一、問題由來
最近在部署后台系統項目的時候,希望給項目增加一些安全措施,在項目中添加了SSL證書,可是在自己添加完該證書后,測試啟動項目立馬報錯。
報錯信息如下:
org.springframework.boot.web.server.WebServerException: Unable to start embedded Tomcat server
at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:215)
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.startWebServer(ServletWebServerApplicationContext.java:297)
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.finishRefresh(ServletWebServerApplicationContext.java:163)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:553)
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:141)
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:747)
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:397)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:315)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1226)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1215)
at com.kaishun.study.WebBackendApplication.main(WebBackendApplication.java:20)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.boot.devtools.restart.RestartLauncher.run(RestartLauncher.java:49)
Caused by: java.lang.IllegalArgumentException: standardService.connector.startFailed
at org.apache.catalina.core.StandardService.addConnector(StandardService.java:231)
at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.addPreviouslyRemovedConnectors(TomcatWebServer.java:278)
at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:197)
... 15 common frames omitted
Caused by: org.apache.catalina.LifecycleException: Protocol handler start failed
at org.apache.catalina.connector.Connector.startInternal(Connector.java:1008)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.core.StandardService.addConnector(StandardService.java:227)
... 17 common frames omitted
Caused by: java.lang.IllegalArgumentException: keystore password was incorrect
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:217)
at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1141)
at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1227)
at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:586)
at org.apache.catalina.connector.Connector.startInternal(Connector.java:1005)
... 19 common frames omitted
Caused by: java.io.IOException: keystore password was incorrect
at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2015)
at java.security.KeyStore.load(KeyStore.java:1445)
at org.apache.tomcat.util.security.KeyStoreUtil.load(KeyStoreUtil.java:67)
at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:217)
at org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:206)
at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:283)
at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97)
... 25 common frames omitted
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded
... 33 common frames omitted
大致意思是說服務器不能正常啟動,keystore 的密碼無效。
二、問題分析
這個是配置信息
對於這個錯誤信息感到一頭霧水,之前也是使用這種配置方式來進行配置的,怎么突然就不行了呢,讓我很是意外。自己也反復的回想
自己在這當中進行的一些操作,第一次部署SSL證書時,是直接從阿里雲官網上面下載下來的,密碼和證書是成對出現的。我第二次配置
這個證書的時候,也是從阿里元官網上面下載的,密碼是使用新的,可是pfx證書卻是從之前那個項目當中拷貝過來的。因為密碼全部做了加密操作,
忘記了之前的密碼,才使用最新下載的SSL證書的密碼,證書確是使用舊有的。
分析到這里,自己也知道出問題的原因了。我立馬又去阿里雲重新下載了一個tomcat的SSL證書,發現密碼又變了。因此確定這個問題的原因
所在,每次下載阿里雲的SSL證書時,pfx證書和密碼都是成對出現的,不能混用。
三、解決方案
搞清楚問題的原因之后,我立馬進行修改,使用正確的、配對的證書,重新啟動項目,出現新問題。
jsse.alias_no_key_entry
我倒回去查看之前的配置信息,發現最新項目的配置中多了一行配置,立馬刪除。
重新啟動項目,正常啟動,問題解決。