JWorld@TW the best professional Java site in Taiwan
      註冊 | 登入 | 全文檢索 | 排行榜  

» JWorld@TW » Application Server » Tomcat  

按列印兼容模式列印這個話題 列印話題    把這個話題寄給朋友 寄給朋友   
reply to topicthreaded modego to previous topicgo to next topic
話題被移動
該話題已被移動 - browser , 2004-08-09 19:15
如果您尚不清楚該話題被移動的原因,請參考論壇規則以及本版公告或者聯系本版版主。
本主題所含的標籤
無標籤
作者 再請問 Tomcat + ssl [精華]
lubig





發文: 110
積分: 0
於 2004-08-04 21:16 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
1. 小弟最近試著 tomcat (5.0.27 in windows XP ) 上使用 ssl
照著不少大大的範例, 以及參考 Tomcat Document (SSL) 部份
但結果都是只有一個 ( 我有去 server.xml 把 mark 掉的 8443 去掉註解 )

嘗試連線到 localhost:8443 拒絕回應

似乎是我的 port 8443 根本沒起??
不知小弟還有那些地方有可能漏掉嗎

2. 我如果由 tomcat 所提供的 admin 網頁去新增 connector
server.xml 中 Connector 部份又讓我多了一些疑惑 :
除了 keystoreFile, keystorePass 之外, 還多了 keystore, keypass
請問有什麼不同嗎........
以下是部份檔案內容

1
2
3
4
5
6
    <Connector enableLookups="true" keystoreFile=".keystore" keystorePass="changeit" port="8443" redirectPort="-1" 
        scheme="https" sslProtocol="TLS" algorithm="SunX509" clientauth="false" keypass="changeit"
        keystore="C:\WINDOWS\system32\config\systemprofile\.keystore" keytype="JKS" protocol="TLS" secure="true">
 
      <Factory className="org.apache.coyote.tomcat5.CoyoteServerSocketFactory" keystoreFile="d:\Tomcat 5.0\.keystore"/>
    </Connector>


keytool:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
C:\Documents and Settings\lubig>\j2sdk1.4.2\bin\keytool -genkey -alias tomcat -keyalg RSA
輸入 keystore 密碼:  changeit
您的名字與姓氏為何?
  [Unknown]:
您的編制單位名稱為何?
  [Unknown]:
您的組織名稱為何?
  [Unknown]:
您所在的城市或地區名稱為何?
  [Unknown]:
您所在的州及省份名稱為何?
  [Unknown]:
該單位的二字國碼為何
  [Unknown]:
CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown 正確嗎?
  [否]:  y
 
輸入 <tomcat> 的主密碼
        (RETURN 如果和 keystore 密碼相同):
 
C:\Documents and Settings\lubig>copy .keystore "d:\Tomcat 5.0"
您要覆寫 d:\Tomcat 5.0\.keystore 嗎? (Yes/No/All): y
複製了         1 個檔案。


我試到最後, 連 password 也只敢照打 "changeit"...... 不過, 還是

嘗試連線到 localhost:8443 拒絕回應


reply to postreply to post
作者 Re:再請問 Tomcat + ssl [Re:lubig]
snpshu

Norman

版主

發文: 1073
積分: 5
於 2004-08-05 10:19 user profilesend a private message to usersend email to snpshureply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
xp它的防火牆你有關閉嗎 ? Big Smile

reply to postreply to post
作者 Re:再請問 Tomcat + ssl [Re:lubig]
lubig





發文: 110
積分: 0
於 2004-08-05 13:21 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
Sad
有......關了試過, 目前一樣不行

不過值得高興的是.........出現新 ErrorClown
1. org.apache.coyote.tomcat5.CoyoteServerSocketFactory

找不到.....怪怪......這是 Tomcat 的 tool 幫我產生的, 怎麼會找不到
這個 class 是被產生在 server.xml 的.....如最頭一篇文篇所附內容

2. protocolHandlerClassName error...... 看起來也是 server.xml 的東西
實在不懂.....還請各位大大指導一下

OS : WIndows XP
JDK : 1.4.2_04
Tomcat: 5.0.27
Browser : IE 6 / Mozilla 1.7


lubig edited on 2004-08-05 15:18
reply to postreply to post
作者 Re:再請問 Tomcat + ssl [Re:lubig]
snpshu

