我正在尝试为Jetty服务器上的服务启用安全(SSL)JMX连接。所有步骤均在一台PC上完成,以简化操作。
我生成密钥:
keytool -genkey -alias myKeyServer -keyalg RSA -validity 365 -keystore myKeyServerStore.keystore -storepass 12345678 -keypass 12345678 -dname "CN=John Galt, OU=ADS, O=Company, L=Jersey, S=Jersey, C=US"
然后导出它:
keytool -export -alias myKeyServer -keystore myKeyServerStore.keystore -file myKeyServer.cer -storepass 12345678
然后导入它:
keytool -import -alias myKeyServer -file myKeyServer.cer -keystore myKeyServer.truststore -storepass 12345678 -noprompt
然后我开始独立Jetty:
java -Dcom.sun.management.jmxremote=true
-Dcom.sun.management.jmxremote.port=1616
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=true
-Djavax.net.ssl.keyStore=\"C:\Java\jdk1.7.0_07\bin\myKeyServerStore.keystore\"
-Djavax.net.ssl.keyStorePassword=12345678
-Djavax.net.ssl.trustStore=\"C:\Java\jdk1.7.0_07\bin\myKeyServer.truststore\"
-Djavax.net.ssl.trustStorePassword=12345678
-Dcom.sun.management.jmxremote.ssl.need.client.auth=true
-Dcom.sun.management.jmxremote.registry.ssl=true
-jar start.jar
它成功启动。然后我启动JConsole:
jconsole
-J-Djavax.net.ssl.trustStore=\"C:\Java\jdk1.7.0_07\bin\myKeyServer.truststore\"
-J-Djavax.net.ssl.trustStorePassword=12345678
-J-Djavax.net.ssl.keyStore=\"C:\Java\jdk1.7.0_07\bin\myKeyServerStore.keystore\"
-J-Djavax.net.ssl.keyStorePassword=12345678
192.168.0.1:1616
之后我在Jetty服务器控制台中得到一个例外:
java.net.SocketException: java.security.NoSuchAlgorithmException:
Error constructing implementation (algorithm: Default, provider: SunJSSE,
class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
at javax.net.ssl.DefaultSSLSocketFactory.throwException(Unknown Source)
at javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown Source)
at javax.rmi.ssl.SslRMIServerSocketFactory$1.accept(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport$AcceptLoop.executeAcceptLoop(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport$AcceptLoop.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.security.NoSuchAlgorithmException:
Error constructing implementation (algorithm: Default, provider: SunJSSE,
class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
at java.security.Provider$Service.newInstance(Unknown Source)
at sun.security.jca.GetInstance.getInstance(Unknown Source)
at sun.security.jca.GetInstance.getInstance(Unknown Source)
at javax.net.ssl.SSLContext.getInstance(Unknown Source)
at javax.net.ssl.SSLContext.getDefault(Unknown Source)
at javax.net.ssl.SSLSocketFactory.getDefault(Unknown Source)
at javax.rmi.ssl.SslRMIServerSocketFactory.getDefaultSSLSocketFactory(Unknown Source)
at javax.rmi.ssl.SslRMIServerSocketFactory.<init>(Unknown Source)
at javax.rmi.ssl.SslRMIServerSocketFactory.<init>(Unknown Source)
at sun.management.jmxremote.ConnectorBootstrap.createSslRMIServerSocketFactory(Unknown Source)
at sun.management.jmxremote.ConnectorBootstrap.exportMBeanServer(Unknown Source)
at sun.management.jmxremote.ConnectorBootstrap.startRemoteConnectorServer(Unknown Source)
at sun.management.Agent.startAgent(Unknown Source)
at sun.management.Agent.startAgent(Unknown Source)
Caused by: java.security.PrivilegedActionException:
java.io.FileNotFoundException: "C:\Java\jdk1.7.0_07\bin\myKeyServerStore.keystore"
(╤шэЄръёшўхёър ю°шсър т шьхэш Їрщыр, шьхэш яряъш шыш ьхЄъх Єюьр)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.SSLContextImpl$DefaultSSLContext.getDefaultKeyManager(Unknown Source)
at sun.security.ssl.SSLContextImpl$DefaultSSLContext.<init>(Unknown Source)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at java.lang.Class.newInstance0(Unknown Source)
at java.lang.Class.newInstance(Unknown Source)
... 14 more
Caused by: java.io.FileNotFoundException: "C:\Java\jdk1.7.0_07\bin\myKeyServerStore.keystore"
(╤шэЄръёшўхёър ю°шсър т шьхэш Їрщыр, шьхэш яряъш шыш ьхЄъх Єюьр)
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.<init>(Unknown Source)
at java.io.FileInputStream.<init>(Unknown Source)
at sun.security.ssl.SSLContextImpl$DefaultSSLContext$2.run(Unknown Source)
at sun.security.ssl.SSLContextImpl$DefaultSSLContext$2.run(Unknown Source)
... 23 more
但是如果我禁用SSL,JConsole可以成功连接到Jetty。有人知道怎么解决吗?