在下面的输出中,我被问到我是否相信证书,我在Glassfish 4.0中没有被问过。如果我回答是,那么它仍然会失败,可以看出。
我使用asadmin start-domain启动它,然后在此测试中将管理员密码更改为x。我使用asadmin --user admin change-admin-password和asadmin enable-secure-admin更改了passowrd。
这是错误:
Do you trust the above certificate [y|N] -->y
Authentication failed for user: admin (Usually, this means invalid user name and/or password)
Command change-admin-password failed.
问题
有没有人知道为什么Glassfish 4.1会询问这个证书以及如何让它工作,因为我无法登录,即使它以此结束也是成功的。
Waiting for domain1 to start .......
Successfully started the domain : domain1
domain Location: /opt/glassfish4/glassfish/domains/domain1
Log File: /opt/glassfish4/glassfish/domains/domain1/logs/server.log
Admin Port: 4848
Command start-domain executed successfully.
=> Modifying password of admin to preset in Glassfish
spawn asadmin --user admin change-admin-password
Enter the admin password>
Enter the new admin password>
Enter the new admin password again>
[
[
Version: V3
Subject: CN=localhost, OU=GlassFish, O=Oracle Corporation, L=Santa Clara, ST=California, C=US
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 19016962123073818913980587828837922486576420141613590721707437891327039833432551153803083906839156766507774007880420863368627703049499522525030078369904284618227297420407350669314980277911425446307700835083768858763078579295691981047129695516569551334653620772195238596206551972125661803284768176221481772121528672632308667324875827891801774801031021244005840124791813739105291627626830463412652100947239506418948577875286315103270404232934705194347849152036735770668664880970935638976368368387912487716546355239785885758256691359924727187516306879956018711242524702651771632411566014598382402754461656354400636380993
public exponent: 65537
Validity: [From: Thu Aug 21 13:30:10 UTC 2014,
To: Sun Aug 18 13:30:10 UTC 2024]
Issuer: CN=localhost, OU=GlassFish, O=Oracle Corporation, L=Santa Clara, ST=California, C=US
SerialNumber: [ 31eb8d9f]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 13 55 DB 7D A9 31 71 A3 33 40 56 D3 49 A9 77 42 .U...1q.3@V.I.wB
0010: 90 A3 59 39 ..Y9
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 07 E5 F1 96 38 CE 55 33 1C 65 A5 5A 38 90 EB 98 ....8.U3.e.Z8...
0010: 59 A1 AE 19 5F BF 5F 53 BE CF 36 54 2F 03 5D 5E Y..._._S..6T/.]^
0020: 9D 21 3C DC CC C9 A1 5E E0 0B 71 31 36 CE 3A DB .!<....^..q16.:.
0030: BB 78 40 ED 5B FB 0A F0 E6 01 5A C3 29 CD 0B E1 .x@.[.....Z.)...
0040: A1 0D A9 99 ED D8 28 78 DA 1B 2F 15 25 46 85 D8 ......(x../.%F..
0050: B3 8F E7 79 0F EF 37 6A 55 06 E0 2D 0C 67 F3 60 ...y..7jU..-.g.`
0060: 46 AB C2 F5 AC 70 5E 9F 3C EF E3 33 61 34 C4 F9 F....p^.<..3a4..
0070: CB 5A 83 10 82 E5 DA F3 15 1D 28 B2 F9 DE 53 F0 .Z........(...S.
0080: 10 72 79 48 BA B4 AC EC 49 16 92 D8 A6 48 B5 A7 .ryH....I....H..
0090: 3A 6F 37 15 02 F4 66 66 94 8C 82 2C 57 7A 45 04 :o7...ff...,WzE.
00A0: 33 31 F6 9B 7C 6A 04 B0 0A 01 8E 8E B9 31 9E 9A 31...j.......1..
