大家好,
我正在尝试为 JBOSS 5 设置 HTTPS,基本上这些是我的步骤:
1) 使用 keytool 我将我需要的证书添加到文件 cacerts C:...\jre\lib\security\cacerts 并用别名“example”命名.
2) 我确认证书已正确添加,这是从新的 cacerts 文件生成的 .txt 文件的摘录:
....
Nome alias: example
Data di creazione: 22-ott-2014
Tipo entry: trustedCertEntry
Proprietario: ST=Italy, L=Padova, EMAILADDRESS=dite.sistemi.middleware@infocamere.it, CN=*.intra.infocamere.it, OU=FTEC, O=InfoCamere S.C.p.A./02313821007, C=IT
Autorità emittente: CN=InfoCert Certification Authority TEST, OU=Internet Services, O=InfoCert SpA, C=IT
Numero di serie: 75d1
Valido da: Thu Sep 12 11:24:21 CEST 2013 a: Sat Jan 11 15:13:30 CET 2014
Impronte digitali certificato:
MD5: 68:C3:BE:D7:DB:2E:B6:08:B6:09:84:8F:7B:EE:26:43
SHA1: 36:CB:C3:98:36:CA:13:DF:DE:15:BA:42:9D:65:7D:B2:A5:BC:1C:A0
Nome algoritmo firma: SHA1withRSA
Versione: 3
...
3) 我将文件 cacerts 复制到 JBOSS 目录 D:\EnterprisePlatform-5.1.2\jboss-eap-5.1\jboss-as\server\all\conf\cacerts强>
4) 我取消注释文件 D:\EnterprisePlatform-5.1.2\jboss-eap-5.1\jboss-as\server\all\deploy\jbossweb.sar\server.xml ,如下所示:
<Connector protocol="HTTP/1.1" SSLEnabled="true"
port="8443" address="${jboss.bind.address}"
scheme="https" secure="true" clientAuth="false"
keystoreFile="${jboss.server.home.dir}/conf/cacerts" keyAlias="example"
keystorePass="changeit" sslProtocol = "TLS" />
5) 我启动 JBOSS 并收到以下错误:
DEPLOYMENTS MISSING DEPENDENCIES:
Deployment "jboss.web.deployment:war=/admin-console" is missing the following dependencies:
Dependency "jboss.web:service=WebServer" (should be in state "Create", but is actually in state "** NOT FOUND Depends on 'jboss.web:service=WebServer' **")
Deployment "jboss.web.deployment:war=/invoker" is missing the following dependencies:
Dependency "jboss.web:service=WebServer" (should be in state "Create", but is actually in state "** NOT FOUND Depends on 'jboss.web:service=WebServer' **")
Deployment "jboss.web.deployment:war=/jbossws" is missing the following dependencies:
Dependency "jboss.web:service=WebServer" (should be in state "Create", but is actually in state "** NOT FOUND Depends on 'jboss.web:service=WebServer' **")
Deployment "jboss.web.deployment:war=/jmx-console" is missing the following dependencies:
Dependency "jboss.web:service=WebServer" (should be in state "Create", but is actually in state "** NOT FOUND Depends on 'jboss.web:service=WebServer' **")
Deployment "jboss.web.deployment:war=/juddi" is missing the following dependencies:
Dependency "jboss.web:service=WebServer" (should be in state "Create", but is actually in state "** NOT FOUND Depends on 'jboss.web:service=WebServer' **")
Deployment "jboss.web.deployment:war=/web-console" is missing the following dependencies:
Dependency "jboss.web:service=WebServer" (should be in state "Create", but is actually in state "** NOT FOUND Depends on 'jboss.web:service=WebServer' **")
DEPLOYMENTS IN ERROR:
Deployment "WebServer" is in error due to the following reason(s): LifecycleException: Protocol handler initialization failed: java.io.IOException: Alias name example does not identify a key entry
Deployment "jboss.web:service=WebServer" is in error due to the following reason(s): ** NOT FOUND Depends on 'jboss.web:service=WebServer' **
我不明白为什么,因为 JBOSS cacerts 路径是正确的(已验证)。在这个文件中还有一个名为“example”的别名。
最佳答案
您必须在 keystore 中拥有私钥和证书。根据问题,您只有别名 example
的证书。
使用您的私钥和公钥证书,您需要先创建一个PKCS12 keystore ,然后将其转换为JKS。
从私钥和公共(public)证书创建 PKCS12 keystore 。
openssl pkcs12 -export -name example -in server.crt -inkey server.key \
-out server.p12
从私钥和公共(public)证书(包括 CA 证书)创建 PKCS12 keystore 。
openssl pkcs12 -export -in server.crt -inkey server.key \
-out server.p12 -name example \
-CAfile ca.crt -caname root
将 pkcs12 文件转换为 java keystore
keytool -importkeystore \
-deststorepass changeit -destkeypass changeit -destkeystore server.jks\
-srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass some-password \
-alias example
要验证JKS的内容,可以使用这个命令:
keytool -list -v -keystore server.jks
关于java - JBoss 5 的 HTTPS,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/26532936/