WSO2 IS：更改HTTPS证书 [英] WSO2 IS: Change HTTPS certificate

问题描述

我是WSO2配置中的新手，也是HTTPS证书工作方式的新手，所以请耐心等待。

I am a total newbie in WSO2 configuration and a relative newbie in how HTTPS certificates work, so please bear with me.

我正在尝试更改证书WSO2中的HTTPS连接。在没有任何配置的情况下，WSO2返回DN CN = localhost，O = WSO2，L = Mountain View，ST = CA，C = US 的证书。我正按照这篇博客文章。

I am trying to change the certificate for HTTPS connections in WSO2. Without any configuration WSO2 returns a certificate with the DN CN = localhost,O = WSO2,L = Mountain View,ST = CA,C = US. I am trying to change this with my own certificate, following the instructions from this blog article.

我已经在密钥库中导入了我的证书，并按照文章。一个值得注意的区别是我找不到 $ {carbon.home} /repository/conf/mgt-transports.xml 。

I have imported my certificate in the keystore and changed the config as described in the article. One notable difference is that I couldn't find ${carbon.home}/repository/conf/mgt-transports.xml.

执行此操作后，连接到IS服务器管理服务会导致返回localhost证书，而不是导入的证书。

After doing this, connecting to the IS server management service results in the "localhost" certificate being returned, instead of the one imported.

repository / conf / carbon.xml中的KeyStore和RegistryKeyStore条目

   <KeyStore>                                                              
        <!-- Keystore file location-->                                      
        <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
        <!-- Keystore type (JKS/PKCS12 etc.)-->                             
        <Type>JKS</Type>                                                    
        <!-- Keystore password-->                                           
        <Password>wso2carbon</Password>                                     
        <!-- Private Key alias-->                                           
        <KeyAlias>testcert</KeyAlias>                                       
        <!-- Private Key password-->                                        
        <KeyPassword>wso2carbon</KeyPassword>                               
    </KeyStore>                                                             

     <!--                                                                   
        Encrypt Decrypt Store will be used for encrypting and decrypting       
    -->                                                                     
    <RegistryKeyStore>                                                      
        <!-- Keystore file location-->                                      
        <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
        <!-- Keystore type (JKS/PKCS12 etc.)-->                             
        <Type>JKS</Type>                                                    
        <!-- Keystore password-->                                           
        <Password>wso2carbon</Password>                                     
        <!-- Private Key alias-->                                           
        <KeyAlias>testcert</KeyAlias>                                       
        <!-- Private Key password-->                                        
        <KeyPassword>wso2carbon</KeyPassword>                               
    </RegistryKeyStore>

推荐答案

步骤1：创建一个私有和公共的新密钥库键（键对）。
Inside / repository / resources / security /目录。默认密钥库（wso2carbon.jks）和truststore（client-truststore.jks）将存储在此处。

Step 1: Create a new keystore with private and public key (key-pair). Inside /repository/resources/security/ directory. The default keystore (wso2carbon.jks) and truststore (client-truststore.jks) will be stored here.

•使用java密钥工具创建包含密钥对的密钥库（包含在标准jdk中）并将其保存为jks文件。密钥库包含THIS服务器的密钥对（公钥和私钥）。

• Create a keystore containing a key-pair using java key tool (contained in the standard jdk) and save it as a jks file. The keystore contains THIS server’s key-pair (public & private keys).

•密钥库/密钥对应具有以下属性/属性：

• The Keystore/Key-Pair should have the following properties/attributes :

KeystoreType = JKS,
KeyPairAlgorithm = RSA,
Size = 2048 bits
SignatureAlgorithm = SHA-256 WITH RSA
Password    (Must be exactly the same as the keystore password)
Name(Subject):  The CN(Common Name) of the key-pair should be the server’s hostname upon which the IS will be deployed (if you intend to use it as the key manager for api manager)
Extensions:
Key usage : Digital Signature , Key Encipherment , Data Encipherment , on Repudian
Subject Alternate name : IP address = IP address of this server

步骤2：将证书链从步骤1中创建的密钥库导入信任库。

Step 2: Import the certificate chain from the keystore created in Step 1 into a truststore.

创建具有相同属性的新信任库

Create new trust store with same attributes

•从密钥库导出证书（st ep 1）进入信任库

• Export the certificate from the Keystore (step 1) into the truststore

步骤3：更改配置文件，如下所示，反映刚刚创建的新密钥库和信任库。

Step 3: Change the configuration files as follows, reflecting the new keystore and truststore that have just been created.

更改以下文件中的相应值（在/ repository / conf /中）：

Change the appropriate values in the following files (in /repository/conf/):

File                            Line number/s
identity.xml                    180
carbon.xml                      310
                                326
                                343
axis2/axis2_pt.xml              272
                                280
                                396
                                404
axis2/axis2.xml                 272
                                280
                                396
                                404
axis2/axis2_nhttp.xml           278
                                286
                                405
                                413
security/secret-conf.properties 21
                                30
sec.policy                      1

或多或少，只是se为jks建立文件

More or less , just search the files for "jks"

删除旧的密钥库

步骤4：重新启动

这篇关于WSO2 IS：更改HTTPS证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！