最近几天,我一直在尝试启用https协议,但没有任何运气。我基于this configuration中的配置。但是,我只是得到一个空白页,server.log文件中没有错误,配置包括自签名的PKCS#8私钥和X.509证书。之后,我导入了密钥库:
keytool -importcert -keystore /jdk/jre/lib/security/cacerts -storepass changeit -alias "graylog 3.0.0" -file ../config/certs/cert.pem
在继续尝试之前,我还需要了解其他配置吗?
[root@log1 bin]# curl -I https://10.99.2.19:9000
curl: (60) Issuer certificate is invalid.
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
非常感谢