英文:
how to enable https with glassfish 6.2.5
问题
我正在尝试在Windows上使用GlassFish 6.2.5启用https。
我使用以下命令生成了证书:
openssl genpkey -algorithm RSA -out private.key
openssl req -new -key private.key -out certificate.csr
openssl x509 -req -in certificate.csr -signkey private.key -out certificate.crt
我使用以下命令将证书导入cacerts:
keytool -import -trustcacerts -keystore "C:\Program Files\glassfish6\glassfish\domains\domain1\config\cacerts.jks" -file "C:\Program Files\TLM Com\certificates\certificate.crt" -alias ssl
我使用以下命令将证书导入密钥库:
keytool -import -trustcacerts -keystore "C:\Program Files\glassfish6\glassfish\domains\domain1\config\keystore.jks" -file "C:\certificates\certificate.crt" -alias ssl
然后,我在GlassFish中更改了以下设置:
- http-listener-2
- general
- port -> 443
- security -> enabled
- ssl
- ssl3 -> enabled
- tls -> enabled
- certificate nickname -> ssl
- general
我重新启动了GlassFish服务器,但当我尝试访问URL时没有响应。
我在GlassFish中启用了SSL调试,出现以下错误:
javax.net.ssl|DEBUG|A2|http-listener-2(3)|2023-05-25 14:39:36.621 CEST|SSLCipher.java:1870|KeyLimit read side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|DEBUG|A2|http-listener-2(3)|2023-05-25 14:39:36.622 CEST|SSLCipher.java:2024|KeyLimit write side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|ALL|A2|http-listener-2(3)|2023-05-25 14:39:36.622 CEST|X509Authentication.java:312|ssl is not a private key entry
javax.net.ssl|ERROR|A2|http-listener-2(3)|2023-05-25 14:39:36.623 CEST|TransportContext.java:363|Fatal (HANDSHAKE_FAILURE): No available authentication scheme
请问还需要什么信息或帮助吗?
英文:
I am trying to enable https with glassfish 6.2.5 on windows.
I generated a certificate with this command:
openssl genpkey -algorithm RSA -out private.key
openssl req -new -key private.key -out certificate.csr
openssl x509 -req -in certificate.csr -signkey private.key -out certificate.crt
I imported the certificate into the cacerts with this command:
keytool -import -trustcacerts -keystore "C:\Program Files\glassfish6\glassfish\domains\domain1\config\cacerts.jks" -file "C:\Program Files\TLM Com\certificates\certificate.crt" -alias ssl
I imported the certificate into the keystore with this command:
keytool -import -trustcacerts -keystore "C:\Program Files\glassfish6\glassfish\domains\domain1\config\keystore.jks" -file "C:\certificates\certificate.crt" -alias ssl
I changed in glassfish the following settings:
- http-listener-2
- general
- port -> 443
- security -> enabled
- ssl
- ssl3 -> enabled
- tls -> enabled
- certificate nickname -> ssl
- general
I restarted the glassfish server and when I try a url I have no response.
I enabled debug ssl in glassfish, I got the following errors:
[2023-05-25T14:39:36.621+0200] [glassfish 6.2] [SEVERE] [] [] [tid: _ThreadID=42 _ThreadName=Thread-8] [timeMillis: 1685018376621] [levelValue: 1000] [[
javax.net.ssl|DEBUG|A2|http-listener-2(3)|2023-05-25 14:39:36.621 CEST|SSLCipher.java:1870|KeyLimit read side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
]]
[2023-05-25T14:39:36.622+0200] [glassfish 6.2] [SEVERE] [] [] [tid: _ThreadID=42 _ThreadName=Thread-8] [timeMillis: 1685018376622] [levelValue: 1000] [[
javax.net.ssl|DEBUG|A2|http-listener-2(3)|2023-05-25 14:39:36.622 CEST|SSLCipher.java:2024|KeyLimit write side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
]]
[2023-05-25T14:39:36.622+0200] [glassfish 6.2] [SEVERE] [] [] [tid: _ThreadID=42 _ThreadName=Thread-8] [timeMillis: 1685018376622] [levelValue: 1000] [[
javax.net.ssl|ALL|A2|http-listener-2(3)|2023-05-25 14:39:36.622 CEST|X509Authentication.java:312|ssl is not a private key entry
]]
[2023-05-25T14:39:36.622+0200] [glassfish 6.2] [SEVERE] [] [] [tid: _ThreadID=42 _ThreadName=Thread-8] [timeMillis: 1685018376622] [levelValue: 1000] [[
