WSO2 IS:更改HTTPS证书 [英] WSO2 IS: Change HTTPS certificate
问题描述
我是WSO2配置中的新手,也是HTTPS证书工作方式的新手,所以请耐心等待。
I am a total newbie in WSO2 configuration and a relative newbie in how HTTPS certificates work, so please bear with me.
我正在尝试更改证书WSO2中的HTTPS连接。在没有任何配置的情况下,WSO2返回DN CN = localhost,O = WSO2,L = Mountain View,ST = CA,C = US
的证书。我正按照这篇博客文章。
I am trying to change the certificate for HTTPS connections in WSO2. Without any configuration WSO2 returns a certificate with the DN CN = localhost,O = WSO2,L = Mountain View,ST = CA,C = US
. I am trying to change this with my own certificate, following the instructions from this blog article.
我已经在密钥库中导入了我的证书,并按照文章。一个值得注意的区别是我找不到 $ {carbon.home} /repository/conf/mgt-transports.xml
。
I have imported my certificate in the keystore and changed the config as described in the article. One notable difference is that I couldn't find ${carbon.home}/repository/conf/mgt-transports.xml
.
执行此操作后,连接到IS服务器管理服务会导致返回localhost证书,而不是导入的证书。
After doing this, connecting to the IS server management service results in the "localhost" certificate being returned, instead of the one imported.
repository / conf / carbon.xml中的KeyStore和RegistryKeyStore条目
<KeyStore>
<!-- Keystore file location-->
<Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
<!-- Keystore type (JKS/PKCS12 etc.)-->
<Type>JKS</Type>
<!-- Keystore password-->
<Password>wso2carbon</Password>
<!-- Private Key alias-->
<KeyAlias>testcert</KeyAlias>
<!-- Private Key password-->
<KeyPassword>wso2carbon</KeyPassword>
</KeyStore>
<!--
Encrypt Decrypt Store will be used for encrypting and decrypting
-->
<RegistryKeyStore>
<!-- Keystore file location-->
<Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
<!-- Keystore type (JKS/PKCS12 etc.)-->
<Type>JKS</Type>
<!-- Keystore password-->
<Password>wso2carbon</Password>
<!-- Private Key alias-->
<KeyAlias>testcert</KeyAlias>
<!-- Private Key password-->
<KeyPassword>wso2carbon</KeyPassword>
</RegistryKeyStore>
推荐答案
步骤1:创建一个私有和公共的新密钥库键(键对)。
Inside / repository / resources / security /目录。默认密钥库(wso2carbon.jks)和truststore(client-truststore.jks)将存储在此处。
Step 1: Create a new keystore with private and public key (key-pair). Inside /repository/resources/security/ directory. The default keystore (wso2carbon.jks) and truststore (client-truststore.jks) will be stored here.
•使用java密钥工具创建包含密钥对的密钥库(包含在标准jdk中)并将其保存为jks文件。密钥库包含THIS服务器的密钥对(公钥和私钥)。
• Create a keystore containing a key-pair using java key tool (contained in the standard jdk) and save it as a jks file. The keystore contains THIS server’s key-pair (public & private keys).
•密钥库/密钥对应具有以下属性/属性:
• The Keystore/Key-Pair should have the following properties/attributes :
KeystoreType = JKS,
KeyPairAlgorithm = RSA,
Size = 2048 bits
SignatureAlgorithm = SHA-256 WITH RSA
Password (Must be exactly the same as the keystore password)
Name(Subject): The CN(Common Name) of the key-pair should be the server’s hostname upon which the IS will be deployed (if you intend to use it as the key manager for api manager)
Extensions:
Key usage : Digital Signature , Key Encipherment , Data Encipherment , on Repudian
Subject Alternate name : IP address = IP address of this server
步骤2:将证书链从步骤1中创建的密钥库导入信任库。
Step 2: Import the certificate chain from the keystore created in Step 1 into a truststore.
创建具有相同属性的新信任库
Create new trust store with same attributes
•从密钥库导出证书(st ep 1)进入信任库
• Export the certificate from the Keystore (step 1) into the truststore
步骤3:更改配置文件,如下所示,反映刚刚创建的新密钥库和信任库。
Step 3: Change the configuration files as follows, reflecting the new keystore and truststore that have just been created.
更改以下文件中的相应值(在/ repository / conf /中):
Change the appropriate values in the following files (in /repository/conf/):
File Line number/s
identity.xml 180
carbon.xml 310
326
343
axis2/axis2_pt.xml 272
280
396
404
axis2/axis2.xml 272
280
396
404
axis2/axis2_nhttp.xml 278
286
405
413
security/secret-conf.properties 21
30
sec.policy 1
或多或少,只是se为jks建立文件
More or less , just search the files for "jks"
删除旧的密钥库
步骤4:重新启动
这篇关于WSO2 IS:更改HTTPS证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!