我在jboss 7下部署了一个Java EE应用程序,我想使用https
我修改了standalone.xml
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" redirect-port="8443"/>
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
<ssl key-alias="ads-credentials" password="esprit" certificate-key-file="D:\server-keytool.jks" protocol="TLS" verify-client="false"/>
</connector>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
<alias name="example.com"/>
</virtual-server>
</subsystem>
但是当我测试时我有这个错误:
.........
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) [jsse.jar:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1649) [jsse.jar:1.6]
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241) [jsse.jar:1.6]
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235) [jsse.jar:1.6]
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206) [jsse.jar:1.6]
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136) [jsse.jar:1.6]
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593) [jsse.jar:1.6]
我使用此命令生成证书:
keytool -genkey -alias ads-credentials -keyalg RSA -keystore server-keytool.jks
serach之后我认为我应该将证书导入jvm ,但我不知道如何才能进行此配置我使用 jdk1.6.0_25
已更新:
我尝试使用此解决方案:
C:\ javatools \ jdk1.6.0_25 \ jre \ lib \ security&gt; keytool -import -alias ads-credentials -keystore D:\ server-keytool.jks -trustcacerts -file cacerts
但我有这个错误:
C:\javatools\jdk1.6.0_25\jre\lib\security>keytool -import -alias ads-credentials
-keystore D:\server-keytool.jks -trustcacerts -file cacerts
Tapez le mot de passe du Keystore :
erreur keytool : java.security.cert.CertificateException: java.io.IOException: D
erInputStream.getLength(): lengthTag=109, too big.
我使用的密码与用于创建证书的密码相同:测试
这是我的证书信息:
C:\javatools\jdk1.6.0_25\jre\lib\security>keytool -list -v -keystore D:\server-k
eytool.jks
Tapez le mot de passe du Keystore :
Type Keystore : JKS
Fournisseur Keystore : SUN
Votre Keystore contient 1 entrÚe(s)
Nom d'alias : ads-credentials
Date de crÚation : 8 janv. 2014
Type d'entrÚeá: PrivateKeyEntry
Longueur de cha¯ne du certificat : 1
Certificat[1]:
PropriÚtaireá: CN=alen dumas, OU=ing, O=dao, L=france, ST=nice, C=216
╔metteurá: CN=alen dumas, OU=ing, O=dao, L=france, ST=nice, C=216
NumÚro de sÚrieá: 52cd6102
Valide duá: Wed Jan 08 15:30:26 CET 2014 auá: Tue Apr 08 16:30:26 CEST 2014
Empreintes du certificatá:
MD5á: E7:A2:8D:8E:51:2E:FC:44:DB:22:3E:BF:8F:D4:81:88
SHA1á: 05:37:72:10:88:0B:08:8E:FA:05:60:54:48:61:D9:B3:6D:70:A9:69
Nom de l'algorithme de signatureá: SHA1withRSA
Versioná: 3
*******************************************
*******************************************
C:\javatools\jdk1.6.0_25\jre\lib\security>
答案 0 :(得分:0)
您需要在VM参数中指定-Djavax.net.ssl.trustStore="<ketstore path>"。