我正在尝试配置一种在 jboss-as-7.1.1.Final 上自签名的 ssl 方式。 我已经使用 java keytool 创建了一个 keystore
以下是我用来生成 keystore 的命令
keytool -genkey -alias foo -keyalg RSA -keystore foo.keystore -validity 10950
keystore 已生成。我已经修改了 standalone.xml 文件
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" redirect-port="8443"/>
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
<ssl name="foo-ssl" key-alias="foo" password="password" certificate-key-file="D:\Projects\Fiserv\certificate\self signed\foo.keystore" protocol="TLSv1" verify-client="true"/>
</connector>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
<alias name="example.com"/>
</virtual-server>
</subsystem>
http wprks 很好,但是当我使用 https 时,出现以下错误
Certificate-based authentication failed
Hide details
This server requires a certificate for authentication, and didn't accept the one sent by the browser. Your certificate may have expired, or the server may not trust its issuer. You can try again with a different certificate, if you have one, or you may have to obtain a valid certificate from elsewhere.
Error code: ERR_BAD_SSL_CLIENT_AUTH_CERT
最佳答案
您需要将 verify-client="true"设置为 false。您现在已指定客户端还必须出示证书(即相互身份验证)。这也是错误代码所说的:ERR_BAD_SSL_CLIENT_AUTH_CERT
关于java - 通过 jboss-as-7.1.1.Final 的一种方式 ssl,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/29187073/