在Tomcat中进行身份验证时出现证书错误

时间:2019-11-23 15:30:37

标签: spring authentication tomcat certificate

我有一个针对CAS服务器进行身份验证的webapp,我想在所有服务中配置HTTPS。当用户尝试登录时,它包括从Web服务器到CAS的HTTPS身份验证连接。

<bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
    <property name="userDetailsService" ref="userService"></property>
    <property name="serviceProperties" ref="serviceProperties"></property>
    <property name="ticketValidator">
        <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
            <constructor-arg index="0" value="https://localhost:8444/cas-server-webapp-4.0.0"></constructor-arg>
        </bean>
    </property>
    <property name="key" value="cas"></property>
</bean>

通过这种方式,我在CAS服务器的8444端口中配置了一个密钥库。

<Connector
           protocol="org.apache.coyote.http11.Http11NioProtocol"
           port="8444" maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           keystoreFile="${user.home}/.keystore" keystorePass="changeit"
           clientAuth="false" sslProtocol="TLS"/>

但是,由于本地主机公用名存在问题,因此身份验证永远不会成功。我每次在catalina.out中遇到此错误。

16:15:37.814 [https-jsse-nio-8443-exec-3] DEBUG o.j.c.c.v.Cas20ServiceTicketValidator - Constructing validation url: https://localhost:8444/cas-server-webapp-4.0.0/serviceValidate?&ticket=ST-1-kLKFctcY0eu4ooXUtbko-cas01.example.org&service=https%3A%2F%2Flocalhost%3A8443%2FIDwebapp%2Fj_spring_cas_security_check
16:15:37.814 [https-jsse-nio-8443-exec-3] DEBUG o.j.c.c.v.Cas20ServiceTicketValidator - Retrieving response from server.
16:15:37.926 [https-jsse-nio-8443-exec-3] ERROR o.j.c.c.v.Cas20ServiceTicketValidator - javax.net.ssl.SSLHandshakeException: No name matching localhost found
javax.net.ssl.SSLHandshakeException: No name matching localhost found

我尝试将证书导入Java cacerts,但错误仍然存​​在。

keytool -export -keystore ~/.keystore -alias tomcat -file selfsigned.crt
keytool -importcert -file /home/test/selfsigned.crt -alias tomcat -keystore /usr/lib/jvm/java-1.11.0-openjdk-amd64/lib/security/cacerts

这是我现在的Java证书:

root@debian:/opt/APP/apache-tomcat-8.5.47/logs# keytool -list -keystore /usr/lib/jvm/java-1.11.0-openjdk-amd64/lib/security/cacerts | grep tomcat

tomcat, 23 nov. 2019, trustedCertEntry, 
Huella de certificado (SHA-256): 3C:A9:B4:2B:F4:DA:64:B3:BA:F7:FA:B6:7E:A2:98:65:97:81:E5:FE:81:0E:29:1F:33:4B:97:37:61:0D:37:50

如何配置自签名证书以在我所说的身份验证过程中运行?

0 个答案:

没有答案
相关问题
最新问题