时间戳

首页 > 解决方案 > 无法访问新设置的 EJBCA PKI

networking - 无法访问新设置的 EJBCA PKI

问题描述

我刚刚在 Wildfly 上安装了 ejbca 社区版。EJBCA 服务器是 Azure 云中的 VM。

构建期间一切正常:每 3 个部署步骤构建成功。

- ant deployear
- ant runinstall
- ant deploy-keystore)

版本:

Wildfly 18.0
EJBCA 7.4.3.2 
Ant 1.10.10
Mysql  Ver 15.1 Distrib 10.3.27-MariaDB
JDBC connector : mariadb 2.7.3 
Debian 10 buster

但是我无法到达目的地

https://<public ip address>:8443/ejbca/

错误信息 :

    The connection has timed out
    
    The server at <my public ip @> is taking too long to respond.

因此,开始检查打开的不同端口:

    **remote** nmap scan from my local vm to the remote EJBCA VM : 

    nmap -Pn8080,22,8442,8443,9990,3306 52.188.59.103
    
    Host is up (0.037s latency).
    Not shown: 995 filtered ports
    PORT     STATE SERVICE
    21/tcp   open  ftp
    80/tcp   open  http
    443/tcp  open  https
    554/tcp  open  rtsp
    1723/tcp open  pptp
    
    Nmap done: 1 IP address (1 host up) scanned in 5.62 seconds

在 EJBCA VM 上,本地端口扫描显示端口 8443 和 8080 是开放的:

rDNS record for 127.0.0.1: localhost
Not shown: 996 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
3306/tcp open  mysql
8080/tcp open  http-proxy
8443/tcp open  https-alt

对于每个测试的端口,从我的 ip 到 EJBCA 主机的 Azure 连接测试都可以。

但是,在线端口检查显示端口 8443 和 8442 已关闭 https://portchecker.co/

所以我不知道该信任哪个测试?

我尝试禁用本地防火墙和代理,但没有任何区别。

我在尝试访问 ejbca url 时在 EJBCA 服务器上执行了 tcpdump:但没有显示任何内容。

我在这里想念什么?我还可以进行哪些其他测试?

编辑 :

服务器日志:(错误和警告)

网络管理错误:

 2021-06-14 13:00:07,332 ERROR [org.jboss.as.jsf] (MSC service thread 1-2) WFLYJSF0002: Could not load JSF managed bean class: org.ejbca.ui.web.admin.peerconnector.PeerConnectorsMBean
2021-06-14 13:00:07,433 ERROR [org.jboss.as.jsf] (MSC service thread 1-2) WFLYJSF0002: Could not load JSF managed bean class: org.ejbca.ui.web.admin.peerconnector.PeerConnectorMBean

已弃用的库:

2021-06-14 13:00:14,598 WARN  [org.jboss.weld.Bootstrap] (MSC service thread 1-4) WELD-000146: BeforeBeanDiscovery.addAnnotatedType(AnnotatedType<?>) used for class com.sun.faces.flow.FlowDiscoveryCDIHelper is deprecated from CDI 1.1!

严重错误:

2021-06-14 13:00:15,967 SEVERE [javax.enterprise.resource.webcontainer.jsf.flow] (MSC service thread 1-4) Unable to obtain CDI 1.1 utilities for Mojarra
2021-06-14 13:00:15,971 SEVERE [javax.enterprise.resource.webcontainer.jsf.application.view] (MSC service thread 1-4) Unable to obtain CDI 1.1 utilities for Mojarra

警告:

2021-06-14 13:00:16,770 INFO  [org.ejbca.core.ejb.StartupSingletonBean] (ServerService Thread Pool -- 94) Init, EJBCA 7.4.3.2 Community (67479006a69140e81d66e39871bed8255362effc) startup.
2021-06-14 13:00:16,780 WARN  [io.undertow.servlet] (ServerService Thread Pool -- 66) UT015020: Path /* is secured for some HTTP methods, however it is not secured for [HEAD, POST, GET]
2021-06-14 13:00:16,780 WARN  [io.undertow.servlet] (ServerService Thread Pool -- 73) UT015020: Path /* is secured for some HTTP methods [...]

标签: networkingportwildflypkiejbca

解决方案

在启动期间,WildFly 应记录如下内容,因此您可以验证 WildFly 是否配置为侦听所有 IP 的端口。

16:58:12,890 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-7) WFLYUT0006: Undertow HTTPS listener httpspriv listening on 0.0.0.0:8443
16:58:12,920 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-8) WFLYUT0006: Undertow HTTPS listener httpspub listening on 0.0.0.0:8442

您也可以尝试连接到端口 8442,以检查问题是否在于您的浏览器中没有客户端证书。

推荐阅读