通过 jboss-as-7.1.1.Final 的一种方式
one way ssl over jboss-as-7.1.1.Final
我正在尝试配置一种在 jboss-as-7.1.1.Final 上自签名的 ssl 方式。
我使用 java keytool
创建了一个密钥库
以下是我用来生成密钥库的命令
keytool -genkey -alias foo -keyalg RSA -keystore foo.keystore -validity 10950
密钥库已生成。我已经修改了 standalone.xml 文件
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" redirect-port="8443"/>
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
<ssl name="foo-ssl" key-alias="foo" password="password" certificate-key-file="D:\Projects\Fiserv\certificate\self signed\foo.keystore" protocol="TLSv1" verify-client="true"/>
</connector>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
<alias name="example.com"/>
</virtual-server>
</subsystem>
http wprks 很好,但是当我使用 https 时,出现以下错误
Certificate-based authentication failed
Hide details
This server requires a certificate for authentication, and didn't accept the one sent by the browser. Your certificate may have expired, or the server may not trust its issuer. You can try again with a different certificate, if you have one, or you may have to obtain a valid certificate from elsewhere.
Error code: ERR_BAD_SSL_CLIENT_AUTH_CERT
您需要将 verify-client="true" 设置为 false。您现在已指定客户端还必须出示证书(即相互身份验证)。这也是错误代码所说的:ERR_BAD_SSL_CLIENT_AUTH_CERT
我正在尝试配置一种在 jboss-as-7.1.1.Final 上自签名的 ssl 方式。 我使用 java keytool
创建了一个密钥库以下是我用来生成密钥库的命令
keytool -genkey -alias foo -keyalg RSA -keystore foo.keystore -validity 10950
密钥库已生成。我已经修改了 standalone.xml 文件
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" redirect-port="8443"/>
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
<ssl name="foo-ssl" key-alias="foo" password="password" certificate-key-file="D:\Projects\Fiserv\certificate\self signed\foo.keystore" protocol="TLSv1" verify-client="true"/>
</connector>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
<alias name="example.com"/>
</virtual-server>
</subsystem>
http wprks 很好,但是当我使用 https 时,出现以下错误
Certificate-based authentication failed
Hide details
This server requires a certificate for authentication, and didn't accept the one sent by the browser. Your certificate may have expired, or the server may not trust its issuer. You can try again with a different certificate, if you have one, or you may have to obtain a valid certificate from elsewhere.
Error code: ERR_BAD_SSL_CLIENT_AUTH_CERT
您需要将 verify-client="true" 设置为 false。您现在已指定客户端还必须出示证书(即相互身份验证)。这也是错误代码所说的:ERR_BAD_SSL_CLIENT_AUTH_CERT