我需要在localhost上使用https protocoll测试我的Web应用程序。如何在wildfly上配置设置以使https://localhost:8443/myapp.html
有效?
新:
我将此添加到我的安全领域:
<security-realm name="UndertowRealm">
<server-identities>
<ssl protocol="TLS">
<keystore path="my_keystore.jks" relative-to="jboss.server.config.dir" keystore-password="xxx"/>
</ssl>
</server-identities>
</security-realm>
密钥库:my_keystore.jks是使用java keygen实用程序生成的,它位于standalone.xml的文件夹中。
我将其添加到我的默认服务器:
<https-listener name="https" socket-binding="https" security-realm="UndertowRealm" />
但现在我得到了这样的例外:
Failed to start service jboss.server.controller.management.security_realm.UndertowRealm.keystore: org.jboss.msc.service.StartException in service jboss.server.controller.management.security_realm.UndertowRealm.keystore: JBAS015229: Unable to start service
at org.jboss.as.domain.management.security.FileKeystore.load(FileKeystore.java:155) [wildfly-domain-management-8.0.0.Final.jar:8.0.0.Final]
at org.jboss.as.domain.management.security.FileKeystoreService.start(FileKeystoreService.java:78) [wildfly-domain-management-8.0.0.Final.jar:8.0.0.Final]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948) [jboss-msc-1.2.0.Final.jar:1.2.0.Final]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881) [jboss-msc-1.2.0.Final.jar:1.2.0.Final]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_55]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_55]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_55]
Caused by: java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:650) [rt.jar:1.7.0_55]
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55) [rt.jar:1.7.0_55]
at java.security.KeyStore.load(KeyStore.java:1214) [rt.jar:1.7.0_55]
at org.jboss.as.domain.management.security.FileKeystore.load(FileKeystore.java:114) [wildfly-domain-management-8.0.0.Final.jar:8.0.0.Final]
... 6 more
这里出了什么问题?
答案 0 :(得分:2)
我认为你必须在下位子系统配置中添加一个http-listener,并使用安全领域进行适当的配置。
我现在无法检查,但我认为这是正确的方法。我将尝试以这种方式配置服务器。
这就是我为客户设置的一次:
<security-realm name="SSLRealm">
<server-identities>
<ssl protocol="TLS">
<keystore path="serverkeystore" relative-to="jboss.server.config.dir" keystore-password="secureworld" alias="servercert"/>
</ssl>
</server-identities>
<authentication>
<truststore path="servertruststore" relative-to="jboss.server.config.dir" keystore-password="secureworld"/>
</authentication>
</security-realm>
下载配置:
<https-listener name="default-https" socket-binding="https" security-realm="SSLRealm" verify-client="REQUESTED"/>
不幸的是,由于我对此主题不是很熟悉,因此我无法再告诉您有关此密钥库格式问题的更多信息。