我在APIM上安装了官方SSL证书。现在碳网络应用程序无法加载。这可能是catalina-server.xml的问题吗?所有xml都配置了新的密钥库和密码。
启动时wso2carbon.log中唯一的错误:
TID: [-1] [] [2016-05-10 08:52:45,170] ERROR {org.wso2.carbon.tomcat.ext.internal.CarbonTomcatServiceComponent} - Error while adding the carbon web-app {org.wso2.carbon.tomcat.ext.internal.CarbonTomcatServiceComponent}
org.wso2.carbon.tomcat.CarbonTomcatException: Webapp failed to deploy
at org.wso2.carbon.tomcat.internal.CarbonTomcat.addWebApp(CarbonTomcat.java:302)
at org.wso2.carbon.tomcat.internal.CarbonTomcat.addWebApp(CarbonTomcat.java:185)
at org.wso2.carbon.tomcat.ext.internal.CarbonTomcatServiceComponent.activate(CarbonTomcatServiceComponent.java:59)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.eclipse.equinox.internal.ds.model.ServiceComponent.activate(ServiceComponent.java:260)
at org.eclipse.equinox.internal.ds.model.ServiceComponentProp.activate(ServiceComponentProp.java:146)
at org.eclipse.equinox.internal.ds.model.ServiceComponentProp.build(ServiceComponentProp.java:345)
at org.eclipse.equinox.internal.ds.InstanceProcess.buildComponent(InstanceProcess.java:620)
at org.eclipse.equinox.internal.ds.InstanceProcess.buildComponents(InstanceProcess.java:197)
at org.eclipse.equinox.internal.ds.Resolver.buildNewlySatisfied(Resolver.java:473)
at org.eclipse.equinox.internal.ds.Resolver.enableComponents(Resolver.java:217)
at org.eclipse.equinox.internal.ds.SCRManager.performWork(SCRManager.java:816)
at org.eclipse.equinox.internal.ds.SCRManager$QueuedJob.dispatch(SCRManager.java:783)
at org.eclipse.equinox.internal.ds.WorkThread.run(WorkThread.java:89)
at org.eclipse.equinox.internal.util.impl.tpt.threadpool.Executor.run(Executor.java:70)
Caused by: java.lang.NullPointerException
at org.wso2.carbon.tomcat.internal.CarbonTomcat.addWebApp(CarbonTomcat.java:233)
... 17 more
Java版本:1.8.0_71 操作系统:Linux 2.6.32-573.18.1.el6.x86_64,amd64 用户:xxxx,美国,欧洲/巴黎
谢谢
答案 0 :(得分:0)
如果有人来这里。
我花了两天的时间用公开的加密证书来完成这项工作。
此程序是使用wso2am-2.2.0.zip版本完成的,它可能不适用于其他版本
我在/ opt / wso2
这就是我所做的:
这些是我的变量,现有的jks路径,以及它的关键
jks_location="/opt/tomcat/conf/tomcat.jks" jks_password="changeit" key_password="changeit" jks_alias=tomcat server_name="your public server name"
我使用wso2carbon.jks关键字搜索每个文件 我替换了一些证书值,但没有替换有关客户信任库的证书值
grep -R wso2carbon.jks /opt/wso2/ | cut -d ':' -f1 | grep "\.xml$" | grep -v -e ".b$" -e logs -e migration -e "\.db" | sort -u | while read file ; do awk '{if(/<\/[Kk]eyStore/ && q==0 && p==1){print "<KeyAlias>'$jks_alias'</KeyAlias>"}
if(/<\/[Kk]eyStore>/ || /<\/dataBridgeConfiguration>/ ){p=0;q=0}if($1~/<[Kk]eyStore/ || /<\/dataBridgeConfiguration>/ ){p=1}
if(/<KeyAlias/ && p==1){q=1}
if(p==1 && /<Password>/){
print " <Password>'$jks_password'</Password>"
} else if (p==1 && /<password/){
print " <password>'$jks_password'</password>"
} else if (p==1 && /<keyStorePassword/){
print " <keyStorePassword>'$jks_password'</keyStorePassword>"
} else if (p==1 && /<KeyPassword/){
print " <KeyPassword>'$key_password'</KeyPassword>"
} else if (p==1 && /<KeyAlias/){
print " <KeyAlias>'$jks_alias'</KeyAlias>"
} else if (p==1 && /<Location/){
print " <Location>'$jks_location'</Location>"
} else if (p==1 && /<location/){
print " <location>'$jks_location'</location>"
} else if (p==1 && /<keyStoreLocation/){
print " <keyStoreLocation>'$jks_location'</keyStoreLocation>"
} else if (/keystoreFile=.*wso2carbon.jks/){
print " keystoreFile=\"'$jks_location'\""
} else if (/keystorePass="wso2carbon"/){
print " keystorePass=\"'$jks_password'\""
} else if (/<parameter name="wss.ssl.key.store.file">/){
print " <parameter name=\"wss.ssl.key.store.file\">'$jks_location'</parameter>"
} else if (/<parameter name="wss.ssl.key.store.pass"/){
print " <parameter name=\"wss.ssl.key.store.pass\">'$jks_password'</parameter>"
}
else {print}
}' $file > "$file".t ; echo "$file" ; cp -a "$file".t "$file" ; done
我更改了xml文件中的carbon.local.ip
grep -R 'carbon.local.ip' /opt/wso2/ | cut -d ':' -f1 | grep "\.xml$" | sort -u | while read file ; do sed -i -e 's/\${carbon.local.ip}/'$server_name'/g' $file ; done
我添加了服务器名称,因此您无法重定向到第一页上的IP地址
sed -i '/<ServerURL>local/a<!-- Manual add-->\n <HostName>'$server_name'<\/HostName>\n <MgtHostName>'$server_name'<\/MgtHostName>' /opt/wso2/repository/conf/carbon.xml
我导入了现有证书的根证书(我使用了加密的公共版本,但无论如何我还需要添加它,也许你不会得到)
keytool -import -alias lets_encrypt_root -file your-root-file.pem -keystore /opt/wso2/repository/resources/security/client-truststore.jks -storePass wso2carbon
如果您的证书不包含&#34; localhost&#34;作为别名 您需要将https后端调用从localhost更改为您的真实主机名
grep -i -R "https://localhost:" /opt/wso2/ | grep -v '\.log' | cut -d ':' -f1 | sort -u | grep -v '\.t$' | xargs -I file sed -i -e 's|https://localhost:|https://'$server_name:'|g' file
如果awk看起来很复杂,那是因为我不是专家,当你查看案例时,某些标签可能会有所不同(不知道它是否对于保持这种方式)
例如,只有在密钥库标记内部才能更改密码标记。
希望有所帮助