Tomcat +SSL

Escain · #1 (**permalink**) 03/06/2011, 11:39

Buenas tardes

Llevo 3 días peleándome con tomcat para intentar que funcione en modo seguro (SSL)

El servidor funciona perfectamente en modo http, pero con https no recibo respuesta del servidor.

El conector que tengo configurado en server.xml es el siguiente:

Código:

<Connector port="8443" SSLEnabled="true"
	 maxThreads="200" protocol="org.apache.coyote.http11.Http11Protocol"
	 scheme="https"
	 secure="true"
         clientAuth="optional" sslProtocol="TLS"
         SSLEngine="on"
	 SSLCertificateFile="/usr/java/tomcat7/conf/ssl.crt/ssl.crt"
	 SSLCertificateKeyFile="/usr/java/tomcat7/conf/ssl.key/ssl.pem"
    />

El log que obtengo es el siguiente:

Código:

03-jun-2011 19:37:37 org.apache.catalina.core.AprLifecycleListener init
INFO: La biblioteca nativa de Apache Tomcat basada en ARP que permite un rendimiento óptimo en entornos de desarrollo no ha sido hallada en java.library.path: /usr/java/jdk1.6.0_25/jre/lib/amd64/server:/usr/java/jdk1.6.0_25/jre/lib/amd64:/usr/java/jdk1.6.0_25/jre/../lib/amd64:/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib
03-jun-2011 19:37:37 org.apache.catalina.startup.SetAllPropertiesRule begin
ADVERTENCIA: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'SSLEngine' to 'on' did not find a matching property.
03-jun-2011 19:37:37 org.apache.catalina.startup.SetAllPropertiesRule begin
ADVERTENCIA: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'SSLCertificateFile' to '/usr/java/tomcat7/conf/ssl.crt/ssl.crt' did not find a matching property.
03-jun-2011 19:37:37 org.apache.catalina.startup.SetAllPropertiesRule begin
ADVERTENCIA: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'SSLCertificateKeyFile' to '/usr/java/tomcat7/conf/ssl.key/ssl.pem' did not find a matching property.
03-jun-2011 19:37:37 org.apache.coyote.AbstractProtocolHandler init
INFO: Initializing ProtocolHandler ["http-bio-8080"]
03-jun-2011 19:37:37 org.apache.coyote.AbstractProtocolHandler init
INFO: Initializing ProtocolHandler ["http-bio-8443"]
03-jun-2011 19:37:38 org.apache.tomcat.util.net.jsse.JSSESocketFactory getStore
GRAVE: No pude cargar almacén de claves de tipo JKS con ruta /root/.keystore debido a /root/.keystore (No such file or directory)
java.io.FileNotFoundException: /root/.keystore (No such file or directory)
	at java.io.FileInputStream.open(Native Method)
	at java.io.FileInputStream.<init>(FileInputStream.java:120)
	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:401)
	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:307)
	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:560)
	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:506)
	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:450)
	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:158)
	at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:380)
	at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:482)
	at org.apache.coyote.AbstractProtocolHandler.init(AbstractProtocolHandler.java:355)
	at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
	at org.apache.catalina.connector.Connector.initInternal(Connector.java:910)
	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
	at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
	at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:781)
	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
	at org.apache.catalina.startup.Catalina.load(Catalina.java:572)
	at org.apache.catalina.startup.Catalina.load(Catalina.java:595)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:262)
	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:430)
03-jun-2011 19:37:38 org.apache.coyote.AbstractProtocolHandler init
GRAVE: Failed to initialize end point associated with ProtocolHandler ["http-bio-8443"]
java.io.FileNotFoundException: /root/.keystore (No such file or directory)
	at java.io.FileInputStream.open(Native Method)
	at java.io.FileInputStream.<init>(FileInputStream.java:120)
	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:401)
	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:307)
	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:560)
	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:506)
	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:450)
	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:158)
	at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:380)
	at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:482)
	at org.apache.coyote.AbstractProtocolHandler.init(AbstractProtocolHandler.java:355)
	at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
	at org.apache.catalina.connector.Connector.initInternal(Connector.java:910)
	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
	at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
	at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:781)
	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
	at org.apache.catalina.startup.Catalina.load(Catalina.java:572)
	at org.apache.catalina.startup.Catalina.load(Catalina.java:595)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:262)
	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:430)
03-jun-2011 19:37:38 org.apache.catalina.core.StandardService initInternal
GRAVE: Failed to initialize connector [Connector[HTTP/1.1-8443]]
org.apache.catalina.LifecycleException: Falló la inicialización del manejador de protocolo: {0}
	at org.apache.catalina.connector.Connector.initInternal(Connector.java:912)
	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
	at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
	at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:781)
	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
	at org.apache.catalina.startup.Catalina.load(Catalina.java:572)
	at org.apache.catalina.startup.Catalina.load(Catalina.java:595)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:262)
	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:430)
Caused by: java.io.FileNotFoundException: /root/.keystore (No such file or directory)
	at java.io.FileInputStream.open(Native Method)
	at java.io.FileInputStream.<init>(FileInputStream.java:120)
	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:401)
	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:307)
	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:560)
	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:506)
	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:450)
	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:158)
	at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:380)
	at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:482)
	at org.apache.coyote.AbstractProtocolHandler.init(AbstractProtocolHandler.java:355)
	at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
	at org.apache.catalina.connector.Connector.initInternal(Connector.java:910)
	... 13 more
03-jun-2011 19:37:38 org.apache.coyote.AbstractProtocolHandler init
INFO: Initializing ProtocolHandler ["ajp-bio-8009"]
...

La verdad, no entiendo porque me salen estos errores.

Gracias de antemano por cualquier ayuda

hyperwin · #2 (**permalink**) 04/06/2011, 05:13

Cita:

GRAVE: No pude cargar almacén de claves de tipo JKS con ruta /root/.keystore debido a /root/.keystore (No such file or directory)
java.io.FileNotFoundException: /root/.keystore (No such file or directory)

El certificado ssl es self register?

Escain · #3 (**permalink**) 04/06/2011, 06:57

Cita:

El certificado ssl es self register?

Si, son los certificados que he creado para la web y subversion.

Los creé con Openssl de la siguiente forma:

Código:

openssl genrsa -des3 -rand file1:file1 -out svn.key 1024
openssl rsa -in svn.key -out svn.pem
openssl req -new -key svn.pem -out svn.csr
openssl x509 -req -days 365 -in svn.csr -signkey svn.pem -out svn.crt

Pero como he dejado entender, no deberían tener problemas puesto que funcionan para svn y la web.