如何在GlassFish 6.2.5中启用HTTPS。

huangapple go评论62阅读模式
英文:

how to enable https with glassfish 6.2.5

问题

我正在尝试在Windows上使用GlassFish 6.2.5启用https。

我使用以下命令生成了证书:

openssl genpkey -algorithm RSA -out private.key
openssl req -new -key private.key -out certificate.csr
openssl x509 -req -in certificate.csr -signkey private.key -out certificate.crt

我使用以下命令将证书导入cacerts:

keytool -import -trustcacerts -keystore "C:\Program Files\glassfish6\glassfish\domains\domain1\config\cacerts.jks" -file "C:\Program Files\TLM Com\certificates\certificate.crt" -alias ssl

我使用以下命令将证书导入密钥库:

keytool -import -trustcacerts -keystore "C:\Program Files\glassfish6\glassfish\domains\domain1\config\keystore.jks" -file "C:\certificates\certificate.crt" -alias ssl

然后,我在GlassFish中更改了以下设置:

  • http-listener-2
    • general
      • port -> 443
      • security -> enabled
    • ssl
      • ssl3 -> enabled
      • tls -> enabled
      • certificate nickname -> ssl

我重新启动了GlassFish服务器,但当我尝试访问URL时没有响应。

我在GlassFish中启用了SSL调试,出现以下错误:

javax.net.ssl|DEBUG|A2|http-listener-2(3)|2023-05-25 14:39:36.621 CEST|SSLCipher.java:1870|KeyLimit read side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|DEBUG|A2|http-listener-2(3)|2023-05-25 14:39:36.622 CEST|SSLCipher.java:2024|KeyLimit write side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|ALL|A2|http-listener-2(3)|2023-05-25 14:39:36.622 CEST|X509Authentication.java:312|ssl is not a private key entry
javax.net.ssl|ERROR|A2|http-listener-2(3)|2023-05-25 14:39:36.623 CEST|TransportContext.java:363|Fatal (HANDSHAKE_FAILURE): No available authentication scheme

请问还需要什么信息或帮助吗?

英文:

I am trying to enable https with glassfish 6.2.5 on windows.

I generated a certificate with this command:

openssl genpkey -algorithm RSA -out private.key
openssl req -new -key private.key -out certificate.csr
openssl x509 -req -in certificate.csr -signkey private.key -out certificate.crt

I imported the certificate into the cacerts with this command:

keytool -import -trustcacerts -keystore "C:\Program Files\glassfish6\glassfish\domains\domain1\config\cacerts.jks" -file "C:\Program Files\TLM Com\certificates\certificate.crt" -alias ssl

I imported the certificate into the keystore with this command:

keytool -import -trustcacerts -keystore "C:\Program Files\glassfish6\glassfish\domains\domain1\config\keystore.jks" -file "C:\certificates\certificate.crt" -alias ssl

I changed in glassfish the following settings:

  • http-listener-2
    • general
      • port -> 443
      • security -> enabled
    • ssl
      • ssl3 -> enabled
      • tls -> enabled
      • certificate nickname -> ssl

I restarted the glassfish server and when I try a url I have no response.

I enabled debug ssl in glassfish, I got the following errors:

[2023-05-25T14:39:36.621+0200] [glassfish 6.2] [SEVERE] [] [] [tid: _ThreadID=42 _ThreadName=Thread-8] [timeMillis: 1685018376621] [levelValue: 1000] [[

javax.net.ssl|DEBUG|A2|http-listener-2(3)|2023-05-25 14:39:36.621 CEST|SSLCipher.java:1870|KeyLimit read side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
]]

[2023-05-25T14:39:36.622+0200] [glassfish 6.2] [SEVERE] [] [] [tid: _ThreadID=42 _ThreadName=Thread-8] [timeMillis: 1685018376622] [levelValue: 1000] [[
javax.net.ssl|DEBUG|A2|http-listener-2(3)|2023-05-25 14:39:36.622 CEST|SSLCipher.java:2024|KeyLimit write side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
]]

[2023-05-25T14:39:36.622+0200] [glassfish 6.2] [SEVERE] [] [] [tid: _ThreadID=42 _ThreadName=Thread-8] [timeMillis: 1685018376622] [levelValue: 1000] [[
javax.net.ssl|ALL|A2|http-listener-2(3)|2023-05-25 14:39:36.622 CEST|X509Authentication.java:312|ssl is not a private key entry
]]

[2023-05-25T14:39:36.622+0200] [glassfish 6.2] [SEVERE] [] [] [tid: _ThreadID=42 _ThreadName=Thread-8] [timeMillis: 1685018376622] [levelValue: 1000] [[
javax.net.ssl|ALL|A2|http-listener-2(3)|2023-05-25 14:39:36.622 CEST|X509Authentication.java:312|ssl is not a private key entry
]]