Norman

版主

發文: 1073
積分: 5
於 2004-08-07 17:27 user profilesend a private message to usersend email to snpshureply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
你可以把全部的訊息貼出來給大家參考嗎? Smile

reply to postreply to post
作者 Re:再請問 Tomcat + ssl [Re:lubig]
lubig





發文: 110
積分: 0
於 2004-08-08 03:25 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
HTTP Status 500 - Error retrieving attribute protocolHandlerClassName

--------------------------------------------------------------------------------

type Status report

message Error retrieving attribute protocolHandlerClassName

description The server encountered an internal error (Error retrieving attribute protocolHandlerClassName) that prevented it from fulfilling this request.

這是之前所說的第二個問題.........第一個問題我目前生不出來了Tongue
感謝 snpshu 大大的熱心指導


lubig edited on 2004-08-08 03:27
reply to postreply to post
作者 Re:再請問 Tomcat + ssl [Re:lubig]
擺渡人

來自:北灣村



發文: 32
積分: 0
於 2004-08-09 15:30 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
<Connector acceptCount="100" disableUploadTimeout="true" keystoreFile="D:\jakarta-tomcat-5.0.25\conf\.keystore" keystorePass="wullccie" port="8443" scheme="https" secure="true" sslProtocol="TLS">
<Factory className="org.apache.coyote.tomcat5.CoyoteServerSocketFactory" clientAuth="true" keystoreFile="D:\jakarta-tomcat-5.0.25\conf\.keystore" keystorePass="wullccie"/>
</Connector>

你少了密码keystorePass="wullccie"


擺渡人 edited on 2004-08-09 15:33
reply to postreply to post
作者 Re:再請問 Tomcat + ssl [Re:lubig]
lubig





發文: 110
積分: 0
於 2004-08-10 10:07 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
(泣) 感謝各位大大的指導
現在不會說網站無回應了
改成給我 無法顯示網頁
有進步 Smile

不過我又生出新 error 了
不知道該哭還是該笑

是在啟動 tomcat 時發生的
在 logs/stdout 中

1
2
3
4
5
6
7
8
9
10
11
12
13
14
2004/8/10 上午 09:48:39 org.apache.catalina.startup.Catalina load
嚴重的: Catalina.start
LifecycleException:  Protocol handler instantiation failed: java.lang.NullPointerException
  at org.apache.coyote.tomcat5.CoyoteConnector.initialize(CoyoteConnector.java:1368)
  at org.apache.catalina.core.StandardService.initialize(StandardService.java:609)
  at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:2384)
  at org.apache.catalina.startup.Catalina.load(Catalina.java:507)
  at org.apache.catalina.startup.Catalina.load(Catalina.java:528)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:324)
  at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:247)
  at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:421)


lubig edited on 2004-08-10 10:10
reply to postreply to post
作者 Re:再請問 Tomcat + ssl [Re:lubig]
a48941101





發文: 16
積分: 0
於 2004-08-19 20:59 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
我目前也碰到跟你一樣的問題,
測試 https://localhost:8443
有出現安全性視窗,
點選「是」,
接著就出現「無法顯示網頁」,
啟動tomcat有出現錯誤,
如:
1
2
3
4
5
6
7
嚴重的:Parse Error at line 131 column 11:The content of element type "web-app"
 vlet*,servlet-mapping*,session-config?,mime-mapping*,welcom-file-list?,error-page*,taglib*
,resource-ref*,security-constraint*,login-config?,security-role*,env-entry*ejb-ref*>".
 
org.xml.sax.SAXParseException:The content of element type "web-app"must match"
<icon?,display-name?,description?,distributable?,context-param*
....(略)...........

不知道是那裡被忽略了,謝謝!


morchory edited on 2004-08-19 22:49
reply to postreply to post
作者 Re:再請問 Tomcat + ssl [Re:lubig]
OHNO

雨聲街



發文: 49
積分: 0
於 2004-08-31 21:26 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
我試了一下...這是我的設定檔
1
2
3
4
5
6
7
 <Connector port="8443" 
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" debug="0" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" 
               keystoreFile="C:\Documents and Settings\Administrator\.keystore" 
               keystorePass="*****" />

設定好了..參照
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html
重開 Tomcat 5.0.28 ( jdk 版本是 1.5的)
打上 https://localhost:8443
會有一個安全的視窗跳出 按 yes or 確定
就可以了說..