00B0: AC 53 F7 CB 38 F6 E5 DB 86 FF F2 D8 39 77 34 47 .S..8.......9w4G
00C0: 5F 7F EC F3 37 79 08 EB 59 B5 90 3F D9 7E E8 70 _...7y..Y..?...p
00D0: C3 F4 DD 17 EC B4 19 D0 08 26 7E CB 64 46 17 B8 .........&..dF..
00E0: 08 D8 A7 99 1E CF F1 2B 79 86 F1 22 6F C4 05 94 .......+y.."o...
00F0: E1 4F E1 64 E4 F0 47 8D 95 95 08 4F FE F9 60 E4 .O.d..G....O..`.
]
Do you trust the above certificate [y|N] -->y
Authentication failed for user: admin (Usually, this means invalid user name and/or password)
Command change-admin-password failed.
=> Enabling secure admin login
spawn asadmin enable-secure-admin
Enter admin user name> admin
Enter admin password for user "admin">
Authentication failed for user: admin
(Usually, this means invalid user name and/or password)
Command enable-secure-admin failed.
=> Done!
========================================================================
You can now connect to this Glassfish server using:
admin:x
Please remember to change the above password as soon as possible!
========================================================================
=> Restarting Glassfish server
Waiting for the domain to stop .
Command stop-domain executed successfully.
=> Starting and running Glassfish server
答案 0 :(得分:3)
Subject: CN=localhost, OU=GlassFish, O=Oracle Corporation, L=Santa Clara, ST=California, C=US
...
Issuer: CN=localhost, OU=GlassFish, O=Oracle Corporation, L=Santa Clara, ST=California, C=US
它是一张自签名证书。你必须建立信任。将其加载到信任存储区。
使用Chrome时,您无法将其加载到信任库中。证书必须由CA签名。可以创建自己的CA来执行此操作,但必须由权威机构签名。
Version: V3
Subject: CN=localhost, OU=GlassFish, O=Oracle Corporation, L=Santa Clara, ST=California, C=US
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
...
请勿在公用名(CN)中添加localhost等DNS名称。它被IETF和CA /浏览器论坛弃用。相反,在CN中加上像“Oracle Corporation”这样的友好名称。你在那里放了一个友好的名字,因为它显示给用户。
将DNS名称放在主题备用名称(SAN)中。 IETF和CA /浏览器论坛都指定DNS名称进入SAN。
Chrome在接受证书方面是最严格的。我相信最新的Java是类似的。如果您使用Chrome 和,则在CN中添加DNS名称,那么您必须在SAN中放置相同的DNS名称。因此,无法避免在DNS中放置DNS名称。
Chrome不允许使用自签名证书。它要求服务器的证书由CA签名(即,它不能自签名)。可以使用未在公共CA Zoo中预加载的私有CA进行签名。只需将CA添加到浏览器即可。或者获取由CA Cartel成员签名的服务器证书(Startcom提供免费的Class 1证书)。
答案 1 :(得分:2)
我知道这篇文章已经很老了,但是当我尝试创建一个Docker容器时,我也遇到了类似的问题,该容器安装了Glassfish 4.1.1服务器并在之后部署了一个应用程序。每次出现“您信任上述证书”对话框时,Dockerfile脚本都会停止。也许我可以按照以下说明帮助某人。
你必须为它建立信任。将其加载到信任存储区。
在jww写完这些句子后,我开始寻找合适的信任商店。我发现运行asadmin命令的本地用户在~/.gfclient/truststore下有一个专用信任库
如果要阻止显示此对话框,则必须将glassfish证书添加到本地glassfish信任库中。我假设您在以下说明中使用了domain1,并且您使用的是默认证书s1as:
keytool -export -alias s1as -file /tmp/s1as.cert -keystore /path/to/glassfish/domains/domain1/config/keystore.jks keytool -import -alias s1as -file /tmp/s1as.cert -keystore ~/.gfclient/truststore 本地glassfish信任库的默认密码为changeit。之后你不应该再被问到你是否相信这种玻璃鱼连接。
答案 2 :(得分:1)
Dennis' Tech Crib Sheets的最佳答案:
只需将--interactive=false属性添加到asadmin命令。