我正在运行Tomcat 6.为了尝试修复一些证书链问题,我正在搞乱密钥库,而且我不小心把生产版本,而不是我正在使用的.new文件。
现在,Tomcat仍在运行,仍然能够提供HTTPS连接(我在Web浏览器中testing过)。 显然,必须有一个它仍然可以访问的私钥副本。 我的第一个想法是检查/proc/PID/fd ,所以我跑了sudo lsof | grep tomcat sudo lsof | grep tomcat 。 这适当地返回打开文件的列表:
$ sudo lsof | head -1; sudo lsof | grep tomcat COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME java 2599 root cwd DIR 202,1 4096 413699 /usr/share/apache-tomcat-6.0.44/bin java 2599 root mem REG 202,1 51715 413777 /usr/share/apache-tomcat-6.0.44/lib/tomcat-i18n-fr.jar java 2599 root mem REG 202,1 528303 413771 /usr/share/apache-tomcat-6.0.44/lib/jasper.jar java 2599 root mem REG 202,1 1250454 413767 /usr/share/apache-tomcat-6.0.44/lib/catalina.jar java 2599 root mem REG 202,1 132216 413765 /usr/share/apache-tomcat-6.0.44/lib/catalina-ha.jar java 2599 root mem REG 202,1 54334 413778 /usr/share/apache-tomcat-6.0.44/lib/tomcat-i18n-ja.jar java 2599 root mem REG 202,1 1830791 413768 /usr/share/apache-tomcat-6.0.44/lib/ecj-4.3.1.jar java 2599 root mem REG 202,1 54624 413764 /usr/share/apache-tomcat-6.0.44/lib/catalina-ant.jar java 2599 root mem REG 202,1 70563 413776 /usr/share/apache-tomcat-6.0.44/lib/tomcat-i18n-es.jar java 2599 root mem REG 202,1 112521 413770 /usr/share/apache-tomcat-6.0.44/lib/jasper-el.jar java 2599 root mem REG 202,1 76649 413772 /usr/share/apache-tomcat-6.0.44/lib/jsp-api.jar java 2599 root mem REG 202,1 34622 413769 /usr/share/apache-tomcat-6.0.44/lib/el-api.jar java 2599 root mem REG 202,1 253635 413775 /usr/share/apache-tomcat-6.0.44/lib/tomcat-dbcp.jar java 2599 root mem REG 202,1 15250 413763 /usr/share/apache-tomcat-6.0.44/lib/annotations-api.jar java 2599 root mem REG 202,1 801374 413774 /usr/share/apache-tomcat-6.0.44/lib/tomcat-coyote.jar java 2599 root mem REG 202,1 239165 413766 /usr/share/apache-tomcat-6.0.44/lib/catalina-tribes.jar java 2599 root mem REG 202,1 132240 413773 /usr/share/apache-tomcat-6.0.44/lib/servlet-api.jar java 2599 root mem REG 202,1 32384 413759 /usr/share/apache-tomcat-6.0.44/bin/tomcat-juli.jar java 2599 root mem REG 202,1 24283 413753 /usr/share/apache-tomcat-6.0.44/bin/commons-daemon.jar java 2599 root mem REG 202,1 22807 413749 /usr/share/apache-tomcat-6.0.44/bin/bootstrap.jar java 2599 root 1w REG 202,1 17024956 413713 /usr/share/apache-tomcat-6.0.44/logs/catalina.out java 2599 root 2w REG 202,1 17024956 413713 /usr/share/apache-tomcat-6.0.44/logs/catalina.out java 2599 root 4r REG 202,1 22807 413749 /usr/share/apache-tomcat-6.0.44/bin/bootstrap.jar java 2599 root 5r REG 202,1 24283 413753 /usr/share/apache-tomcat-6.0.44/bin/commons-daemon.jar java 2599 root 6r REG 202,1 32384 413759 /usr/share/apache-tomcat-6.0.44/bin/tomcat-juli.jar java 2599 