JBOSS/WILDFLY TLS/SSL 上的服务器在不使用 --ignore 选项或不绕过安全性的情况下使用自签名证书?
JBOSS/WILDFLY server on TLS/SSL using self-signed certificate without using the --ignore option or without bypassing the security?
我正在尝试设置 API 与需要 SSL/TLS API 端点的第 3 方的集成。
我不太清楚这个网络集成是如何工作的。
这是我的 jboss 配置文件连接器的样子:
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
<ssl name="https" password="myPass" certificate-key-file="../standalone/configuration/server.keystore"/>
</connector>
证书密钥文件是使用以下命令生成的:
keytool -genkey -alias jboss_certificate -keyalg RSA -validity 365 -keystore server.keystore -storetype JKS
我正在尝试的请求:
curl -i -H "Accept: application/json" -H "Content-Type: application/json" -X GET https://<full_url>/hook
这是集成端点的错误:
curl: (60) SSL certificate problem: Invalid certificate chain
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
这是客户端的证书验证问题,而不是 Wildfly 问题。您的(自签名)证书无效,cURL 只是让您知道这一点。如果您希望客户端信任此证书,则需要将其添加到客户端证书存储区。 https://unix.stackexchange.com/questions/90450/adding-a-self-signed-certificate-to-the-trusted-list
如果您需要来自有效 CA 的(免费)SSL/TLS 证书并且您的网站是面向网络的,您可以尝试使用 https://letsencrypt.org 来检索有效证书。将它们安装到 WFLY 不像 NGNX 或 Apache 那样无缝,但仍然可以通过几个步骤或编写脚本完成。
我正在尝试设置 API 与需要 SSL/TLS API 端点的第 3 方的集成。 我不太清楚这个网络集成是如何工作的。
这是我的 jboss 配置文件连接器的样子:
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
<ssl name="https" password="myPass" certificate-key-file="../standalone/configuration/server.keystore"/>
</connector>
证书密钥文件是使用以下命令生成的:
keytool -genkey -alias jboss_certificate -keyalg RSA -validity 365 -keystore server.keystore -storetype JKS
我正在尝试的请求:
curl -i -H "Accept: application/json" -H "Content-Type: application/json" -X GET https://<full_url>/hook
这是集成端点的错误:
curl: (60) SSL certificate problem: Invalid certificate chain
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
这是客户端的证书验证问题,而不是 Wildfly 问题。您的(自签名)证书无效,cURL 只是让您知道这一点。如果您希望客户端信任此证书,则需要将其添加到客户端证书存储区。 https://unix.stackexchange.com/questions/90450/adding-a-self-signed-certificate-to-the-trusted-list
如果您需要来自有效 CA 的(免费)SSL/TLS 证书并且您的网站是面向网络的,您可以尝试使用 https://letsencrypt.org 来检索有效证书。将它们安装到 WFLY 不像 NGNX 或 Apache 那样无缝,但仍然可以通过几个步骤或编写脚本完成。