如何将CAcert.org的SSL证书安装到GlassFish v3中

时间:2012-03-20 16:30:52

标签: ssl glassfish

我正在尝试使用我自己的CAcert.org证书在我的Internet glassfish服务器上启用ssl。我按照Masoud Kalali的介绍: http://weblogs.java.net/blog/kalali/archive/2010/02/27/how-install-godaddy-certificate-your-glassfish-v3

但毕竟当我尝试连接到我的ssl端口时,我收到了下面发布的服务器错误消息。 任何人都可以帮助我,请注意“由于没有可用的证书或密钥对应于启用的SSL密码套件,SSL配置无效”。手段?。使用CAcert.org创建的证书是否可能不适用于glassfish?

   [#|2012-03-20T16:21:00.289+0100|WARNING|glassfish3.1|com.sun.grizzly.config.GrizzlyServiceListener|_ThreadID=18;_ThreadName=Thread-1;|GRIZZLY0007: SSL support could not be configured!
java.io.IOException: SSL configuration is invalid due to No available certificate or key corresponds to the SSL cipher suites which are enabled.
at com.sun.grizzly.util.net.jsse.JSSE14SocketFactory.checkConfig(JSSE14SocketFactory.java:455)
at com.sun.grizzly.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:183)
at com.sun.grizzly.config.SSLConfigHolder.initializeSSL(SSLConfigHolder.java:361)
at com.sun.grizzly.config.SSLConfigHolder.configureSSL(SSLConfigHolder.java:237)
at com.sun.grizzly.config.GrizzlyEmbeddedHttps$LazySSLInitializationFilter.execute(GrizzlyEmbeddedHttps.java:202)
at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
at java.lang.Thread.run(Thread.java:662)
Caused by: javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:310)
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:255)
at com.sun.grizzly.util.net.jsse.JSSE14SocketFactory.checkConfig(JSSE14SocketFactory.java:451)
... 14 more
|#]
[#|2012-03-20T16:21:00.303+0100|SEVERE|glassfish3.1|com.sun.grizzly.config.GrizzlyServiceListener|_ThreadID=18;_ThreadName=Thread-1;|ProtocolChain exception
java.lang.NullPointerException
at com.sun.grizzly.filter.SSLReadFilter.newSSLEngine(SSLReadFilter.java:352)
at com.sun.grizzly.filter.SSLReadFilter.obtainSSLEngine(SSLReadFilter.java:399)
at com.sun.grizzly.filter.SSLReadFilter.execute(SSLReadFilter.java:159)
at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
at java.lang.Thread.run(Thread.java:662)
|#]
[#|2012-03-20T16:21:00.303+0100|SEVERE|glassfish3.1|com.sun.grizzly.config.GrizzlyServiceListener|_ThreadID=19;_ThreadName=Thread-1;|ProtocolChain exception
java.lang.NullPointerException
at com.sun.grizzly.filter.SSLReadFilter.newSSLEngine(SSLReadFilter.java:352)
at com.sun.grizzly.filter.SSLReadFilter.obtainSSLEngine(SSLReadFilter.java:399)
at com.sun.grizzly.filter.SSLReadFilter.execute(SSLReadFilter.java:159)
at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
at java.lang.Thread.run(Thread.java:662)

|#]

感谢您的帮助

拉​​尔夫

1 个答案:

答案 0 :(得分:3)

在博客链接提供的所有说明的最后,您将拥有smth.jks。

keytool -list -keystore smth.jks会将您的姓名列为PrivateEntryKey 原始s1as

中还有另一个PrivateEntryKey:/domain/domain1/config/keystore.jks

我认为glassfish使用s1as,当它不在这里时,服务器无法启动。

S0,您必须将s1as和您签名的证书包含在原始keystore.jks中作为PrivateEntryKey。 但是无法单独导入它们。如果您将尝试从smth.jks导出PrvateEntryKey,请将其删除并重新导入,然后您将其视为可信证书。发出的原因是keytoll只能导出PrivateEntryKey的自签名部分。

您必须立即将smth.jks导入keytore.jks。

keytool -importkeystore -srckeystore smth.jks -destkeystore keystore.jks 如果您的smth.jks密钥库密码不是“changeit”,那么您必须在glassfish上更改主密码 keytool -keypasswd -alias s1as -keypass changeit -new 12345678 -keystore keystore.jks 然后asadmin change-master-password --savemasterpassword=true

考虑到上面提到的我在glassfish 2.1中成功配置的SSL

希望它也能帮到你

相关问题
最新问题