我正在尝试使用我自己的 CAcert.org 证书在我的互联网 glassfish 服务器上启用 ssl。我遵循了 Masoud Kalali 的介绍: http://weblogs.java.net/blog/kalali/archive/2010/02/27/how-install-godaddy-certificate-your-glassfish-v3
但毕竟当我尝试连接到我的 ssl 端口时,我收到了下面发布的服务器错误消息。 任何人都可以帮我解决消息“SSL 配置无效,因为没有可用的证书或 key 对应于启用的 SSL 密码套件。”方法?。使用 CAcert.org 创建的证书是否有可能不适用于 glassfish?
[#|2012-03-20T16:21:00.289+0100|WARNING|glassfish3.1|com.sun.grizzly.config.GrizzlyServiceListener|_ThreadID=18;_ThreadName=Thread-1;|GRIZZLY0007: SSL support could not be configured!
java.io.IOException: SSL configuration is invalid due to No available certificate or key corresponds to the SSL cipher suites which are enabled.
at com.sun.grizzly.util.net.jsse.JSSE14SocketFactory.checkConfig(JSSE14SocketFactory.java:455)
at com.sun.grizzly.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:183)
at com.sun.grizzly.config.SSLConfigHolder.initializeSSL(SSLConfigHolder.java:361)
at com.sun.grizzly.config.SSLConfigHolder.configureSSL(SSLConfigHolder.java:237)
at com.sun.grizzly.config.GrizzlyEmbeddedHttps$LazySSLInitializationFilter.execute(GrizzlyEmbeddedHttps.java:202)
at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
at java.lang.Thread.run(Thread.java:662)
Caused by: javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:310)
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:255)
at com.sun.grizzly.util.net.jsse.JSSE14SocketFactory.checkConfig(JSSE14SocketFactory.java:451)
... 14 more
|#]
[#|2012-03-20T16:21:00.303+0100|SEVERE|glassfish3.1|com.sun.grizzly.config.GrizzlyServiceListener|_ThreadID=18;_ThreadName=Thread-1;|ProtocolChain exception
java.lang.NullPointerException
at com.sun.grizzly.filter.SSLReadFilter.newSSLEngine(SSLReadFilter.java:352)
at com.sun.grizzly.filter.SSLReadFilter.obtainSSLEngine(SSLReadFilter.java:399)
at com.sun.grizzly.filter.SSLReadFilter.execute(SSLReadFilter.java:159)
at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
at java.lang.Thread.run(Thread.java:662)
|#]
[#|2012-03-20T16:21:00.303+0100|SEVERE|glassfish3.1|com.sun.grizzly.config.GrizzlyServiceListener|_ThreadID=19;_ThreadName=Thread-1;|ProtocolChain exception
java.lang.NullPointerException
at com.sun.grizzly.filter.SSLReadFilter.newSSLEngine(SSLReadFilter.java:352)
at com.sun.grizzly.filter.SSLReadFilter.obtainSSLEngine(SSLReadFilter.java:399)
at com.sun.grizzly.filter.SSLReadFilter.execute(SSLReadFilter.java:159)
at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
at java.lang.Thread.run(Thread.java:662)
|#]
感谢您的帮助
拉尔夫
最佳答案
在博客链接提供的所有说明的末尾,您将拥有 smth.jks。
keytool -list -keystore smth.jks 会将您的证书列为 PrivateEntryKey
还有另一个 PrivateEntryKey : s1as in original /domain/domain1/config/keystore.jks
我猜 s1as 被 glassfish 使用,当它不在这里时服务器不会启动。
S0,你必须将 s1as 和你的签名证书都包含到原始 keystore.jks 作为 PrivateEntryKey。
但是不可能单独导入它们。如果您尝试从 smth.jks 中导出 PrvateEntryKey,将其删除并重新导入,您将发现它是受信任的证书。发布的原因是 keytoll 只能导出 PrivateEntryKey 的自签名部分。
您必须立即将 smth.jks 导入到 keytore.jks。
keytool -importkeystore -srckeystore smth.jks -destkeystore keystore.jks
另外,如果您的 smth.jks keystore 密码不是“changeit”,那么您必须更改 glassfish 上的主密码
keytool -keypasswd -alias s1as -keypass changeit -new 12345678 -keystore keystore.jks
然后 asadmin change-master-password --savemasterpassword=true
考虑到上述情况,我在 glassfish 2.1 中成功配置了 SSL
希望对你也有帮助
关于ssl - 如何将来自 CAcert.org 的 SSL 证书安装到 GlassFish v3 中,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/9790902/