tomcat8.5版本和tomcat8.0有了很大的区别,默认的server.xml中https的配置方式也有了变化:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true" secure="true" URIEncoding="UTF-8" useBodyEncodingForURI="true">
<SSLHostConfig certificateVerification="optional">
<Certificate certificateKeystoreFile="${catalina.home}/bin/mykey.jks" certificateKeystorePassword="mypassword"/>
</SSLHostConfig>
</Connector>
02-Dec-2016 17:49:02.885 警告 [main] org.apache.tomcat.util.net.openssl.OpenSSLContext.init Error initializing SSL context
java.lang.NullPointerException
at org.apache.tomcat.util.net.openssl.OpenSSLContext.init(OpenSSLContext.java:281)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:101)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:81)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:245)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:875)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:213)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:558)
at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:65)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:968)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at org.apache.catalina.startup.Catalina.load(Catalina.java:606)
at org.apache.catalina.startup.Catalina.load(Catalina.java:629)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:311)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494)
查源代码发现,tomcat8.5代码中要求有别名,如果没有配置,默认使用“tomcat”作为别名。显然,我们的证书别名不会是tomcat。
我们可以使用如下命令查看证书的别名:
keytool -list -v -keystore xxxx.keystore -storepass 密码
比如:
D:\tomcat\tomcat858s\bin>keytool -list -v -keystore mykey.jks -storepass mypassword
密钥库类型: JKS
密钥库提供方: SUN 您的密钥库包含 个条目 别名:
创建日期: --
条目类型: PrivateKeyEntry
证书链长度:
证书[]:
所有者: CN=*.guyezhai.com, O=XXXXXXXXXXXXXXXXXX, L=北京市, ST=北京市, C=CN
发布者: CN=WoSign Class OV Server CA G2, O=WoSign CA Limited, C=CN
序列号: 567ab6b63782bdb9e44eba04dc27efe8
有效期开始日期: Thu Mar :: CST , 截止日期: Fri Mar :: CST
证书指纹:
MD5: ::7C:5A:4F:D8:5F:C7:D1:A2:::C5:4A:EE:A3
SHA1: F7::A7:4A::DD:B9:5F::::::C9:3E::3D:A7:3D:E2
SHA256: ::E0::7C:BD:BA::E8::::8E:4D:2A:2B:5C:A7::D0:F0:7A::B6:D7:9D:B0:D7:::BA:
签名算法名称: SHA256withRSA
版本: ...
可以看到,此证书的别名是“1”,我们就可以在server.xml中配置别名了:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true" secure="true" URIEncoding="UTF-8" useBodyEncodingForURI="true">
<SSLHostConfig certificateVerification="optional">
<Certificate certificateKeystoreFile="${catalina.home}/bin/mykey.jks" certificateKeystorePassword="mypassword" certificateKeyAlias="1"/>
</SSLHostConfig>
</Connector>
添加certificateKeyAlias="1"
然后再次启动tomcat,空指针报错就消失了。
