“javax.servlet.request.X509Certificate"请求属性不返回 CA 证书 [英] "javax.servlet.request.X509Certificate" request attribute does not return CA certs
问题描述
我有一个要求,即具有多个 Web 服务的单个 Web 应用需要配置 SSL.但是只有一个 Web 服务应该具有双向 SSL,其余的必须使用单向 SSL.
I have a requirement where a single web app, which has multiple web services, needs SSL configured. But only one web service should have mutual SSL and rest have to be on one-way SSL.
为此,我使用了:
<Connector SSLEnabled="true" acceptCount="100" clientAuth="want"
disableUploadTimeout="true" enableLookups="false" maxThreads="25"
port="8443" keystoreFile="somefolder\some-KeyStore.store" keystorePass="changeit"
protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"
secure="true" sslProtocol="SSL"
truststoreFile="somefolder\some-trustStore.jks"
truststoreType="JKS" truststorePass="Changeit"/>
在代码中,我在服务 URL 的过滤器中使用了以下代码:
And in the code I use below code in a filter to a service URL:
X509Certificate[] certificates = (X509Certificate[]) request
.getAttribute("javax.servlet.request.X509Certificate");
这会检查需要相互 SSL 的服务是否获得了有效的证书.因此,当该 URL 被调用时,servlet 过滤器会检查证书.
This checks if the service that needs mutual SSL gets a certificate that is valid. So when that URL gets called, the servlet filter checks for cert.
但问题是这仅适用于自签名证书;当我使用 CA 签名证书时,上面的 scriptlet 返回 null.(即,没有证书)
But the problem is that this works only for self-signed certs; when I use CA signed certs, the above scriptlet returns null. (i.e., no certs)
cert 算法有 RSA 和 DSA 类型;这个或keyStores和trustStores的类型有什么意义.
The cert algorithms are RSA and DSA types; is there any significance of this or the type of keyStores and trustStores.
如果我遗漏了什么,或者我需要使用任何其他代码来获得 CA 签名的证书,请告诉我.我真的需要请求中的 CA 证书.
Please let me know if I am missing anything, or if I need to use any other code for CA signed certs. I really need CA certs in the requests.
推荐答案
感谢您的输入,
但我想通了.我最初没有在 TrustStore 中导入证书链,我只是在那里拥有 CA 证书.一旦我正确配置了 CA 证书、密钥库和信任库,问题就解决了.
But I figured it out. I did not import the cert chain in the TrustStore initially, and I just had the CA cert there. Once I configured the CA certs, keystore and trustStore properly, it fixed the issue.
它最初适用于自签名证书,因为自签名证书没有证书链.
It worked initially with self-signed certs because self signed certs don't have cert chains.
这篇关于“javax.servlet.request.X509Certificate"请求属性不返回 CA 证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!