从azure WebApI应用程序获取Java KeyStore证书 [英] Get Java KeyStore certificate from azure WebApI application

问题描述

Hi Team，

由于服务现已开始接受JWT令牌。我想将JWT令牌作为承载令牌发送，但它接受Java Keystore证书但不接受TrustStore证书 

如何从azure门户获取Java Keystore证书。

解决方案

Oracle文档供参考（方法和构造函数详细信息）：

• https://docs.oracle.com/javase/7/docs/api/java/security/KeyStore.html

 

可能性：

< ul type ="disc"style ="unicode-bidi：embed">

如果你有自己的证书 - 他们必须将它导入密钥库。使用Kudu将密钥库复制到D：/ home / site文件夹并更新web.config文件并传递它
到JVM。之后，确保使用web.config文件指向cert。

您可能只想访问Windows KeyStore - 使用此命令执行此操作：" cd cert：//" - 但这种情况非常罕见

 

Web.config条目：

 

- Djavax.net.ssl.keyStore = D：/home/site/wwwroot/cert/keystore.jks -Djavax.net.ssl.keyStorePassword = password

- Djavax.net.ssl.trustStore = D：/home/site/wwwroot/cert/truststore.jks  -Djavax.net.ssl.trustStorePassword = password

 

• JDK默认位置：JDK \ jre \lib \安全
• 常用的根证书位于随web应用程序附带的根存储中
• 证书：domain.crt
• 密钥库文件：keystore.jks

 

客户可能会要求提供示例web.config和/或server.xml。您可以给他们这个片段来帮助：

 

在web.config中添加参数以指向您的server.xml文件。示例如下：

 

< configuration>

 < system.webServer>

   < handlers>

     < remove name =" httpPlatformHandlerMain" />

     < add name =" httpPlatformHandlerMain" path =" *" verb =" *" modules =" httpPlatformHandler" resourceType =" ;未指定" />

   < / handlers>

   < httpPlatform processPath ="％programfiles（x86）％\ apache-tomcat 8.0.23 \bin\startup.bat" arguments =" -config D：\home \site \wwwroot \ conf\server.xml" requestTimeout =" 00：04：00"
startupTimeLimit =" 60" startupRetryCount =" 3" stdoutLogEnabled =" true">

       < environmentVariables>

           < environmentVariable name =" CATALINA_OPTS" value =" -Xms1024m -Xmx1024m -Dport。 http =％HTTP_PLATFORM_PORT％-Dsite.logdir = d：/ home / LogFiles /
-Dsite.tempdir = d：\ home \ site \ workdir" />

< p style ="margin：0in; FONT-FAMILY：宋体; font-size：11.0pt">       < / environmentVariables>

     < / httpPlatform>

   < applicationInitialization>

        < add initializationPage =" / examples / servlets / servlet / HelloWorldExample" />

    < / applicationInitialization>

 < /system.webServer>

< / configuration>

 

server.xml文件应该从tomcat安装中复制，也可以在下面使用。请注意，我们需要更改tomcat-users的路径。 xml，如果你打算使用
manager，admin-gui等。

 

<？xml version ='1.0'coding ='utf-8'？>

<服务器端口=" -1" shutdown =" SHUTDOWN">

   < Listener className =" org.apache.catalina.startup.VersionLoggerListener" />

 

   < Listener className =" org.apache.catalina.core.AprLifecycleListener" SSLEngine =" on" />

   < Listener className =" org.apache.catalina.core.JreMemoryLeakPreventionListener" />

   < Listener className =" org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />

   < Listener className =" org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

   < GlobalNamingResources>

       < Resource name =" UserDatabase" auth =" Container"

              type =" org.apache.catalina.UserDatabase"

              description ="可以更新和保存的用户数据库"

              factory =" org.apache.catalina.users.MemoryUserDatabaseFactory"

              pathname =" D：\\\\\\\\\\\\\ \\ conf\tomcat-users.xml" />

   < / GlobalNamingResources>

   < Service name =" Catalina">

       < Connector port ="

{port.http}" protocol =" ; HTTP / 1.1" address =" 127.0.0.1"

               connectionTimeout =" 20000" />

       < Engine name =" Catalina" defaultHost ="">

            < Realm className =" org.apache.catalina.realm.LockOutRealm"> ;

            < Realm className =" org.apache.catalina.realm.UserDatabaseRealm"

               resourceName =" UserDatabase" />< / Realm>

           < Host name =" localhost" appBase =" d：\ home \ site \wwwroot \webapps" xmlBase =" d：\ home \ site \wwwroot \"

            unpackWARs =" true" autoDeploy =" true" workDir ="

{site.tempdir}">

               < Valve className =" org.apache.catalina .valves.AccessLogValve" directory ="

Hi Team,

As service-now has started accepting JWT Tokens. I want to send JWT tokens as Bearer token but it is accepting Java Keystore certificate but not TrustStore cert 

How can I get Java Keystore certificate from azure portal.

