GRIZZLY0050:无法配置SSL支持

时间:2018-10-29 07:34:45

标签: ssl https glassfish keytool pkcs#7

我正在使用this指南和PKSC#7来使用Glassfish设置HTTPS连接。密钥库的创建,请求的生成,从CA接收证书,将其添加到密钥库以及从我的密钥库导入到glassfish密钥库的操作都很好,没有错误。

keytool -v -list -keystore显示两个默认证书,一个已添加。当我尝试启动glassfish的域时,出现错误:

[2018-10-26T15:51:12.497+0300] [glassfish 4.1] [WARNING] [] [javax.enterprise.network.config] [tid: _ThreadID=45 _ThreadName=admin-listener(3)] [timeMillis: 1540558272497] [levelValue: 900] [[
  GRIZZLY0050: SSL support could not be configured!
java.io.IOException: A MultiException has 2 exceptions.  They are:
1. java.lang.Error: java.security.UnrecoverableKeyException: Cannot recover key
2. java.lang.IllegalStateException: Unable to perform operation: post construct on com.sun.enterprise.security.ssl.SSLUtils

    at org.glassfish.grizzly.config.ssl.JSSE14SocketFactory.init(JSSE14SocketFactory.java:162)
    at org.glassfish.grizzly.config.SSLConfigurator.initializeSSLContext(SSLConfigurator.java:249)
    at org.glassfish.grizzly.config.SSLConfigurator.configureSSL(SSLConfigurator.java:131)
    at org.glassfish.grizzly.config.SSLConfigurator$InternalSSLContextConfigurator.createSSLContext(SSLConfigurator.java:389)
    at org.glassfish.grizzly.ssl.SSLEngineConfigurator.createSSLEngine(SSLEngineConfigurator.java:180)
    at org.glassfish.grizzly.ssl.SSLBaseFilter.handleRead(SSLBaseFilter.java:262)
    at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:284)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:201)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:133)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:112)
    at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
    at org.glassfish.grizzly.portunif.PUFilter.handleRead(PUFilter.java:231)
    at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:284)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:201)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:133)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:112)
    at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
    at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:561)
    at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:112)
    at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:117)
    at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:56)
    at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:137)
    at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:565)
    at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:545)
    at java.lang.Thread.run(Thread.java:748)
]]

[2018-10-26T15:51:12.497+0300] [glassfish 4.1] [WARNING] [] [org.glassfish.grizzly.filterchain.DefaultFilterChain] [tid: _ThreadID=45 _ThreadName=admin-listener(3)] [timeMillis: 1540558272497] [levelValue: 900] [[
  GRIZZLY0013: Exception during FilterChain execution
java.lang.NullPointerException
    at org.glassfish.grizzly.ssl.SSLEngineConfigurator.createSSLEngine(SSLEngineConfigurator.java:185)
    at org.glassfish.grizzly.ssl.SSLBaseFilter.handleRead(SSLBaseFilter.java:262)
    at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:284)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:201)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:133)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:112)
    at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
    at org.glassfish.grizzly.portunif.PUFilter.handleRead(PUFilter.java:231)
    at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:284)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:201)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:133)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:112)
    at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
    at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:561)
    at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:112)
    at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:117)
    at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:56)
    at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:137)
    at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:565)
    at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:545)
    at java.lang.Thread.run(Thread.java:748)
]]

这就是礼貌的样子:

Alias name: host
Creation date: Oct 26, 2018
Entry type: PrivateKeyEntry
Certificate chain length: 3
Certificate[1]:
Owner: CN=host.domain.ru, OU=IT, O=Organization, L=Moscow, ST=Moscow, C=RU
Issuer: CN=Organization Sub2 CA 2012, DC=domain, DC=ru
Serial number: 2b89cd70000200000747
Valid from: Fri Oct 26 14:19:45 MSK 2018 until: Sun Oct 25 14:19:45 MSK 2020
Certificate fingerprints:
         MD5:  9C:78:B7:66:72:05:CC:76:62:C4:0D:E0:1D:A2:1B:AF
         SHA1: BD:7A:08:68:F8:78:40:B8:7C:D9:B3:24:8A:73:BD:01:3E:46:B9:2C
         SHA256: 93:6B:DC:CF:26:65:4D:32:9E:64:2F:CB:5C:27:3B:F5:D6:DD:66:F6:81:47:FC:B2:3A:EB:2C:AC:E0:31:3B:5D
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

Extensions:

#1: ObjectId: 1.3.6.1.4.1.311.20.2 Criticality=false
0000: 1E 12 00 57 00 65 00 62   00 53 00 65 00 72 00 76  ...W.e.b.S.e.r.v
0010: 00 65 00 72                                        .e.r


#2: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: caIssuers
   accessLocation: URIName: ldap:///CN=Organization%20Sub2%20CA%202012,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=domain,DC=ru?cACertificate?base?objectClass=certificationAuthority
,
   accessMethod: caIssuers
   accessLocation: URIName: http://ca.domain.ru/CertData/ca-sub2.domain.ru_Organization%20Sub2%20CA%202012(2).crt
]
]

#3: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: AB A5 46 66 63 1B 99 DF   8B 1F B1 3D 65 CA 23 7B  ..Ffc......=e.#.
0010: C9 36 8E 67                                        .6.g
]
]

