在JBoss上安装SSL证书 [英] Installing SSL certificate on JBoss

问题描述

我有一台运行JBoss的服务器.当我在该服务器上输入错误的URL时，它会给我这样的版本:JBossWeb/2.0.1.GA-那是什么版本的JBoss?将购买SSL证书并将其提供给我，以便我可以将其安装在JBoss中.我将不胜感激任何HOWTO或任何有关如何在JBoss上安装现成SSL证书的信息.从其他销售SSL证书的公司那里购买SSL证书时，是否需要使用openssl生成任何文件?

I have a server that runs JBoss. When I type bad URL to that server it gives me version like this: JBossWeb/2.0.1.GA - what version of JBoss that would be? A SSL certificate will be bought and provided for me so that I could install it in JBoss. I would really appreciate any HOWTO or any information how to install ready SSL certificate on JBoss. Do I need to generate any files with openssl, when this SSL certificate will be bought from some other company that sells SSL certificates?

在此先感谢您的帮助.

推荐答案

您可以生成自己的SSL证书:

You can generate your own SSL certificate:

首先，您需要创建一个自签名证书.您可以使用Java随附的keytools应用程序执行此操作.打开命令提示符并运行以下命令.您将需要更改Jboss conf目录的路径以反映您的安装:

First off you need to create a self-signed certificate. You do this using the keytools application that comes with Java. Open a command prompt and run the following command. You will need to change the path to your Jboss conf directory to reflect your install:

C:\>keytool -genkey -alias tomcat -keyalg RSA -keystore C:\jboss-2.0.1.GA\server\default\conf\localhost.keystore

出现提示时，请在各处使用changeit密码.重要的是您要回答第一个问题的本地主机:

When prompted use a password of changeit everywhere. It’s important that you answer localhost to the first question:

Enter keystore password: changeit
Re-enter new password: changeit
What is your first and last name?
  [Unknown]:  localhost
What is the name of your organizational unit?
  [Unknown]:
What is the name of your organization?
  [Unknown]:
What is the name of your City or Locality?
  [Unknown]:
What is the name of your State or Province?
  [Unknown]:
What is the two-letter country code for this unit?
  [Unknown]:  NZ
Is CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=NZ correct?
  [no]:  yes

Enter key password for
        (RETURN if same as keystore password): changeit
Re-enter new password: changeit
Next up you need to configure tomcat to create a SSL connector.

Edit C:\jboss-2.0.1.GA\server\default\deploy\jboss-web.deployer\server.xml and find the commented out SSL connector example, uncomment it and tweak it as follows:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="${jboss.server.home.dir}/conf/localhost.keystore"
keystorePass="changeit"
/>

最后，将两个系统属性添加到Jboss启动命令中，以获取javax.net.ssl库以使用新的密钥库.仅当您需要向自己发起SSL调用时才需要这些.我之所以需要它们，是因为我有CAS和3个通过CAS进行身份验证的应用程序都在同一个dev Jboss实例中运行:

Finally add two System properties to your Jboss startup command to get the javax.net.ssl library to use your new keystore. These are only needed if you need to make SSL calls back to yourself. I needed them because I had CAS and 3 apps authenticating with CAS all running in the same dev Jboss instance:

-Djavax.net.ssl.trustStore=C:\jboss-2.0.1.GA\server\default\conf\localhost.keystore
-Djavax.net.ssl.trustStorePassword=changeit

好，现在浏览至http://localhost:8443/

您的浏览器将抱怨自签名证书.只需按照浏览器的说明将此证书添加为安全例外，这样就不会再出现提示，说明您已经完成.

Your browser will complain about a self-signed certificate. Just follow your browser’s instructions to add this certificate as a security exception so you won’t be prompted again and you are all done.

这篇关于在JBoss上安装SSL证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！