Setelah membuat sertifikat dan file pem kunci menggunakan openssl di ubuntu 16.04 saya mengkonfigurasi konektor kucing jantan di file server.xml seperti yang diberikan di bawah ini tetapi, ketika saya mulai kucing jantan saya mendapatkan kesalahan.
Di browser saat saya menekan url ini: https: // localhost: 8443 / itu memberi di bawah ini diberikan kesalahan:
This site can’t provide a secure connection localhost sent an invalid response.
perintah yang digunakan untuk menghasilkan cert dan file pem kunci adalah sebagai:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
Konektor Tomcat adalah sebagai:
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" SSLEngine="on" SSLCertificateFile="conf/cert.pem" SSLCertificateKeyFile="conf/key.pem" />
Sesuatu yang lain:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
Generating a 4096 bit RSA private key ..........................................................................
writing new private key to 'key.pem'
Country Name (2 letter code) [AU]:IN State or Province Name (full
name) [Some-State]:MH Locality Name (eg, city) []:Pune Organization
Name (eg, company) [Internet Widgits Pty Ltd]:softdel Organizational
Unit Name (eg, section) []:iot Common Name (e.g. server FQDN or YOUR
name) []:localhost Email Address []:[email protected]
log:
23-Jun-2018 13:29:35.460 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"]
23-Jun-2018 13:29:35.483 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8443"]
23-Jun-2018 13:29:35.488 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["ajp-nio-8009"]
23-Jun-2018 13:29:35.490 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 5150 ms
23-Jun-2018 13:29:35.656 INFO [http-nio-8443-exec-1] org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header
Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Invalid character found in method name. HTTP method names must be tokens
at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:410)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:291)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:754)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1376)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
23-Jun-2018 13:29:35.659 INFO [http-nio-8443-exec-2] org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header
Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Invalid character found in method name. HTTP method names must be tokens
at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:410)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:291)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:754)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1376)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
23-Jun-2018 13:29:35.720 INFO [http-nio-8443-exec-3] org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header
Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Invalid character found in method name. HTTP method names must be tokens
at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:410)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:291)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:754)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1376)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
2018-06-23 13:29:42 [http-nio-8443-exec-17] INFO org.apache.jsp.index_jsp - - Entered page login
Jawaban:
Anda perlu dan tidak set
SSLEnabled="true"
-- Lihat paragraf pertama bagian SSL pada dokumen Connector . Tomcat sebenarnya mendengarkan dalam mode HTTP-not-S, jadi ketika browser mengirim SSL / TLS ClientHello Tomcat berpikir itu adalah permintaan HTTP yang tidak valid, dan mengirimkan kembali respons kesalahan HTTP yang menurut browser adalah respons SSL / TLS yang tidak valid.Saya tidak tahu apakah paket Ubuntu menyertakan APR (yang menggunakan OpenSSL stack) alias 'tomcat-native'. Untuk Tomcat 8, file format cert & amp; format PEM hanya akan berfungsi jika menggunakan APR; untuk Java SSL / TLS stack (JSSE) Anda perlu menggunakan keystore format-Java. Untuk Tomcat 8.5 atau 9, akan diperlukan dan dikonversi secara internal sesuai kebutuhan. Ini juga dijelaskan dalam dokumen.
Perhatikan bahwa untuk browser kepercayaan sertifikat yang ditandatangani sendiri, Anda harus menambahkannya ke truststore browser itu; bagaimana Anda melakukan ini tergantung pada browser dan terkadang platform, dan saya tidak menggunakan browser apa pun di Ubuntu jadi saya mungkin tidak dapat membantu dengan bagian itu.
sumber