无法用玻璃鱼安装SSL
我正在尝试将SSL证书安装到Glassfish 4.1.1中。
我做了以下工作:
keytool -importkeystore -srckeystore /home/user/domain.com.jks -destkeystore /opt/glassfish4/glassfish/domains/domain1/config/keystore.jks
keytool -import -trustcacerts -keystore keystore.jks -alias root -file root.crt
keytool -import -trustcacerts -keystore keystore.jks -alias intermediate1 -file 1_cross_Intermediate.crt
keytool -import -trustcacerts -keystore keystore.jks -alias intermediate2 -file 2_issuer_Intermediate.crt
keytool -import -trustcacerts -keystore keystore.jks -alias domain_com -file 3_user_domain.com.crt然后,我使用管理控制台将http 2的SSL-2从's1as‘重命名为'domain_com’服务器配置。
并通过管理控制台和按钮“重新启动”重新启动域。
之后,我无法在https://domain.com:8181上访问我的应用程序。错误:
ERR_CONNECTION_RESET
甚至不能访问https://domain.com:4848上的管理控制台
ERR_CONNECTION_CLOSED
我在哪里可以看到发生了什么,以及如何正确配置SSL。
还有一点: keystore的密码和glassfish的主密码()都是默认密码(),并且彼此匹配。我已经核实了。
你能提供一些线索告诉我们去哪里找吗?
提前谢谢你!
更新:在glassfish-日志中,我有以下异常:
[2016-08-17T10:29:53.142+0000] [glassfish 4.1] [WARNING] [] [javax.enterprise.network.config] [tid: _ThreadID=43 _T$
GRIZZLY0050: SSL support could not be configured!
java.io.IOException: A MultiException has 2 exceptions. They are:
1. java.lang.Error: java.security.UnrecoverableKeyException: Cannot recover key
2. java.lang.IllegalStateException: Unable to perform operation: post construct on com.sun.enterprise.security.ssl.$
at org.glassfish.grizzly.config.ssl.JSSE14SocketFactory.init(JSSE14SocketFactory.java:162)
at org.glassfish.grizzly.config.SSLConfigurator.initializeSSLContext(SSLConfigurator.java:249)
at org.glassfish.grizzly.config.SSLConfigurator.configureSSL(SSLConfigurator.java:131)
at org.glassfish.grizzly.config.SSLConfigurator$InternalSSLContextConfigurator.createSSLContext(SSLConfigur$
at org.glassfish.grizzly.ssl.SSLEngineConfigurator.createSSLEngine(SSLEngineConfigurator.java:209)
at org.glassfish.grizzly.ssl.SSLEngineConfigurator.createSSLEngine(SSLEngineConfigurator.java:186)
at org.glassfish.grizzly.ssl.SSLBaseFilter.handleRead(SSLBaseFilter.java:293)
[2016-08-17T10:29:53.143+0000] [glassfish 4.1] [WARNING] [] [org.glassfish.grizzly.filterchain.DefaultFilterChain] $
GRIZZLY0013: Exception during FilterChain execution
java.lang.NullPointerException
at org.glassfish.grizzly.ssl.SSLEngineConfigurator.createSSLEngine(SSLEngineConfigurator.java:214)
at org.glassfish.grizzly.ssl.SSLEngineConfigurator.createSSLEngine(SSLEngineConfigurator.java:186)
at org.glassfish.grizzly.ssl.SSLBaseFilter.handleRead(SSLBaseFilter.java:293)
at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:283)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:200)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:132)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:111)回答 2
Stack Overflow用户
发布于 2016-08-25 10:01:49
您忘记在cacerts.jks中插入证书
在仙人掌中包括根和中间证书,如下所示
键盘工具-import -trustcacerts -keystore cacerts.jks -alias root -file root.crt
关键工具-import -trustcacerts -keystore cacerts.jks -alias intermediate1 -file 1_cross_Intermediate.crt
关键工具-import -trustcacerts -keystore cacerts.jks -alias intermediate2 -file 2_issuer_Intermediate.crt
域证书不需要插入到cacerts.jks中
Stack Overflow用户
发布于 2016-08-17 18:20:57
很可能,还需要在你的密钥库上工作。您可以使用KSE编辑密钥,处理证书要容易得多。
- 您确定密钥存储库和证书条目都有密码"changeit“吗?
- 证书链对此证书条目正确吗?
https://stackoverflow.com/questions/38993980
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号