OHNO edited on 2004-08-31 21:35
reply to postreply to post
作者 Re:再請問 Tomcat + ssl [Re:lubig]
monica





發文: 30
積分: 0
於 2005-04-21 16:30 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
我想應該是server.xml的問題
因為我也是用tomcat的admin網頁去做 結果出現上面的錯誤
後來我把下面的node拿掉
<Factory className="org.apache.coyote.tomcat5.CoyoteServerSocketFactory" keystoreFile="C:\jakarta-tomcat-5.0.28\.keystore"/>
再拿掉protocol="TLS"
改為新增
className="org.apache.coyote.tomcat5.CoyoteConnector"
就可以跑了~

以下是我改過的server.xml部分
1
<Connector className="org.apache.coyote.tomcat5.CoyoteConnector" enableLookups="true" keystoreFile=".keystore" keystorePass="changeit" port="8443" redirectPort="-1" scheme="https" sslProtocol="TLS" algorithm="SunX509" clientauth="false" keypass="changeit" keystore="C:\Documents and Settings\monica\.keystore" keytype="JKS" />


monica edited on 2005-04-21 16:33
reply to postreply to post
作者 Re:再請問 Tomcat + ssl [Re:lubig]
fij





發文: 47
積分: 0
於 2005-08-05 12:41 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
您的名字與姓氏為何? [Unknown]:
您的編制單位名稱為何? [Unknown]:
您的組織名稱為何? [Unknown]:
您所在的城市或地區名稱為何? [Unknown]:
您所在的州及省份名稱為何? [Unknown]:
該單位的二字國碼為何 [Unknown]:
CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown 正確嗎? [否]: y

從以上我倒是看到一個很明顯的問題
您的名字與姓氏為何 應該輸入的是 hostname or ip address
其他的部分若正確做法應該也要輸入啊


reply to postreply to post
作者 Re:再請問 Tomcat + ssl [Re:lubig]
bb66





發文: 30
積分: 0
於 2005-09-07 22:32 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
依照各位上述的方法我己經成功的設定好 Tomcat + SSL 了
先感謝各位。
但是小弟寫了一支 Servlet 程式,程式內容如下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.util.*;
 
public class SSLTest extends HttpServlet {
    private ServletContext context;
 
    public void init(ServletConfig config) throws ServletException {
        this.context = config.getServletContext();
    }
    
    public  void doGet(HttpServletRequest request, HttpServletResponse  response)
        throws IOException, ServletException {
        System.out.println("GET");
        String First = request.getParameter("First");
        System.out.println(First);
        PrintWriter out = null;
        out = response.getWriter();
        out.println("DDDDDDD");
        out.flush();
    }
 
    public  void doPost(HttpServletRequest request, HttpServletResponse  response)
        throws IOException, ServletException {
        String First = request.getParameter("First");
        System.out.println(First);
        PrintWriter out = null;
        out = response.getWriter();
        out.println("DDDDDDD");
        out.flush();
    }
    
}
 


再寫一支 JSP 程式去呼叫 Servlet 程式
JSP 程式內容如下
1
2
3
4
5
6
7
8
9
10
11
12
13
14
<%
      String nextline="", data="";
        int port = 443;
        String hostname = "192.168.1.5";
        SocketFactory socketFactory = SSLSocketFactory.getDefault();
        Socket socket = socketFactory.createSocket(hostname, port);
    
        // Create streams to securely send and receive data to the server
        
        BufferedReader dis = new BufferedReader(new InputStreamReader(socket.getInputStream(),"ISO-8859-1"));
        while ((nextline = dis.readLine()) != null) {
            data = data + nextline + "#";
        } 
%>