root 7w REG 202,1 4072 396419 /usr/share/apache-tomcat-6.0.44/logs/catalina.2016-04-21.log java 2599 root 8w REG 202,1 1182 396447 /usr/share/apache-tomcat-6.0.44/logs/localhost.2016-04-21.log java 2599 root 9w REG 202,1 0 396448 /usr/share/apache-tomcat-6.0.44/logs/manager.2016-04-21.log java 2599 root 10w REG 202,1 0 396455 /usr/share/apache-tomcat-6.0.44/logs/host-manager.2016-04-21.log java 2599 root 11r REG 202,1 239165 413766 /usr/share/apache-tomcat-6.0.44/lib/catalina-tribes.jar java 2599 root 12r REG 202,1 801374 413774 /usr/share/apache-tomcat-6.0.44/lib/tomcat-coyote.jar java 2599 root 13r REG 202,1 253635 413775 /usr/share/apache-tomcat-6.0.44/lib/tomcat-dbcp.jar java 2599 root 14r REG 202,1 132240 413773 /usr/share/apache-tomcat-6.0.44/lib/servlet-api.jar java 2599 root 15r REG 202,1 34622 413769 /usr/share/apache-tomcat-6.0.44/lib/el-api.jar java 2599 root 16r REG 202,1 76649 413772 /usr/share/apache-tomcat-6.0.44/lib/jsp-api.jar java 2599 root 17r REG 202,1 112521 413770 /usr/share/apache-tomcat-6.0.44/lib/jasper-el.jar java 2599 root 18r REG 202,1 70563 413776 /usr/share/apache-tomcat-6.0.44/lib/tomcat-i18n-es.jar java 2599 root 19r REG 202,1 54624 413764 /usr/share/apache-tomcat-6.0.44/lib/catalina-ant.jar java 2599 root 20r REG 202,1 1830791 413768 /usr/share/apache-tomcat-6.0.44/lib/ecj-4.3.1.jar java 2599 root 21r REG 202,1 54334 413778 /usr/share/apache-tomcat-6.0.44/lib/tomcat-i18n-ja.jar java 2599 root 22r REG 202,1 15250 413763 /usr/share/apache-tomcat-6.0.44/lib/annotations-api.jar java 2599 root 23r REG 202,1 132216 413765 /usr/share/apache-tomcat-6.0.44/lib/catalina-ha.jar java 2599 root 24r REG 202,1 1250454 413767 /usr/share/apache-tomcat-6.0.44/lib/catalina.jar java 2599 root 25r REG 202,1 528303 413771 /usr/share/apache-tomcat-6.0.44/lib/jasper.jar java 2599 root 26r REG 202,1 51715 413777 /usr/share/apache-tomcat-6.0.44/lib/tomcat-i18n-fr.jar bash 29579 ec2-user cwd DIR 202,1 4096 413708 /usr/share/apache-tomcat-6.0.44/conf sudo 30595 root cwd DIR 202,1 4096 413708 /usr/share/apache-tomcat-6.0.44/conf grep 30596 ec2-user cwd DIR 202,1 4096 413708 /usr/share/apache-tomcat-6.0.44/conf lsof 30597 root cwd DIR 202,1 4096 413708 /usr/share/apache-tomcat-6.0.44/conf lsof 30598 root cwd DIR 202,1 4096 413708 /usr/share/apache-tomcat-6.0.44/conf
但不幸的是,我的密钥库不是其中之一。 我猜Tomcat必须把它加载到内存中,然后closures文件描述符。 (密钥库在/conf上面,但是这些文件描述符来自我的开放shell,而不是来自Tomcat本身。)
所以:有什么办法来恢复我的私钥? 我在亚马逊Linux上; uname -a返回Linux ip-10-0-0-105 4.4.5-15.26.amzn1.x86_64 #1 SMP Wed Mar 16 17:15:34 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux 。
你可以尝试使用passe-partout 。
我已经成功地使用它与Apache,而不是与Tomcat,但它的广告与Tomcat 7.0.34 + apr 1.4.6 + jdk7-openjdk 7.u9。