我正在使用jboss-eap-6.4部署我的Web应用程序。我想使我的服务器支持https请求。因此,我使用以下命令生成了密钥库:
keytool -genkey -v -keystore foo.keystore -alias foo
我将上述密钥库文件移至D:\\jboss-eap-6.4\\standalone\\configuration\\
下,并在standalone.xml
文件中添加了以下连接器:
<subsystem xmlns="urn:jboss:domain:web:2.2" default-virtual-server="default-host" native="false">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
<connector name="https" socket-binding="https" scheme="https" protocol="HTTP/1.1" secure="true" enable-lookups="false">
<ssl name="foo-ssl" protocol="TLSv1" certificate-key-file="D:\\jboss-eap-6.4\\standalone\\configuration\\foo.keystore" key-alias="foo" password="secret"/>
</connector>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
<alias name="example.com"/>
</virtual-server>
</subsystem>
https端口配置为端口8443:
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
<socket-binding name="management-native" interface="management" port="${jboss.management.native.port:9999}"/>
<socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
<socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9443}"/>
<socket-binding name="ajp" port="8009"/>
<socket-binding name="http" port="8080"/>
<socket-binding name="https" port="8443"/>
<socket-binding name="remoting" port="4447"/>
<socket-binding name="txn-recovery-environment" port="4712"/>
<socket-binding name="txn-status-manager" port="4713"/>
<outbound-socket-binding name="mail-smtp">
<remote-destination host="localhost" port="25"/>
</outbound-socket-binding>
</socket-binding-group>
然后,我尝试使用端口号8443(通过https)访问url,但是应用程序无法监听该端口。知道我在这里缺少什么吗?
错误详细信息: 在IE Edge中:
Can’t connect securely to this page
This might be because the site uses outdated or unsafe TLS security settings. If this keeps happening, try contacting the website’s owner.
Your TLS security settings aren’t set to the defaults, which could also be causing this error.
Try this:
Go back to the last page
在Firefox中:
Secure Connection Failed
An error occurred during a connection to hddt0719:8443. Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
Learn more…
Report errors like this to help Mozilla identify and block malicious sites
答案 0 :(得分:0)
您应该更改生成密钥库的方式,使用命令
keytool -genkey -keystore foo.keystore -alias foo -keyalg "RSA" -sigalg "SHA1withRSA" -keysize 2048 -validity 365
默认情况下,keytool会生成DSA类型的密钥库,您应该提供RSA类型的密钥库。 我检查了两种类型的密钥,我的jBoss使用了以建议方式生成的RSA ssl密钥库。 您的jBoss配置正确。