卻得到如下的錯誤訊息

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
  com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
  com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
  com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
  com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:847)
  com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
  com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
  com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
  com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
  com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
  com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:619)
  com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
  sun.nio.cs.StreamEncoder$CharsetSE.writeBytes(StreamEncoder.java:336)
  sun.nio.cs.StreamEncoder$CharsetSE.implFlushBuffer(StreamEncoder.java:404)
  sun.nio.cs.StreamEncoder$CharsetSE.implFlush(StreamEncoder.java:408)
  sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:152)
  java.io.OutputStreamWriter.flush(OutputStreamWriter.java:213)
  org.apache.jsp.abc_jsp._jspService(org.apache.jsp.abc_jsp:113)
  org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
  javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
  org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:322)
  org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:291)
  org.apache.jasper.servlet.JspServlet.service(JspServlet.java:241)
  javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
 


請問我該如何解決這個問題呢??

Windows 2000 + Tomcat 5.5.9


reply to postreply to post
作者 Re:再請問 Tomcat + ssl [Re:fij]
rockingstorm





發文: 2
積分: 0
於 2006-03-09 09:33 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
原先我的Tomcat也是老配不起SSL(5.0.28,1.4.2,2000SRV),
原来的过程是用OpenSSL生成一个DemoCA,然后用keytool生成一个自签证书,生成CSR,然后用DemoCA签发这个CSR,再用Keytool导入,
最后生成的就是一个xxx.jks的keystore文件,
然后用这个keystore就怎么样也不行,具体是连接http://localhost:8080没问题,但是https://localhost:8443的时候浏览器跳出查看证书的
对话框,显示的证书信息也完全正确(只是证书上有个×,不过这应该不是问题所在),然后选确定,就显示"该页无法显示"了

我开始怀疑了很多东西,包括杀毒软件,我用的是瑞星,我换了一台刚装好2000SRV系统的机子也还是不行;然后怀疑过操作系统,我叫一个用Linux
的朋友帮忙,结果还没出来,server.xml更是改了无数次,doc也看了很多,差点就看Tomcat的源码了,

最后我怀疑是不是 1.keystore的类型有问题,比如说.JKS的文件名后缀tomcat不能正确识别之类的;或者是 2.只有自签的证书才能起作用,(希望哪位仁兄也试验一下)
所以我就用keytool自签了一个证书,然后把server.xml的里面keystoreFile的路径指对,就可以看到welcome页面了.
欢迎和我联系,本人最近研究数字正书,sso,email: rockingstorm@sohu.com


reply to postreply to post
作者 Re:再請問 Tomcat + ssl [Re:lubig]
rockingstorm





發文: 2
積分: 0
於 2006-03-09 10:41 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
我刚试验过了
tomcat5只能用keytool自签的证书,
如果自签后,再提交csr给ca签名,最后再导入keystore后,就会出现能看到验证证书的对话框,但是"不能显示网页"的错误.

-----------------tomcat5只能用keytool自签的证书,----------------
这是最终结论.


rockingstorm edited on 2006-03-09 10:45
reply to postreply to post
作者 Re:再請問 Tomcat + ssl [Re:lubig]
hellolittlefree





發文: 6
積分: 0
於 2006-06-30 00:56 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
不之各位前輩研究的如何?
我使用的tomcat是5.5.17
問題在於只要簽證的密碼和tomcat的密碼不同就跑不起來
不知道各位有無密碼不同的解決辦法 :S


reply to postreply to post
作者 Re:再請問 Tomcat + ssl [Re:lubig]
noking





發文: 1
積分: 0
於 2007-02-06 10:21 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
我刚试验过了
tomcat5只能用keytool自签的证书,
如果自签后,再提交csr给ca签名,最后再导入keystore后,就会出现能看到验证证书的对话框,但是"不能显示网页"的错误.

-----------------tomcat5只能用keytool自签的证书,----------------
这是最终结论.

有人可以確定真的是這樣嗎?

我測試的結果也是這樣,只不過怕是自己弄錯的


reply to postreply to post
» JWorld@TW »  Application Server » Tomcat

reply to topicthreaded modego to previous topicgo to next topic
  已讀文章
  新的文章
  被刪除的文章
Jump to the top of page

JWorld@TW 本站商標資訊

Powered by Powerful JuteForum® Version Jute 1.5.8