#4: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: ldap:///CN=Organization%20Sub2%20CA%202012(2),CN=ca-sub2,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=domain,DC=ru?certificateRevocationList?base?objectClass=cRLDistributionPoint, URIName: http://ca.domain.ru/CertData/Organization%20Sub2%20CA%202012(2).crl]
]]

#5: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
]

#6: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
  DigitalSignature
  Key_Encipherment
]

#7: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  DNSName: host.domain.ru
  DNSName: host
  IPAddress: 192.168.1.2
]

#8: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: EB B4 B5 9C EC E9 54 F5   0B 4E 28 7F C5 42 1A 72  ......T..N(..B.r
0010: 67 4C 77 7D                                        gLw.
]
]

Certificate[2]:
Owner: CN=Organization Sub2 CA 2012, DC=domain, DC=ru
Issuer: CN=Organization Root CA 2012, O=Organization, C=RU
Serial number: 13a14d5b000100000013
Valid from: Tue May 23 07:10:54 MSK 2017 until: Mon May 23 07:20:54 MSK 2022
Certificate fingerprints:
         MD5:  97:C4:6A:31:B3:5E:E9:88:29:CA:B7:9A:E6:D9:A7:93
         SHA1: 7F:A8:97:D0:E3:78:DF:F0:F2:80:9A:ED:95:98:34:D8:B6:E3:61:78
         SHA256: 05:A9:D5:F6:C7:6A:61:4F:86:FC:55:17:93:4E:AC:5F:DD:67:8D:14:A9:78:C6:45:00:8E:14:96:57:B5:92:2D
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

Extensions:

#1: ObjectId: 1.3.6.1.4.1.311.20.2 Criticality=false
0000: 1E 0A 00 53 00 75 00 62   00 43 00 41              ...S.u.b.C.A


#2: ObjectId: 1.3.6.1.4.1.311.21.1 Criticality=false
0000: 02 03 02 00 02                                     .....


#3: ObjectId: 1.3.6.1.4.1.311.21.2 Criticality=false
0000: 04 14 C8 7B 2F 64 A1 97   C3 B7 51 92 FB 80 39 1B  ..../d....Q...9.
0010: 18 C1 68 F5 D4 B5                                  ..h...


#4: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: caIssuers
   accessLocation: URIName: ldap:///CN=Organization%20Root%20CA%202012,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=domain,DC=ru?cACertificate?base?objectClass=certificationAuthority
,
   accessMethod: caIssuers
   accessLocation: URIName: http://ca.domain.ru/CertData/ROOTCA2012_Organization%20Root%20CA%202012(1).crt
]
]

#5: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: CE D4 E7 3B 6B 40 16 9C   5E B7 6D BF 27 1F AB 53  ...;k@..^.m.'..S
0010: 28 B6 69 58                                        (.iX
]
]

#6: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

#7: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: ldap:///CN=Organization%20Root%20CA%202012(1),CN=ROOTCA2012,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=domain,DC=ru?certificateRevocationList?base?objectClass=cRLDistributionPoint, URIName: http://ca.domain.ru/Certdata/Organization%20Root%20CA%202012(1).crl]
]]

#8: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
  DigitalSignature
  Key_CertSign
  Crl_Sign
]

#9: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: AB A5 46 66 63 1B 99 DF   8B 1F B1 3D 65 CA 23 7B  ..Ffc......=e.#.
0010: C9 36 8E 67                                        .6.g
]
]

Certificate[3]:
Owner: CN=Organization Root CA 2012, O=Organization, C=RU
Issuer: CN=Organization Root CA 2012, O=Organization, C=RU
Serial number: 989edcff42e97b341aca016fa4624a9
Valid from: Tue May 23 06:46:02 MSK 2017 until: Sun May 23 06:56:02 MSK 2027
Certificate fingerprints:
         MD5:  45:5A:86:8B:74:89:80:77:20:36:A4:96:EA:F4:63:1C
         SHA1: F0:EB:7F:A2:27:DF:5E:36:BC:50:68:A0:4C:CA:D0:65:7E:9B:91:2D
         SHA256: A1:32:BC:47:ED:83:59:F8:B0:9C:A5:C8:AA:A8:1E:BF:2F:5F:B4:1D:F5:E6:E9:C1:97:AB:99:F9:80:CC:E2:15
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

Extensions:

#1: ObjectId: 1.3.6.1.4.1.311.21.1 Criticality=false
0000: 02 03 01 00 01                                     .....


#2: ObjectId: 1.3.6.1.4.1.311.21.2 Criticality=false
0000: 04 14 AF 97 45 DA ED 0A   CF 39 01 0A B0 8D 8E 75  ....E....9.....u
0010: 22 E2 3F 3C C5 40                                  ".?<.@


#3: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

#4: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
  DigitalSignature
  Key_CertSign
  Crl_Sign
]

#5: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: CE D4 E7 3B 6B 40 16 9C   5E B7 6D BF 27 1F AB 53  ...;k@..^.m.'..S
0010: 28 B6 69 58                                        (.iX
]
]

我无法自己创建证书,只能以这种形式从CA收到证书。这些错误的原因可能是什么,我该如何解决?

0 个答案:

没有答案