AEM6 中的 SSL 配置问题
SSL Configuration issue in AEM6
我在配置已配置 SSL 的 AEM 实例时遇到问题。我正在使用以下命令生成密钥库。
user@user/media/vivek/Misc/SelfWork/Author/ssl$ keytool -genkeypair -keyalg RSA -validity 3650 -alias cqse -keystore /Misc/SelfWork/Author/ssl/cqkeystore.keystore -keypass password -storepass password -dname "CN=sbroders-w7, OU=CQ, O=Adobe, L=Ottawa,S=Ontario, C=CA"
/media/user/Misc/SelfWork/Author/ssl$ keytool -export -alias cqse -file client.cer -keystore cqkeystore.keystore
/media/user/Misc/SelfWork/Author/ssl$ keytool -import -v -trustcacerts -alias cqse -file client.cer -keystore truststore.ts
这会在 /media/vivek/Misc/SelfWork/Author/ssl 生成密钥库和信任库,名称为 cqkeystore.keystore。但是当我启动 AEM 时,err.log 中没有错误。我能看到相关的是
:25.01.2015 20:39:08.794 *INFO* [CM Configuration Updater (ManagedService Update: pid=[org.apache.felix.http])] org.eclipse.jetty.server.AbstractConnector Started SslSelectChannelConnector@0.0.0.0:8558
25.01.2015 20:39:08.794 *INFO* [CM Configuration Updater (ManagedService Update: pid=[org.apache.felix.http])] org.apache.felix.http.jetty Started Jetty 8.1.14.v20131031 at port(s) HTTP:8588 HTTPS:8558 on context path /
以下是我在 felix 上的详细配置信息(httpd.config)。重新启动时,它仅在 http 上运行,而不在 https 上运行。
org.apache.felix.https.keystore.password="password"
org.apache.felix.http.session.timeout=I"0"
org.apache.felix.https.clientcertificate="none"
org.apache.felix.http.host="0.0.0.0"
org.apache.felix.http.debug=B"false"
org.apache.felix.https.jetty.cipersuites.included=[""]
org.apache.felix.https.truststore="/media/user/Misc/SelfWork/Author/ssl/truststore.ts"
org.apache.felix.http.context_path="/"
org.apache.felix.http.jetty.maxFormSize=I"204800"
org.apache.felix.http.jetty.requestBufferSize=I"8192"
org.apache.felix.https.keystore="/media/user/Misc/SelfWork/Author/ssl/cqkeystore.keystore"
org.apache.felix.https.nio=B"true"
org.apache.felix.http.jetty.responseBufferSize=I"24576"
org.apache.felix.http.jetty.headerBufferSize=I"16384"
org.apache.felix.https.enable=B"true"
org.osgi.service.http.port=I"8588"
org.apache.felix.http.enable=B"true"
org.apache.felix.http.mbeans=B"false"
org.osgi.service.http.port.secure=I"8558"
service.pid="org.apache.felix.http"
org.apache.felix.https.truststore.password="password"
org.apache.felix.http.nio=B"true"
org.apache.felix.https.keystore.key.password="password"
org.apache.felix.http.timeout=I"60000"
org.apache.felix.https.jetty.cipersuites.excluded=[""]
org.apache.felix.http.path_exclusions=["/system"]
关于如何解决这个问题的任何建议。
谢谢
以下配置对我有用,
org.apache.felix.https.keystore.key.password="password"
service.pid="org.apache.felix.http"
org.apache.felix.https.nio=B"true"
org.apache.felix.https.keystore.key="cqse"
org.apache.felix.https.keystore.password="password"
org.apache.felix.https.keystore="crx-quickstart/conf/cqkeystore.keystore"
org.osgi.service.http.port.secure=L"5433"
org.apache.felix.https.enable=B"true"
我按照文档遵循的步骤:Enable SSL on Author
并使用此命令创建密钥库:user@user-Aspire:/media/user/Misc/SelfWork/Author/crx-quickstart/conf$ keytool -genkeypair -keyalg RSA -validity 3650 -alias cqse -keystore cqkeystore.keystore -keypass password -storepass password -dname "CN=sbroders-w7, OU=CQ, O=Adobe, L=Ottawa, S=Ontario, C=CA"