[2023-05-25T14:39:36.622+0200] [glassfish 6.2] [SEVERE] [] [] [tid: _ThreadID=42 _ThreadName=Thread-8] [timeMillis: 1685018376622] [levelValue: 1000] [[
javax.net.ssl|ALL|A2|http-listener-2(3)|2023-05-25 14:39:36.622 CEST|X509Authentication.java:312|ssl is not a private key entry
]]

[2023-05-25T14:39:36.622+0200] [glassfish 6.2] [SEVERE] [] [] [tid: _ThreadID=42 _ThreadName=Thread-8] [timeMillis: 1685018376622] [levelValue: 1000] [[
javax.net.ssl|ALL|A2|http-listener-2(3)|2023-05-25 14:39:36.622 CEST|X509Authentication.java:312|ssl is not a private key entry
]]

[2023-05-25T14:39:36.622+0200] [glassfish 6.2] [SEVERE] [] [] [tid: _ThreadID=42 _ThreadName=Thread-8] [timeMillis: 1685018376622] [levelValue: 1000] [[
javax.net.ssl|ALL|A2|http-listener-2(3)|2023-05-25 14:39:36.622 CEST|X509Authentication.java:312|ssl is not a private key entry
]]

[2023-05-25T14:39:36.622+0200] [glassfish 6.2] [SEVERE] [] [] [tid: _ThreadID=42 _ThreadName=Thread-8] [timeMillis: 1685018376622] [levelValue: 1000] [[
javax.net.ssl|ALL|A2|http-listener-2(3)|2023-05-25 14:39:36.622 CEST|X509Authentication.java:312|ssl is not a private key entry
]]

[2023-05-25T14:39:36.622+0200] [glassfish 6.2] [SEVERE] [] [] [tid: _ThreadID=42 _ThreadName=Thread-8] [timeMillis: 1685018376622] [levelValue: 1000] [[
javax.net.ssl|ALL|A2|http-listener-2(3)|2023-05-25 14:39:36.622 CEST|X509Authentication.java:312|ssl is not a private key entry
]]

[2023-05-25T14:39:36.622+0200] [glassfish 6.2] [SEVERE] [] [] [tid: _ThreadID=42 _ThreadName=Thread-8] [timeMillis: 1685018376622] [levelValue: 1000] [[
javax.net.ssl|ALL|A2|http-listener-2(3)|2023-05-25 14:39:36.622 CEST|X509Authentication.java:312|ssl is not a private key entry
]]

[2023-05-25T14:39:36.622+0200] [glassfish 6.2] [SEVERE] [] [] [tid: _ThreadID=42 _ThreadName=Thread-8] [timeMillis: 1685018376622] [levelValue: 1000] [[
javax.net.ssl|ALL|A2|http-listener-2(3)|2023-05-25 14:39:36.622 CEST|X509Authentication.java:312|ssl is not a private key entry
]]

[2023-05-25T14:39:36.623+0200] [glassfish 6.2] [SEVERE] [] [] [tid: _ThreadID=42 _ThreadName=Thread-8] [timeMillis: 1685018376623] [levelValue: 1000] [[
javax.net.ssl|ERROR|A2|http-listener-2(3)|2023-05-25 14:39:36.623 CEST|TransportContext.java:363|Fatal (HANDSHAKE_FAILURE): No available authentication scheme (
"throwable" : {
javax.net.ssl.SSLHandshakeException: No available authentication scheme
at

Do you have any idea what is missing please?

Thank you.

答案1

得分: 0

你需要导入密钥库中的私钥。

如果您在以下部分的问题不是“拼写错误”,而是导入了公共证书而不是私钥:

keytool -import -trustcacerts -keystore "C:\Program Files\glassfish6\glassfish\domains\domain1\config\keystore.jks" -file "C:\certificates\certificate.crt" -alias ssl

您需要执行以下操作:

keytool -import -trustcacerts -keystore "C:\Program Files\glassfish6\glassfish\domains\domain1\config\keystore.jks" -file "C:\certificates\private.key" -alias ssl

所以基本上只需将 certificate.crt 替换为 private.key。

您需要先删除现有的条目。

英文:

You have to import the private key in the keystore.

If your question is not a "typo" at the following part, you imported the public certificate instead of the private key:

keytool -import -trustcacerts -keystore "C:\Program Files\glassfish6\glassfish\domains\domain1\config\keystore.jks" -file "C:\certificates\certificate.crt" -alias ssl

You have to do this:

keytool -import -trustcacerts -keystore "C:\Program Files\glassfish6\glassfish\domains\domain1\config\keystore.jks" -file "C:\certificates\private.key" -alias ssl

So basically just exchange certificate.crt with private.key.

You'll have to remove the existing entry first.

huangapple
  • 本文由 发表于 2023年5月25日 17:42:47
  • 转载请务必保留本文链接:https://go.coder-hub.com/76330915.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定