从azure WebApI应用程序获取Java KeyStore证书 [英] Get Java KeyStore certificate from azure WebApI application
问题描述
Hi Team,
由于服务现已开始接受JWT令牌。我想将JWT令牌作为承载令牌发送,但它接受Java Keystore证书但不接受TrustStore证书
如何从azure门户获取Java Keystore证书。
Oracle文档供参考(方法和构造函数详细信息):
可能性:
< ul type ="disc"style ="unicode-bidi:embed">
如果你有自己的证书 - 他们必须将它导入密钥库。使用Kudu将密钥库复制到D:/ home / site文件夹并更新web.config文件并传递它
到JVM。之后,确保使用web.config文件指向cert。您可能只想访问Windows KeyStore - 使用此命令执行此操作:" cd cert://" - 但这种情况非常罕见
Web.config条目:
- Djavax.net.ssl.keyStore = D:/home/site/wwwroot/cert/keystore.jks -Djavax.net.ssl.keyStorePassword = password
- Djavax.net.ssl.trustStore = D:/home/site/wwwroot/cert/truststore.jks -Djavax.net.ssl.trustStorePassword = password
- JDK默认位置:JDK \ jre \lib \安全
- 常用的根证书位于随web应用程序附带的根存储中
- 证书:domain.crt
- 密钥库文件:keystore.jks
客户可能会要求提供示例web.config和/或server.xml。您可以给他们这个片段来帮助:
在web.config中添加参数以指向您的server.xml文件。示例如下:
< configuration>
< system.webServer>
< handlers>
< remove name =" httpPlatformHandlerMain" />
< add name =" httpPlatformHandlerMain" path =" *" verb =" *" modules =" httpPlatformHandler" resourceType =" ;未指定" />
< / handlers>
< httpPlatform processPath ="%programfiles(x86)%\ apache-tomcat 8.0.23 \bin\startup.bat" arguments =" -config D:\home \site \wwwroot \ conf\server.xml" requestTimeout =" 00:04:00"
startupTimeLimit =" 60" startupRetryCount =" 3" stdoutLogEnabled =" true">
< environmentVariables>
< environmentVariable name =" CATALINA_OPTS" value =" -Xms1024m -Xmx1024m -Dport。 http =%HTTP_PLATFORM_PORT%-Dsite.logdir = d:/ home / LogFiles /
-Dsite.tempdir = d:\ home \ site \ workdir" />
< p style ="margin:0in; FONT-FAMILY:宋体; font-size:11.0pt"> < / environmentVariables>
< / httpPlatform>
< applicationInitialization>
< add initializationPage =" / examples / servlets / servlet / HelloWorldExample" />
< / applicationInitialization>
< /system.webServer>
< / configuration>
server.xml文件应该从tomcat安装中复制,也可以在下面使用。请注意,我们需要更改tomcat-users的路径。 xml,如果你打算使用
manager,admin-gui等。
<?xml version ='1.0'coding ='utf-8'?>
<服务器端口=" -1" shutdown =" SHUTDOWN">
< Listener className =" org.apache.catalina.startup.VersionLoggerListener" />
< Listener className =" org.apache.catalina.core.AprLifecycleListener" SSLEngine =" on" />
< Listener className =" org.apache.catalina.core.JreMemoryLeakPreventionListener" />
< Listener className =" org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
< Listener className =" org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
< GlobalNamingResources>
< Resource name =" UserDatabase" auth =" Container"
type =" org.apache.catalina.UserDatabase"
description ="可以更新和保存的用户数据库"
factory =" org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname =" D:\\\\\\\\\\\\\ \\ conf\tomcat-users.xml" />
< / GlobalNamingResources>
< Service name =" Catalina">
< Connector port ="
{port.http}" protocol =" ; HTTP / 1.1" address =" 127.0.0.1"
connectionTimeout =" 20000" />
< Engine name =" Catalina" defaultHost ="">
< Realm className =" org.apache.catalina.realm.LockOutRealm"> ;
< Realm className =" org.apache.catalina.realm.UserDatabaseRealm"
resourceName =" UserDatabase" />< / Realm>
< Host name =" localhost" appBase =" d:\ home \ site \wwwroot \webapps" xmlBase =" d:\ home \ site \wwwroot \"
unpackWARs =" true" autoDeploy =" true" workDir ="
{site.tempdir}">
< Valve className =" org.apache.catalina .valves.AccessLogValve" directory ="
Hi Team,
As service-now has started accepting JWT Tokens. I want to send JWT tokens as Bearer token but it is accepting Java Keystore certificate but not TrustStore cert
How can I get Java Keystore certificate from azure portal.
Oracle Documentation for reference (Method and Constructor details):
Possibilities:
- If a you have your own cert - they will have to import it into the keystore. Use Kudu to copy the keystore to D:/home/site folder and update the web.config file and pass it to the JVM. After that, make sure it is pointed to the cert using the web.config file
- You might want to just access the Windows KeyStore - do so with this command: "cd cert://" - but this is pretty rare
Web.config entries:
-Djavax.net.ssl.keyStore=D:/home/site/wwwroot/cert/keystore.jks -Djavax.net.ssl.keyStorePassword=password
-Djavax.net.ssl.trustStore=D:/home/site/wwwroot/cert/truststore.jks -Djavax.net.ssl.trustStorePassword=password
- JDK default location: JDK\jre\lib\security
- Commonly used root certs are in the root store that come with the web app
- Certificate: domain.crt
- Keystore file: keystore.jks
Customers might ask for a sample web.config and or server.xml. You can give them this snippet to help:
In web.config add arguments to point to your server.xml file. Sample below:
<configuration>
<system.webServer>
<handlers>
<remove name="httpPlatformHandlerMain" />
<add name="httpPlatformHandlerMain" path="*" verb="*" modules="httpPlatformHandler" resourceType="Unspecified"/>
</handlers>
<httpPlatform processPath="%programfiles(x86)%\apache-tomcat 8.0.23\bin\startup.bat" arguments="-config D:\home\site\wwwroot\conf\server.xml" requestTimeout="00:04:00" startupTimeLimit="60" startupRetryCount="3" stdoutLogEnabled="true">
<environmentVariables>
<environmentVariable name="CATALINA_OPTS" value="-Xms1024m -Xmx1024m -Dport.http=%HTTP_PLATFORM_PORT% -Dsite.logdir=d:/home/LogFiles/ -Dsite.tempdir=d:\home\site\workdir" />
</environmentVariables>
</httpPlatform>
<applicationInitialization>
<add initializationPage="/examples/servlets/servlet/HelloWorldExample" />
</applicationInitialization>
</system.webServer>
</configuration>
server.xml file should be copied from either tomcat installation or you can use below. Note that we need to change the path for tomcat-users.xml, if you intend to use manager, admin-gui etc.
<?xml version='1.0' encoding='utf-8'?>
<Server port="-1" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="D:\home\site\wwwroot\conf\tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<Connector port="
{port.http}" protocol="HTTP/1.1" address="127.0.0.1"connectionTimeout="20000" />
<Engine name="Catalina" defaultHost="">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/></Realm>
<Host name="localhost" appBase="d:\home\site\wwwroot\webapps" xmlBase="d:\home\site\wwwroot\"
unpackWARs="true" autoDeploy="true" workDir="
{site.tempdir}"><Valve className="org.apache.catalina.valves.AccessLogValve" directory="
这篇关于从azure WebApI应用程序获取Java KeyStore证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!