-May-2023 14:00:57.789 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true], UDS [false].
15-May-2023 14:00:57.790 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
15-May-2023 14:00:57.819 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 1.1.1f 31 Mar 2020]
15-May-2023 14:00:58.979 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8091"]
15-May-2023 14:00:59.071 INFO [main] org.apache.coyote.http11.AbstractHttp11Protocol.configureUpgradeProtocol The ["https-openssl-apr-8443"] connector has been configured to support negotiation to [h2] via ALPN
15-May-2023 14:00:59.072 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["https-openssl-apr-8443"]
15-May-2023 14:00:59.259 INFO [main] org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers The certificate [conf/cert.pem] or its private key [conf/privkey.pem] could not be processed using a JSSE key manager and will be given directly to OpenSSL
15-May-2023 14:00:59.262 WARNING [main] org.apache.tomcat.util.net.openssl.OpenSSLContext.init Error initializing SSL context
java.lang.Exception: Unable to load certificate key /opt/tomcat/conf/privkey.pem (error:0200100D:system library:fopen:Permission denied)
at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method)
at org.apache.tomcat.util.net.openssl.OpenSSLContext.addCertificate(OpenSSLContext.java:467)
at org.apache.tomcat.util.net.openssl.OpenSSLContext.init(OpenSSLContext.java:336)
at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:246)
at org.apache.tomcat.util.net.AprEndpoint.createSSLContext(AprEndpoint.java:467)
at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:433)
at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1302)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1315)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:652)
at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:75)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:1012)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1028)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.startup.Catalina.load(Catalina.java:724)
at org.apache.catalina.startup.Catalina.load(Catalina.java:746)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:307)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:477)
15-May-2023 14:00:59.265 INFO [main] org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers The certificate [conf/cert.pem] or its private key [conf/privkey.pem] could not be processed using a JSSE key manager and will be given directly to OpenSSL
15-May-2023 14:00:59.265 INFO [main] org.apache.tomcat.util.net.AbstractEndpoint.logCertificate Connector [https-openssl-apr-8443], TLS virtual host [_default_], certificate type [RSA] configured from [/home/pruebas/.keystore] using alias [tomcat] and with trust store [null]
15-May-2023 14:00:59.268 INFO [main] org.apache.catalina.startup.Catalina.load Server initialization in [2305] milliseconds
15-May-2023 14:00:59.491 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina]
15-May-2023 14:00:59.492 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine: [Apache Tomcat/9.0.75]
15-May-2023 14:00:59.537 INFO [main] org.apache.catalina.startup.HostConfig.deployWAR Deploying web application archive [/opt/tomcat/webapps/webapp.war]
15-May-2023 14:01:00.330 INFO [main] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive [/opt/tomcat/webapps/webapp.war] has finished in [793] ms
15-May-2023 14:01:00.332 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/opt/tomcat/webapps/host-manager]
15-May-2023 14:01:00.455 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/opt/tomcat/webapps/host-manager] has finished in [122] ms
15-May-2023 14:01:00.455 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/opt/tomcat/webapps/docs]
15-May-2023 14:01:00.522 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/opt/tomcat/webapps/docs] has finished in [66] ms
15-May-2023 14:01:00.527 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/opt/tomcat/webapps/examples]
15-May-2023 14:01:01.249 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/opt/tomcat/webapps/examples] has finished in [721] ms
15-May-2023 14:01:01.259 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/opt/tomcat/webapps/manager]
15-May-2023 14:01:01.325 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/opt/tomcat/webapps/manager] has finished in [66] ms
15-May-2023 14:01:01.334 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/opt/tomcat/webapps/ROOT]
15-May-2023 14:01:01.383 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/opt/tomcat/webapps/ROOT] has finished in [49] ms
15-May-2023 14:01:01.390 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8091"]
15-May-2023 14:01:01.465 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["https-openssl-apr-8443"]
15-May-2023 14:01:01.511 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in [2241] milliseconds
问题似乎与权限相关“java.lang.Exception: Unable to load certificate key /opt/tomcat/conf/privkey.pem (error:0200100D:system library:fopen:Permission denied)”
我没有看到使用 systemctl 时运行的 tomcat9 服务或 catalina 服务,但它在没有 https 的情况下工作正常。我注意到,当我使用 certbot/letsencrypt 生成证书文件时,我无法 sudo cd 到 /etc/letsencrypt/live/domain-name/ 但自那以后我能够将证书文件复制到 /opt/tomcat/conf .
不清楚这些服务中的哪一个是tomcat9:
检查这个问题:https://serverfault.com/questions/320912/ssl-certificate-key-permission-tomcat-apr
用户组和用户部分不清楚
最新问题
- Pyinstaller EXE 的 __file__ 指的是 .py 文件
- 如何判断一个数是否是一些数的平方和?
- ament cmake 与 apt 安装的 Drake 的传递依赖问题
- 列表中已删除的节点仍保留在列表中
- 当形状聚焦时,SwiftData 绑定会导致关闭时崩溃
- 如何从 Excel 数据填充 Powerpoint 表格
- 它一直显示错误,“克隆不是模型的有效成员”
- Azure管道运行TestNG但想手动导入jar文件
- 使用discord.py库通过bot.run()运行机器人时处理互联网连接错误的正确方法
- WebdriverIO + Jasmine:如何在基于测试文件名运行套件时排除特定测试文件
- 关于从搅拌机导出 THREE.JS 的 GLTF
- gitcherry-pick 重命名目标文件
- 数据中的 cURL 转义和(与符号)
- 指定 LocalDateTime 如何存储在适用于 NoSQL 的 Azure CosmosDB 中
- 使用现有证书制作 openssl 配置文件
- cURL 转义和数据中
- 在 Swift 中,公开返回的不透明类型的底层类型可以是内部类型吗?
- Javascript json_encode > JSON.parse() 数组
- C++ 如何在一天中的特定时间调用函数
- Selenium 存在陈旧元素引用问题@Python
© www.soinside.com 2019 - 2024. All rights reserved.