我在配置已配置 SSL 的 AEM 实例时遇到问题。我正在使用以下命令生成密钥库。
user@user/media/vivek/Misc/SelfWork/Author/ssl$ keytool -genkeypair -keyalg RSA -validity 3650 -alias cqse -keystore /Misc/SelfWork/Author/ssl/cqkeystore.keystore -keypass password -storepass password -dname "CN=sbroders-w7, OU=CQ, O=Adobe, L=Ottawa,S=Ontario, C=CA"
/media/user/Misc/SelfWork/Author/ssl$ keytool -export -alias cqse -file client.cer -keystore cqkeystore.keystore
/media/user/Misc/SelfWork/Author/ssl$ keytool -import -v -trustcacerts -alias cqse -file client.cer -keystore truststore.ts
这会在 /media/vivek/Misc/SelfWork/Author/ssl 生成密钥库和信任库,名称为 cqkeystore.keystore。但是当我启动 AEM 时,err.log 中没有错误。我能看到相关的是
:25.01.2015 20:39:08.794 *INFO* [CM Configuration Updater (ManagedService Update: pid=[org.apache.felix.http])] org.eclipse.jetty.server.AbstractConnector Started SslSelectChannelConnector@0.0.0.0:8558
25.01.2015 20:39:08.794 *INFO* [CM Configuration Updater (ManagedService Update: pid=[org.apache.felix.http])] org.apache.felix.http.jetty Started Jetty 8.1.14.v20131031 at port(s) HTTP:8588 HTTPS:8558 on context path /
以下是我在 felix 上的详细配置信息(httpd.config)。重新启动时,它仅在 http 上运行,而不在 https 上运行。
org.apache.felix.https.keystore.password="password"
org.apache.felix.http.session.timeout=I"0"
org.apache.felix.https.clientcertificate="none"
org.apache.felix.http.host="0.0.0.0"
org.apache.felix.http.debug=B"false"
org.apache.felix.https.jetty.cipersuites.included=[""]
org.apache.felix.https.truststore="/media/user/Misc/SelfWork/Author/ssl/truststore.ts"
org.apache.felix.http.context_path="/"
org.apache.felix.http.jetty.maxFormSize=I"204800"
org.apache.felix.http.jetty.requestBufferSize=I"8192"
org.apache.felix.https.keystore="/media/user/Misc/SelfWork/Author/ssl/cqkeystore.keystore"
org.apache.felix.https.nio=B"true"
org.apache.felix.http.jetty.responseBufferSize=I"24576"
org.apache.felix.http.jetty.headerBufferSize=I"16384"
org.apache.felix.https.enable=B"true"
org.osgi.service.http.port=I"8588"
org.apache.felix.http.enable=B"true"
org.apache.felix.http.mbeans=B"false"
org.osgi.service.http.port.secure=I"8558"
service.pid="org.apache.felix.http"
org.apache.felix.https.truststore.password="password"
org.apache.felix.http.nio=B"true"
org.apache.felix.https.keystore.key.password="password"
org.apache.felix.http.timeout=I"60000"
org.apache.felix.https.jetty.cipersuites.excluded=[""]
org.apache.felix.http.path_exclusions=["/system"]
关于如何解决这个问题的任何建议。
谢谢
以下配置对我有用,
org.apache.felix.https.keystore.key.password="password"
service.pid="org.apache.felix.http"
org.apache.felix.https.nio=B"true"
org.apache.felix.https.keystore.key="cqse"
org.apache.felix.https.keystore.password="password"
org.apache.felix.https.keystore="crx-quickstart/conf/cqkeystore.keystore"
org.osgi.service.http.port.secure=L"5433"
org.apache.felix.https.enable=B"true"
我按照文档遵循的步骤:Enable SSL on Author
并使用此命令创建密钥库:user@user-Aspire:/media/user/Misc/SelfWork/Author/crx-quickstart/conf$ keytool -genkeypair -keyalg RSA -validity 3650 -alias cqse -keystore cqkeystore.keystore -keypass password -storepass password -dname "CN=sbroders-w7, OU=CQ, O=Adobe, L=Ottawa, S=Ontario, C=CA"