堆栈内存溢出
  简体   繁体   English

在Glassfish应用服务器中导入SSL证书

[英]Importing SSL certificates in Glassfish Application Server

 原文  2017-12-18 10:18:42       java/ ssl-certificate/ netbeans-8/ glassfish-4

问题描述

I am trying to enable SSL on a project on Netbeans IDE and using Glassfish application Server. 我正在尝试在Netbeans IDE上的项目上启用SSL,并使用Glassfish应用程序服务器。

For the SSL; 对于SSL; i followed the procedure below. 我遵循以下步骤。

  1. Generated a keystore > keytool -genkey -alias client_keystore -keyalg RSA -keystore client_keystore.jks -keysize 2048 生成密钥库> keytool -genkey -alias client_keystore -keyalg RSA -keystore client_keystore.jks -keysize 2048
  2. Generated a CSR > keytool -certreq -alias client_keystore -file yourcsrname.csr -keystore client_keystore.jks 生成了CSR> keytool -certreq -alias client_keystore -file yourcsrname.csr -keystore client_keystore.jks
  3. Submitted the CSR to another party. 将CSR提交给另一方。
  4. Received three .pem certificates from the party. 从聚会中获得了三张.pem证书。 I converted the .pem to .crt as openssl x509 -outform der -in your-cert.pem -out your-cert.crt 我将.pem转换为.crt,如openssl x509 -outform der -in your-cert.pem -out your-cert.crt
  5. Importing the certs to my keystore as below; 如下将证书导入到我的密钥库中;

keytool -import -trustcacerts -alias intermediate -file GoDaddy_Intermediate.crt -keystore client_keystore.jks

keytool -import -trustcacerts -alias root -file GoDaddy_Root.crt -keystore client_keystore.jks

keytool -import -trustcacerts -alias BizSwitch -file BizSwitch.crt -keystore client_keystore.jks

  1. Import the keystore to the default glassfish keystore > keytool -importkeystore -srckeystore ~/Downloads/ipay/client_keystore.jks -destkeystore keystore.jks 将密钥库导入默认的glassfish密钥库> keytool -importkeystore -srckeystore ~/Downloads/ipay/client_keystore.jks -destkeystore keystore.jks
  2. Restarted glassfish server. 重新启动了glassfish服务器。

I am not sure if that's all but I am getting the sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target exception. 我不确定是否仅此而已,但是我正在获取sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target异常的sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

On restarting, from the glassfish logs I do not see the certificates being loaded as well. 重新启动时,从glassfish日志中,我也看不到正在加载的证书。

Am I missing something? 我想念什么吗?

3 个解决方案

解决方案1
 0  2017-12-18 10:25:23

Is your keystore in the folder /domains/domain1/config? 您的密钥库是否位于/ domains / domain1 / config文件夹中?

Looks like glassfish does not point to the correct keystore, as you correctly imported the certs. 您正确导入证书后,好像glassfish并未指向正确的密钥库。

解决方案2
 0  2017-12-19 09:02:49

Yous should also import the cert into the JVM's truststore... 您还应该将证书导入JVM的信任库中。

Reference: Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error? 参考: 解决javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径构建失败错误?

解决方案3
 0  2017-12-19 10:24:05

You created the keypair entry under alias client_keystore so you need to import your server cert to that alias and entry . 您在别名client_keystore下创建了密钥对条目,因此需要将服务器证书导入到该别名和条目 Assuming BizSwitch is your server's name, you need to -importcert -file BizSwitch.crt -alias client_keystore -keystore client_keystore.jks . 假设BizSwitch是服务器的名称,则需要-importcert -file BizSwitch.crt -alias client_keystore -keystore client_keystore.jks If you get it correct the output from that command should be Certificate reply was installed NOT Certificate was added . 如果正确,则该命令的输出应为Certificate reply was installed不是Certificate was added (The latter is correct for separate CA certs, but not the server cert.) (后者适用于单独的CA证书,但不适用于服务器证书。)

Also, you didn't need to convert to DER. 另外,您无需转换为DER。 keytool (or more exactly CertificateFactory ) has been able to read PEM certs for more than a decade, and even PEM-with-comments since j7 circa 2012. (This is not the case for some other crypto objects like private keys.) keytool (或更准确的说是CertificateFactory )已经能够读取PEM证书已有十多年了,甚至自2012年j7以来就可以读取带有注释的PEM。( 其他一些加密对象(例如私钥)则不是这种情况。)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在Java服务器应用程序上同时配置两个SSL证书 - Two SSL certificates configured at the same time on a Java server application 安装SSL证书后,Glassfish对HTTPS没有响应 - Glassfish no response on HTTPS after installing SSL-certificates 卸载GlassFish应用程序服务器 - Uninstall GlassFish Application Server 分发glassfish服务器应用程序 - Distributing a glassfish server application Qt服务器和android SSL客户端证书 - Qt server and android ssl client Certificates 使用 Lets Encrypt SSL 证书保护 Netty 服务器 - Secure Netty Server with Lets Encrypt SSL Certificates 从文件导入证书时SSL握手失败 - SSL handshake failure when importing certificates from file io.netty HTTP服务器的SSL证书 - SSL Certificates for io.netty HTTP server 具有相同公钥的服务器和客户端SSL证书 - Server and Client SSL certificates with the same public key 在Java 6(GlassFish 3服务器)中设置SSL - Setting up SSL in Java 6 (GlassFish 3 server)
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM