Wildfly 10 HTTPS证书在8443上罚款,但在443上说证书不好
[英]Wildfly 10 HTTPS certificate fine on 8443 but on 443 says bad certificate
问题描述
I am trying to configure Wildfly (10) to use an SSL certificate for HTTPS. 
我正在尝试配置Wildfly(10)以使用HTTPS的SSL证书。 It seems to work fine for 8443 (using https://example.com:8443 -- no errors and certificate shows it is signed by the CA), but when I switch the HTTPS to port 443, whenever I access the site (via https://example.com it tells me my certificate was not installed right, the connection is not secure and it's using a self-signed key). 它似乎适用于8443(使用https://example.com:8443 - 没有错误,证书显示它由CA签名),但是当我将HTTPS切换到端口443时,每当我访问该站点时(通过https://example.com它告诉我我的证书没有正确安装,连接不安全,并且使用自签名密钥)。
Here are snippets from my standalone.xml file: 以下是我的standalone.xml文件中的代码段:
Security Realm 安全领域
<security-realm name="ApplicationRealm"> <server-identities> <ssl> <keystore path="devifs.jks" relative-to="jboss.server.config.dir" keystore-password="yadayada" alias="tomcat" key-password="yadayada"/> </ssl> </server-identities> <authentication> <local default-user="$local" allowed-users="*" skip-group-loading="true"/> <properties path="application-users.properties" relative-to="jboss.server.config.dir"/> </authentication> <authorization> <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/> </authorization> </security-realm>
Undertow Subsystem Undertow子系统
<subsystem xmlns="urn:jboss:domain:undertow:3.0"> <buffer-cache name="default"/> <server name="default-server"> <http-listener name="default" socket-binding="http" redirect-socket="https"/> <https-listener name="default-ssl" security-realm="ApplicationRealm" socket-binding="https"/> <host name="default-host" default-web-module="hatteras.war" alias="localhost"> <location name="/" handler="welcome-content"/> <location name="/reports/" handler="ifsreports"/> <filter-ref name="server-header"/> <filter-ref name="x-powered-by-header"/> </host> </server> .... </subsystem>
Socket Binding Group 套接字绑定组
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}"> <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/> <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/> <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/> <socket-binding name="http" port="${jboss.http.port:8080}"/> <socket-binding name="https" port="${jboss.https.port:443}"/> <socket-binding name="txn-recovery-environment" port="4712"/> <socket-binding name="txn-status-manager" port="4713"/> <outbound-socket-binding name="mail-smtp"> <remote-destination host="localhost" port="25"/> </outbound-socket-binding> </socket-binding-group>
I've restarted Wildfly and even the server after making the standalone.xml changes. 在进行standalone.xml更改后,我重新启动了Wildfly甚至服务器。 No luck. 没运气。
Stack: 堆:
- Wildfly 10.0.0.final Wildfly 10.0.0.final
- Ubuntu 14.04.4 LTS Ubuntu 14.04.4 LTS
- AWS AWS
Any suggestions? 有什么建议么?
1 个解决方案
解决方案1
3 已采纳 2016-08-20 21:40:28
My SSL contact pointed out that JBoss cannot run on 443 because it's a privileged port. 我的SSL联系人指出JBoss无法在443上运行,因为它是一个特权端口。 This lead me to research and I found I should redirect the port using: iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443 Is this the correct method? 这导致我研究,我发现我应该使用以下方法重定向端口:iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443这是正确的方法吗? Seems to work fine. 似乎工作正常。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.