在Glassfish中导入ssl证书 [英] import ssl certificate in Glassfish
问题描述
我有以下问题:
我从我的glassfish web应用程序获得comodo(90天)的免费证书,然后我已将证书导入glassfish 3.1遵循 http://javadude.wordpress.com/2010 / 04/06 / getting-started-with-glassfish-v3-and-ssl /
我还修改了domain.xml文件,别名s1as与我的证书别名和文件keystore.jks与server.keystore ....但当我尝试访问我的Web应用程序与https协议时,我得到了以下日志错误:
[#| 2012-10-12T14:41:18.828 + 0200 | WARNING | glassfish3.1.2 | com.sun.grizzly.config.Gr
izzlyServiceListener | _ThreadID = 25; _ThreadName = http-thread -pool-443(1); | GRIZZLY00
07:无法配置SSL支持!
java.io.IOException:由于没有可用的证书,SSL配置无效
e或key对应于启用的SSL密码套件。
请帮助我..我知道,在这里我可以找到解决我的问题...
不幸的是,我不`t有足够的声望发布glassfish console admin的图片,但让我试着帮助某人使用文本。
在Ubuntu 12.04服务器和glassfish 3.1.2上 Comodo为您提供4个文件
- your_domain.key(您的私钥)
- your_domain.crt(您的公钥)
- PositiveSSLCA2.crt(CA公钥) >
- AddTrustExternalCARoot.crt(CA公钥)
$ b将每个公钥导入文件cacerts.jks。要做到这一点,将公钥文件合并到一个文件中:
注2:文件的顺序很重要。
$ bcat your_domain.crt PositiveSSLCA2.crt AddTrustExternalCARoot.crt> all.crt
现在使用keytool导入它们:
keytool -import -trustcacerts -alias tomcat -file all.crt -keystore cacerts.jks
使用您的私钥创建一个p12文件:
注意3:文件让事情变得更容易。
openssl pkcs12 -export -in all.crt -inkey your_domain.key -out your_domain.p12 - name your_alias -CAfile PositiveSSLCA2.crt -caname immed
注4: Don` t忘记你的别名( your_alias ),稍后你需要在glassfish管理控制台中引用它。现在使用keytool导入私钥:
keytool -importkeystore -deststorepass changeit -destkeypass changeit -destkeystore keystore.jks -srckeystore your_domain.p12 -srcstoretype PKCS12 -srcstorepass changeit - 别名your_alias
现在您的 keystore.jks (带有您的私钥)和 cacerts.jks (带有您的公钥)准备好我用过。如果你想检查一切是否正常运行:
keytool -list -keystore keystore.jks
keytool -list -keystore cacerts.jks
转到glassfish管理控制台并找到会话:
- 配置 - >服务器配置 - > HTTP服务 - > Http Listeners-> http-listener-2
转到SSL标签并将证书NickName 更改为 your_domain 。
重新启动Glassfish服务器。
i have the following issue:
I obtain a free certificate from comodo (90 days) for my glassfish web application and then i have imported the certs into glassfish 3.1 by following http://javadude.wordpress.com/2010/04/06/getting-started-with-glassfish-v3-and-ssl/
I have also modify the domain.xml file by replacing the alias s1as with my certificate alias and the file keystore.jks with the server.keystore....but when i try to access my web application with https protocol i got the following log error:
[#|2012-10-12T14:41:18.828+0200|WARNING|glassfish3.1.2|com.sun.grizzly.config.Gr izzlyServiceListener|_ThreadID=25;_ThreadName=http-thread-pool-443(1);|GRIZZLY00 07: SSL support could not be configured! java.io.IOException: SSL configuration is invalid due to No available certificat e or key corresponds to the SSL cipher suites which are enabled.
Please help me..i know that here i can find the solution to my issue...
解决方案Unfortunately I don`t have enough reputation to post images of glassfish console admin, but let me try to help somebody just using text.
NOTE1: The configuration was done on Ubuntu 12.04 server and glassfish 3.1.2
Comodo gives you 4 files
- your_domain.key (your private key)
- your_domain.crt (your public key)
- PositiveSSLCA2.crt (CA public key)
- AddTrustExternalCARoot.crt (CA public key)
Import every public key into the file cacerts.jks. To do that merge the public key files in one file:
NOTE2: The order of the files DOES matter.
cat your_domain.crt PositiveSSLCA2.crt AddTrustExternalCARoot.crt > all.crtNow import them using keytool:
keytool -import -trustcacerts -alias tomcat -file all.crt -keystore cacerts.jksCreate a p12 file with your private key:
NOTE3: You can use the same password for every file to make things easier.
openssl pkcs12 -export -in all.crt -inkey your_domain.key -out your_domain.p12 - name your_alias -CAfile PositiveSSLCA2.crt -caname immedNOTE4: Don`t forget you alias (your_alias), you will need to reference it in glassfish admin console later.
Now import the private key using keytool:
keytool -importkeystore -deststorepass changeit -destkeypass changeit -destkeystore keystore.jks -srckeystore your_domain.p12 -srcstoretype PKCS12 -srcstorepass changeit -alias your_aliasNow your keystore.jks (with your private keys) and your cacerts.jks (with you public key) are ready to me used. If you want to check if everything is ok run:
keytool -list -keystore keystore.jks keytool -list -keystore cacerts.jksGo to the glassfish admin console and find the session:
- Configurations->server-config->HTTP Service->Http Listeners->http-listener-2
Go to the SSL tab and change the Certificate NickName to your_domain.
Restart Glassfish server.
这篇关于在Glassfish中导入ssl证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
