报错信息:
Caused by: java.lang.IllegalArgumentException: Keystore was tampered with, or password was incorrect
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:232)
at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1208)
at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1294)
at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:614)
at org.apache.catalina.connector.Connector.startInternal(Connector.java:1072)
... 20 common frames omitted
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:782)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
at java.security.KeyStore.load(KeyStore.java:1445)
at org.apache.tomcat.util.security.KeyStoreUtil.load(KeyStoreUtil.java:69)
at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:216)
at org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:207)
at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:282)
at org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.java:98)
at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:246)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97)
... 26 common frames omitted
Caused by: java.security.UnrecoverableKeyException: Password verification failed
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780)
... 37 common frames omitted
报错原因:因为ssl证书密码不正确
如果在腾讯云申请ssl证书,可以选择设置一个密码,这个密码需要在SpringBoot 配置 https 的时候需要使用到。
错误起因是这样的,因为有两个spring boot项目都需要配置 https,其中一个SpringBoot 版本是 2.3.4
,然后使用如下配置:
# ssl 配置, ssl 证书放在resource目录下
server.ssl.key-store=classpath:test.cn.jks
server.ssl.key-password=yourpassword
server.ssl.key-store-type=jks
在使用的使用没有任何问题,然后复制粘贴到另一个项目,这个项目的 SpringBoot 版本是 2.5.3
,然后就报错了 ,提示密码不正确,但是笔者很肯定密码是正确的。在苦恼很久之后,发现在ssl下配置中除了 key-password 还有 key-store-password,于是尝试以下配置
# ssl
server:
ssl:
key-store: classpath:other.cn.jks
# key-password: yourpassword
key-store-type: jks
key-store-password: yourpassword
以上配置可以正确启动项目,https 也可以正常访问。但是很久两个配置项的注释并没有发现它们之间的不同。