java - Jboss eap 6.4 https 配置监听端口 8443 失败
问题描述
我正在使用 jboss-eap-6.4 部署我的 Web 应用程序。我想让我的服务器支持 https 请求。所以我使用以下命令生成了密钥库:
keytool -genkey -v -keystore foo.keystore -alias foo
我将上面的密钥库文件移到了下面D:\\jboss-eap-6.4\\standalone\\configuration\\
,并在文件中添加了以下连接器standalone.xml
:
<subsystem xmlns="urn:jboss:domain:web:2.2" default-virtual-server="default-host" native="false">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
<connector name="https" socket-binding="https" scheme="https" protocol="HTTP/1.1" secure="true" enable-lookups="false">
<ssl name="foo-ssl" protocol="TLSv1" certificate-key-file="D:\\jboss-eap-6.4\\standalone\\configuration\\foo.keystore" key-alias="foo" password="secret"/>
</connector>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
<alias name="example.com"/>
</virtual-server>
</subsystem>
https端口配置为8443端口:
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
<socket-binding name="management-native" interface="management" port="${jboss.management.native.port:9999}"/>
<socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
<socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9443}"/>
<socket-binding name="ajp" port="8009"/>
<socket-binding name="http" port="8080"/>
<socket-binding name="https" port="8443"/>
<socket-binding name="remoting" port="4447"/>
<socket-binding name="txn-recovery-environment" port="4712"/>
<socket-binding name="txn-status-manager" port="4713"/>
<outbound-socket-binding name="mail-smtp">
<remote-destination host="localhost" port="25"/>
</outbound-socket-binding>
</socket-binding-group>
然后我尝试使用端口号 8443(通过 https)访问 url,但应用程序无法侦听端口。知道我在这里缺少什么吗?
错误详情:在 IE Edge 中:
Can’t connect securely to this page
This might be because the site uses outdated or unsafe TLS security settings. If this keeps happening, try contacting the website’s owner.
Your TLS security settings aren’t set to the defaults, which could also be causing this error.
Try this:
Go back to the last page
在火狐中:
Secure Connection Failed
An error occurred during a connection to hddt0719:8443. Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
Learn more…
Report errors like this to help Mozilla identify and block malicious sites
解决方案
你应该改变方式,生成密钥库,使用命令
keytool -genkey -keystore foo.keystore -alias foo -keyalg "RSA" -sigalg "SHA1withRSA" -keysize 2048 -validity 365
默认情况下 keytool 生成 DSA 类型的密钥库,您应该提供 RSA 类型的密钥库。我检查了这两种类型的密钥,我的 jBoss 使用了以建议方式生成的 RSA ssl 密钥库。您的 jBoss 配置是正确的。
推荐阅读
- clojure - Clojure:无法在 Cider 的类路径中找到 test2__init.class、test2.clj 或 test2.cljc
- python - Seaborn axvspan() 两行之间的阴影
- docker - 创建 docker swarm 网络时未应用覆盖驱动程序
- java - 硒网络驱动程序:不从下拉列表中选择值,但有值
- list - 列表为空(颤振)
- python - 过滤熊猫数据框
- google-cloud-platform - GCP云构建触发器收到错误调用者没有权限
- javascript - 图片无法获取父属性
- javascript - Python 漂亮的网页抓取模拟点击抓取所有页面
- python - 如何修复错误“ValueError:压缩距离矩阵必须仅包含有限值。” 在 seaborn 中使用 Yule 度量进行层次聚类