使Geode REST API与SSL一起使用 [英] Get geode REST API going with SSL

问题描述

我已经设置gemfire.properties，以使Web组件使用ssl-enabled-components=web并要求设置SSL并设置密钥库.定位器和服务器正常运行，并且GFSH连接到JMX管理器.但是，当我尝试启动Swagger UI时，我得到的是ERR_SSL_VERSION_OR_CIPHER_MISMATCH.当配置是ssl-ciphers=和ssl-protocols=或设置为any ...

I've setup gemfire.properties to make the web component require SSL using ssl-enabled-components=web and setting up a keystore. The locator and server are starting ok and GFSH connects to the JMX manager. However, when I try and start the Swagger UI then I am getting ERR_SSL_VERSION_OR_CIPHER_MISMATCH. It happens when the config is that ssl-ciphers= and ssl-protocols= or set to any...

那么Apache Geode所需的REST API密码是什么?谢谢

So what's the required REST API cipher for Apache Geode? Thanks

推荐答案

我使用通过以下方式创建的基本证书对此进行了测试:

I tested this with a basic cert created with the following:

keytool -genkeypair -alias self -dname "CN=trusted" \
  -validity 3650 -keypass password -keystore ./trusted.keystore \
  -storepass password -storetype JKS

以您描述的方式失败.我重新创建了证书，并在-keyalg EC中使用了不同的密钥算法，然后工作了.我会在某个时候能否给出更详细的解释.

It failed in the way you describe. I recreated the cert and used a different key algorithm with -keyalg EC and then worked. I'll see if I can give a more detailed explanation at some point.

更新:

我正在使用Mac OS，我的/Library/Java/JavaVirtualMachines/jdk1.8.0_121.jdk/Contents/Home/jre/lib/security/java.security文件包含以下证书限制:

I'm using Mac OS and my /Library/Java/JavaVirtualMachines/jdk1.8.0_121.jdk/Contents/Home/jre/lib/security/java.security file contains the following restriction for certificates:

jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
  DSA keySize < 1024, EC keySize < 224

使用-keyalg EC时，生成的证书使用SHA256withECDSA签名，但是如果没有该选项，则使用SHA1withDSA签名，因此不可接受.

With -keyalg EC, the generated certificate is signed with SHA256withECDSA, but without that option it is signed with SHA1withDSA, so not acceptable.

这篇关于使Geode REST API与SSL一起使用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！