本文详细阐述了在使用Tomcat部署应用时遇到SSL启动错误的解决方案,包括配置JVM参数、导入证书到推荐的Java信任库、以及解决信任锚问题的方法。提供了从配置文件修改到实际操作的完整指南。
在tomcat中启动报错
重要解决方法:
在catalina.sh中, 加入:
JAVA_OPTS='-Xms4096m -Xmx7048m -XX:MaxNewSize=1024m -XX:MaxPermSize=512m -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false' -Djavax.net.ssl.keyStore=/home/monitor/server-4.6.6/hq-engine/hq-server/id.keystore
如此
Cause
The JVM cannot find the javax.net.ssl.trustStore required for SSL, or it does not contain the required certificates.
For standard installations, we do not recommend this JVM argument is used, and rather your certificates are added to the JVM's default keystore, which is typically located in $JAVA_HOME/jre/lib/security/cacerts or the keystore used by your Tomcat, as in our Running JIRA over SSL or HTTPS documentation.
Resolution
Follow our Connecting to SSL services documentation. This will guide you through obtaining the certificate of the service you're accessing and importing it into the recommended Java keystore.
If you're using a non-standard keystore, such as the one specified in Tomcat, please import the certificate into that keystore.
http://blog.chinaunix.net/uid-26284318-id-3069142.html
the detail :
http://architecturalatrocities.com/post/19073788679/fixing-the-trustanchors-problem-when-running
关于配置:
http://blog.chintoju.com/2013/03/jdk-jbosstomcat-ssl-issue-the-trusta.html
在bin/catalina.sh中, 加入:
-Djavax.net.ssl.trustStore=<TRUST_STORE_LOCATION>
-Djavax.net.ssl.trustStorePassword=<TRUST_STORE_PASSWORD>
关于探讨,
http://stackoverflow.com/questions/4764611/java-security-invalidalgorithmparameterexception-the-trustanchors-parameter-mus
中提供了一种方法:
When I copied my jre/lib/security/cacerts file from windows to linux, it worked fine.
扫一扫
2007
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
