Hi All, When I want to config SSL in Tomcat: apache-tomcat-7.0.4 in windows XP, there is some error below , anyone can tell me what is the problem?
step 1: I generate client /server java key store by code as follow: import java.io.FileOutputStream; import java.math.BigInteger; import java.security.InvalidKeyException; import java.security.KeyPair; import java.security.KeyStore; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.SecureRandom; import java.security.SignatureException; import java.security.cert.Certificate; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.Date; import javax.security.auth.x500.X500Principal; import javax.security.auth.x500.X500PrivateCredential; import org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator; import org.bouncycastle.x509.X509V3CertificateGenerator; /** * * Tomcat HTTPS client/server key Certificate generator * */ public class TomcatKey { //Client Certificate static String TRUST_STORE_NAME = "client"; static char[] TRUST_STORE_PASSWORD = "test".toCharArray(); //Server Certificate static String SERVER_NAME = "server"; static char[] SERVER_PASSWORD = "test".toCharArray(); static String SERVER_HOST = "localhost"; /** * @param args */ public static void main(String[] args) { try { // trustsotre, my root certificate KeyStore store = KeyStore.getInstance("JKS"); // initialize store.load(null, null); KeyPair rootPair = generateKeyPair(); X500PrivateCredential rootCredential = createRootCredential(rootPair); store.setCertificateEntry(TRUST_STORE_NAME, rootCredential .getCertificate()); store.store(new FileOutputStream(TRUST_STORE_NAME + ".keystore"), TRUST_STORE_PASSWORD); // server credentials store = KeyStore.getInstance("JKS"); store.load(null, null); store.setKeyEntry(SERVER_NAME, rootCredential.getPrivateKey(), SERVER_PASSWORD, new Certificate[] { rootCredential .getCertificate() }); store.store(new FileOutputStream(SERVER_NAME + ".keystore"), SERVER_PASSWORD); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (NoSuchProviderException e) { e.printStackTrace(); } catch (Exception e) { e.printStackTrace(); } } //generate Key Pair public static KeyPair generateKeyPair() throws NoSuchAlgorithmException, NoSuchProviderException { // create the keys java.security.KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA"); generator.initialize(1024, new SecureRandom()); return generator.generateKeyPair(); } //generate certificate public static X500PrivateCredential createRootCredential(KeyPair rootPair) throws Exception { X509Certificate rootCert = generateX509V3RootCertificate(rootPair); return new X500PrivateCredential(rootCert, rootPair.getPrivate()); } public static X509Certificate generateX509V3RootCertificate(KeyPair pair)throws NoSuchAlgorithmException, NoSuchProviderException, CertificateEncodingException, InvalidKeyException, IllegalStateException, SignatureException { X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); certGen.setIssuerDN(new X500Principal("CN=" + SERVER_HOST+ ", OU=GoldenSF, O=SHA, C=cn")); certGen.setNotBefore(new Date(System.currentTimeMillis() - 5000L)); certGen.setSubjectDN(new X500Principal("CN=" + SERVER_HOST+ ", OU=GoldenSF, O=SHA, C=cn")); certGen.setPublicKey(pair.getPublic()); certGen.setSignatureAlgorithm("SHA1WithRSA"); certGen.setNotAfter(new Date(System.currentTimeMillis() + Integer.MAX_VALUE)); return certGen.generate(pair.getPrivate(), new SecureRandom()); } } step2: put the files in apache-tomcat-7.0.4/conf : client.keystore, and server.keystore step3: then update server.xml as follow: <?xml version='1.0' encoding='utf-8'?> <Server port="8005" shutdown="SHUTDOWN"> <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> <Listener className="org.apache.catalina.core.JasperListener" /> <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> <GlobalNamingResources> <Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" pathname="conf/tomcat-users.xml" /> </GlobalNamingResources> <Service name="Catalina"> <Connector port="443" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" protocol="org.apache.coyote.http11.Http11AprProtocol" keystoreFile="conf/server.keystore" keystorePass="test" truststoreFile ="conf/client.keystore" truststorePass="test"/> <Connector port="8009" enableLookups="false" redirectPort="443" protocol="AJP/1.3" /> <Engine name="Catalina" defaultHost="localhost"> <Realm className="org.apache.catalina.realm.LockOutRealm"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> </Realm> <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true"> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="%h %l %u %t "%r" %s %b" resolveHosts="false"/> </Host> </Engine> </Service> </Server> step 4: Start Tomcat 7 result : 信息: Loaded APR based Apache Tomcat Native library 1.1.20. 010-11-24 9:36:38 org.apache.catalina.core.AprLifecycleListener init 信息: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. 010-11-24 9:36:38 org.apache.coyote.http11.Http11AprProtocol init 严重: Error initializing endpoint ava.lang.Exception: No Certificate file specified or invalid file format at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method) at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:501) at org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:80) at org.apache.catalina.connector.Connector.initInternal(Connector.java:873) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:100) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:542) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:100) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:717) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:100) at org.apache.catalina.startup.Catalina.load(Catalina.java:544) at org.apache.catalina.startup.Catalina.load(Catalina.java:567) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:262) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:417) 010-11-24 9:36:38 org.apache.catalina.core.StandardService initInternal 严重: Failed to initialize connector [Connector[HTTP/1.1-443]] ifecycleException: Protocol handler initialization failed: java.lang.Exception: No Certificate file specified or invalid file format at org.apache.catalina.connector.Connector.initInternal(Connector.java:875) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:100) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:542) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:100) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:717) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:100) at org.apache.catalina.startup.Catalina.load(Catalina.java:544) at org.apache.catalina.startup.Catalina.load(Catalina.java:567) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:262) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:417) 010-11-24 9:36:38 org.apache.coyote.ajp.AjpAprProtocol init 信息: Initializing Coyote AJP/1.3 on ajp-8009 010-11-24 9:36:38 org.apache.catalina.startup.Catalina load 信息: Initialization processed in 489 ms Thanks & Regards, Scott Li