我无法通过SSL连接将WebSphere与Jconsole连接起来。我已经使用证书生成了自己的密钥库和信任库,并且我已经通过WebSphere设置了以下系统属性:
-Dcom.ibm.team.server.monitoring.mbean.server=WebSphere -Djavax.management.builder.initial= -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=12099 -Djavax.net.ssl.keyStore={KEYSTOREPATH}\keystore -Djavax.net.ssl.keyStoreType=pkcs12 -Djavax.net.ssl.keyStorePassword=password -Dcom.sun.management.jmxremote.authenticate=false
在jconsole方面,我运行以下参数将truststore文件添加到运行时:
jconsole -J-Djavax.net.ssl.trustStore={KEYSTOREPATH}\truststore -J-Djavax.net.ssl.trustStorePassword=password -J-Djavax.net.ssl.trustStoreType=pkcs12 -J-Djava.security.debug=all localhost:12099
使用调试模式,我能够在客户端看到错误:
java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
at com.ibm.security.util.DerInputStream.getLength(DerInputStream.java:724)
at com.ibm.security.util.DerInputStream.getLength(DerInputStream.java:698)
at com.ibm.security.util.DerValue.<init>(DerValue.java:254)
at com.ibm.security.util.DerInputStream.getDerValue(DerInputStream.java:499)
at com.ibm.security.pkcsutil.PKCSDerObject.decode(PKCSDerObject.java:251)
at com.ibm.security.pkcs12.PFX.<init>(PFX.java:134)
at com.ibm.crypto.provider.PKCS12KeyStore.engineLoad(Unknown Source)
at java.security.KeyStore.load(KeyStore.java:1225)
at com.ibm.jsse2.cc.a(cc.java:72)
at com.ibm.jsse2.cc.a(cc.java:76)
at com.ibm.jsse2.ec.g(ec.java:7)
at com.ibm.jsse2.ec.<init>(ec.java:19)
at com.ibm.jsse2.ec.e(ec.java:14)
at com.ibm.jsse2.SSLSocketFactoryImpl.<init>(SSLSocketFactoryImpl.java:16)
at java.lang.J9VMInternals.newInstanceImpl(Native Method)
at java.lang.Class.newInstance(Class.java:1617)
at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:37)
at javax.rmi.ssl.SslRMIClientSocketFactory.getDefaultClientSocketFactory(SslRMIClientSocketFactory.java:218)
at javax.rmi.ssl.SslRMIClientSocketFactory.createSocket(SslRMIClientSocketFactory.java:128)
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:625)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:228)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:214)
at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:353)
at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
at sun.tools.jconsole.ProxyClient.checkSslConfig(ProxyClient.java:230)
at sun.tools.jconsole.ProxyClient.<init>(ProxyClient.java:133)
at sun.tools.jconsole.ProxyClient.getProxyClient(ProxyClient.java:487)
at sun.tools.jconsole.JConsole$3.run(JConsole.java:551)
研究告诉我,问题可能在于密钥库和信任库的格式,在我的例子中是PKCS12。默认是期待JKS,我在JAVA_HOME / jre / lib / security / java.security中的java.security文件中对此进行了更改:
#
# Default keystore type.
#
keystore.type=pkcs12
另外,我禁用了客户端身份验证。
有人知道我的设置可能会出现什么问题吗?