在 JBoss 上安装 SSL 证书 [英] Installing SSL certificate on JBoss
问题描述
我有一台运行 JBoss 的服务器.当我在该服务器上输入错误的 URL 时,它会给我这样的版本:JBossWeb/2.0.1.GA - 那将是什么版本的 JBoss?将为我购买并提供一个 SSL 证书,以便我可以在 JBoss 中安装它.我真的很感激任何如何在 JBoss 上安装准备好的 SSL 证书的 HOWTO 或任何信息.我是否需要使用 openssl 生成任何文件,当此 SSL 证书将从其他销售 SSL 证书的公司购买时?
I have a server that runs JBoss. When I type bad URL to that server it gives me version like this: JBossWeb/2.0.1.GA - what version of JBoss that would be? A SSL certificate will be bought and provided for me so that I could install it in JBoss. I would really appreciate any HOWTO or any information how to install ready SSL certificate on JBoss. Do I need to generate any files with openssl, when this SSL certificate will be bought from some other company that sells SSL certificates?
在此先感谢您的帮助.
推荐答案
您可以生成自己的 SSL 证书:
You can generate your own SSL certificate:
首先,您需要创建一个自签名证书.您可以使用 Java 附带的 keytools 应用程序执行此操作.打开命令提示符并运行以下命令.您需要更改 Jboss conf 目录的路径以反映您的安装:
First off you need to create a self-signed certificate. You do this using the keytools application that comes with Java. Open a command prompt and run the following command. You will need to change the path to your Jboss conf directory to reflect your install:
C:>keytool -genkey -alias tomcat -keyalg RSA -keystore C:jboss-2.0.1.GAserverdefaultconflocalhost.keystore
出现提示时,请在任何地方使用 changeit 密码.对第一个问题回答 localhost 很重要:
When prompted use a password of changeit everywhere. It’s important that you answer localhost to the first question:
Enter keystore password: changeit
Re-enter new password: changeit
What is your first and last name?
[Unknown]: localhost
What is the name of your organizational unit?
[Unknown]:
What is the name of your organization?
[Unknown]:
What is the name of your City or Locality?
[Unknown]:
What is the name of your State or Province?
[Unknown]:
What is the two-letter country code for this unit?
[Unknown]: NZ
Is CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=NZ correct?
[no]: yes
Enter key password for
(RETURN if same as keystore password): changeit
Re-enter new password: changeit
Next up you need to configure tomcat to create a SSL connector.
Edit C:jboss-2.0.1.GAserverdefaultdeployjboss-web.deployerserver.xml and find the commented out SSL connector example, uncomment it and tweak it as follows:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="${jboss.server.home.dir}/conf/localhost.keystore"
keystorePass="changeit"
/>
最后将两个系统属性添加到您的 Jboss 启动命令中,以使 javax.net.ssl 库使用您的新密钥库.仅当您需要对自己进行 SSL 调用时才需要这些.我需要它们,因为我有 CAS 和 3 个使用 CAS 进行身份验证的应用程序,它们都在同一个开发 Jboss 实例中运行:
Finally add two System properties to your Jboss startup command to get the javax.net.ssl library to use your new keystore. These are only needed if you need to make SSL calls back to yourself. I needed them because I had CAS and 3 apps authenticating with CAS all running in the same dev Jboss instance:
-Djavax.net.ssl.trustStore=C:jboss-2.0.1.GAserverdefaultconflocalhost.keystore
-Djavax.net.ssl.trustStorePassword=changeit
好的,现在浏览到 http://localhost:8443/
您的浏览器会抱怨自签名证书.只需按照浏览器的说明将此证书添加为安全例外,这样您就不会再收到提示,一切都已完成.
Your browser will complain about a self-signed certificate. Just follow your browser’s instructions to add this certificate as a security exception so you won’t be prompted again and you are all done.
这篇关于在 JBoss 上安装 SSL 证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