javax.net.ssl|ALL|A2|http-listener-2(3)|2023-05-25 14:39:36.622 CEST|X509Authentication.java:312|ssl is not a private key entry
]]
[2023-05-25T14:39:36.622+0200] [glassfish 6.2] [SEVERE] [] [] [tid: _ThreadID=42 _ThreadName=Thread-8] [timeMillis: 1685018376622] [levelValue: 1000] [[
javax.net.ssl|ALL|A2|http-listener-2(3)|2023-05-25 14:39:36.622 CEST|X509Authentication.java:312|ssl is not a private key entry
]]
[2023-05-25T14:39:36.622+0200] [glassfish 6.2] [SEVERE] [] [] [tid: _ThreadID=42 _ThreadName=Thread-8] [timeMillis: 1685018376622] [levelValue: 1000] [[
javax.net.ssl|ALL|A2|http-listener-2(3)|2023-05-25 14:39:36.622 CEST|X509Authentication.java:312|ssl is not a private key entry
]]
[2023-05-25T14:39:36.622+0200] [glassfish 6.2] [SEVERE] [] [] [tid: _ThreadID=42 _ThreadName=Thread-8] [timeMillis: 1685018376622] [levelValue: 1000] [[
javax.net.ssl|ALL|A2|http-listener-2(3)|2023-05-25 14:39:36.622 CEST|X509Authentication.java:312|ssl is not a private key entry
]]
[2023-05-25T14:39:36.622+0200] [glassfish 6.2] [SEVERE] [] [] [tid: _ThreadID=42 _ThreadName=Thread-8] [timeMillis: 1685018376622] [levelValue: 1000] [[
javax.net.ssl|ALL|A2|http-listener-2(3)|2023-05-25 14:39:36.622 CEST|X509Authentication.java:312|ssl is not a private key entry
]]
[2023-05-25T14:39:36.622+0200] [glassfish 6.2] [SEVERE] [] [] [tid: _ThreadID=42 _ThreadName=Thread-8] [timeMillis: 1685018376622] [levelValue: 1000] [[
javax.net.ssl|ALL|A2|http-listener-2(3)|2023-05-25 14:39:36.622 CEST|X509Authentication.java:312|ssl is not a private key entry
]]
[2023-05-25T14:39:36.622+0200] [glassfish 6.2] [SEVERE] [] [] [tid: _ThreadID=42 _ThreadName=Thread-8] [timeMillis: 1685018376622] [levelValue: 1000] [[
javax.net.ssl|ALL|A2|http-listener-2(3)|2023-05-25 14:39:36.622 CEST|X509Authentication.java:312|ssl is not a private key entry
]]
[2023-05-25T14:39:36.622+0200] [glassfish 6.2] [SEVERE] [] [] [tid: _ThreadID=42 _ThreadName=Thread-8] [timeMillis: 1685018376622] [levelValue: 1000] [[
javax.net.ssl|ALL|A2|http-listener-2(3)|2023-05-25 14:39:36.622 CEST|X509Authentication.java:312|ssl is not a private key entry
]]
[2023-05-25T14:39:36.623+0200] [glassfish 6.2] [SEVERE] [] [] [tid: _ThreadID=42 _ThreadName=Thread-8] [timeMillis: 1685018376623] [levelValue: 1000] [[
javax.net.ssl|ERROR|A2|http-listener-2(3)|2023-05-25 14:39:36.623 CEST|TransportContext.java:363|Fatal (HANDSHAKE_FAILURE): No available authentication scheme (
"throwable" : {
javax.net.ssl.SSLHandshakeException: No available authentication scheme
at
Do you have any idea what is missing please?
Thank you.
答案1
得分: 0
你需要导入密钥库中的私钥。
如果您在以下部分的问题不是“拼写错误”,而是导入了公共证书而不是私钥:
keytool -import -trustcacerts -keystore "C:\Program Files\glassfish6\glassfish\domains\domain1\config\keystore.jks" -file "C:\certificates\certificate.crt" -alias ssl
您需要执行以下操作:
keytool -import -trustcacerts -keystore "C:\Program Files\glassfish6\glassfish\domains\domain1\config\keystore.jks" -file "C:\certificates\private.key" -alias ssl
所以基本上只需将 certificate.crt 替换为 private.key。
您需要先删除现有的条目。
英文:
You have to import the private key in the keystore.
If your question is not a "typo" at the following part, you imported the public certificate instead of the private key:
keytool -import -trustcacerts -keystore "C:\Program Files\glassfish6\glassfish\domains\domain1\config\keystore.jks" -file "C:\certificates\certificate.crt" -alias ssl
You have to do this:
keytool -import -trustcacerts -keystore "C:\Program Files\glassfish6\glassfish\domains\domain1\config\keystore.jks" -file "C:\certificates\private.key" -alias ssl
So basically just exchange certificate.crt with private.key.
You'll have to remove the existing entry first.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论