[英]Importing SSL certificates in Glassfish Application Server
I am trying to enable SSL on a project on Netbeans IDE and using Glassfish application Server. 我正在尝试在Netbeans IDE上的项目上启用SSL,并使用Glassfish应用程序服务器。
For the SSL; 对于SSL; i followed the procedure below.
我遵循以下步骤。
keytool -genkey -alias client_keystore -keyalg RSA -keystore client_keystore.jks -keysize 2048
keytool -genkey -alias client_keystore -keyalg RSA -keystore client_keystore.jks -keysize 2048
keytool -certreq -alias client_keystore -file yourcsrname.csr -keystore client_keystore.jks
keytool -certreq -alias client_keystore -file yourcsrname.csr -keystore client_keystore.jks
openssl x509 -outform der -in your-cert.pem -out your-cert.crt
openssl x509 -outform der -in your-cert.pem -out your-cert.crt
keytool -import -trustcacerts -alias intermediate -file GoDaddy_Intermediate.crt -keystore client_keystore.jks
keytool -import -trustcacerts -alias root -file GoDaddy_Root.crt -keystore client_keystore.jks
keytool -import -trustcacerts -alias BizSwitch -file BizSwitch.crt -keystore client_keystore.jks
keytool -importkeystore -srckeystore ~/Downloads/ipay/client_keystore.jks -destkeystore keystore.jks
keytool -importkeystore -srckeystore ~/Downloads/ipay/client_keystore.jks -destkeystore keystore.jks
I am not sure if that's all but I am getting the sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
exception. 我不确定是否仅此而已,但是我正在获取
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
异常的sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
。
On restarting, from the glassfish logs I do not see the certificates being loaded as well. 重新启动时,从glassfish日志中,我也看不到正在加载的证书。
Am I missing something? 我想念什么吗?
Is your keystore in the folder /domains/domain1/config? 您的密钥库是否位于/ domains / domain1 / config文件夹中?
Looks like glassfish does not point to the correct keystore, as you correctly imported the certs. 您正确导入证书后,好像glassfish并未指向正确的密钥库。
Yous should also import the cert into the JVM's truststore... 您还应该将证书导入JVM的信任库中。
Reference: Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error? 参考: 解决javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径构建失败错误?
You created the keypair entry under alias client_keystore
so you need to import your server cert to that alias and entry . 您在别名
client_keystore
下创建了密钥对条目,因此需要将服务器证书导入到该别名和条目 。 Assuming BizSwitch is your server's name, you need to -importcert -file BizSwitch.crt -alias client_keystore -keystore client_keystore.jks
. 假设BizSwitch是服务器的名称,则需要
-importcert -file BizSwitch.crt -alias client_keystore -keystore client_keystore.jks
。 If you get it correct the output from that command should be Certificate reply was installed
NOT Certificate was added
. 如果正确,则该命令的输出应为
Certificate reply was installed
不是Certificate was added
。 (The latter is correct for separate CA certs, but not the server cert.) (后者适用于单独的CA证书,但不适用于服务器证书。)
Also, you didn't need to convert to DER. 另外,您无需转换为DER。
keytool
(or more exactly CertificateFactory
) has been able to read PEM certs for more than a decade, and even PEM-with-comments since j7 circa 2012. (This is not the case for some other crypto objects like private keys.) keytool
(或更准确的说是CertificateFactory
)已经能够读取PEM证书已有十多年了,甚至自2012年j7以来就可以读取带有注释的PEM。( 其他一些加密对象(例如私钥)则不是这种情况。)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.