解决方案

Oracle Documentation for reference (Method and Constructor details):

• https://docs.oracle.com/javase/7/docs/api/java/security/KeyStore.html

 

Possibilities:

• If a you have your own cert - they will have to import it into the keystore. Use Kudu to copy the keystore to D:/home/site folder and update the web.config file and pass it to the JVM. After that, make sure it is pointed to the cert using the web.config file
• You might want to just access the Windows KeyStore - do so with this command: "cd cert://" - but this is pretty rare

 

Web.config entries:

 

-Djavax.net.ssl.keyStore=D:/home/site/wwwroot/cert/keystore.jks -Djavax.net.ssl.keyStorePassword=password

-Djavax.net.ssl.trustStore=D:/home/site/wwwroot/cert/truststore.jks  -Djavax.net.ssl.trustStorePassword=password

 

• JDK default location: JDK\jre\lib\security
• Commonly used root certs are in the root store that come with the web app
• Certificate: domain.crt
• Keystore file: keystore.jks

 

Customers might ask for a sample web.config and or server.xml. You can give them this snippet to help:

 

In web.config add arguments to point to your server.xml file. Sample below:

 

<configuration>

  <system.webServer>

    <handlers>

      <remove name="httpPlatformHandlerMain" />

      <add name="httpPlatformHandlerMain" path="*" verb="*" modules="httpPlatformHandler" resourceType="Unspecified"/>

    </handlers>

    <httpPlatform processPath="%programfiles(x86)%\apache-tomcat 8.0.23\bin\startup.bat" arguments="-config D:\home\site\wwwroot\conf\server.xml" requestTimeout="00:04:00" startupTimeLimit="60" startupRetryCount="3" stdoutLogEnabled="true">

        <environmentVariables>

            <environmentVariable name="CATALINA_OPTS" value="-Xms1024m -Xmx1024m -Dport.http=%HTTP_PLATFORM_PORT% -Dsite.logdir=d:/home/LogFiles/ -Dsite.tempdir=d:\home\site\workdir" />

        </environmentVariables>

      </httpPlatform>

    <applicationInitialization>

        <add initializationPage="/examples/servlets/servlet/HelloWorldExample" />

    </applicationInitialization>

  </system.webServer>

</configuration>

 

server.xml file should be copied from either tomcat installation or you can use below. Note that we need to change the path for tomcat-users.xml, if you intend to use manager, admin-gui etc.

 

<?xml version='1.0' encoding='utf-8'?>

<Server port="-1" shutdown="SHUTDOWN">

    <Listener className="org.apache.catalina.startup.VersionLoggerListener" />

 

    <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />

    <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />

    <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />

    <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

    <GlobalNamingResources>

        <Resource name="UserDatabase" auth="Container"

              type="org.apache.catalina.UserDatabase"

              description="User database that can be updated and saved"

              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"

              pathname="D:\home\site\wwwroot\conf\tomcat-users.xml" />

    </GlobalNamingResources>

    <Service name="Catalina">

        <Connector port="

{port.http}" protocol="HTTP/1.1" address="127.0.0.1"

               connectionTimeout="20000" />

        <Engine name="Catalina" defaultHost="">

             <Realm className="org.apache.catalina.realm.LockOutRealm">

             <Realm className="org.apache.catalina.realm.UserDatabaseRealm"

               resourceName="UserDatabase"/></Realm>

            <Host name="localhost" appBase="d:\home\site\wwwroot\webapps" xmlBase="d:\home\site\wwwroot\"

            unpackWARs="true" autoDeploy="true" workDir="

{site.tempdir}">

                <Valve className="org.apache.catalina.valves.AccessLogValve" directory="

这篇关于从azure WebApI应用程序获取Java KeyStore证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！