【发布时间】:2015-05-25 01:48:00
【问题描述】:
我正在尝试在 jboss-as-7.1.1.Final 上配置一种 ssl 自签名方式。 我使用 java keytool 创建了一个密钥库
以下是我用来生成密钥库的命令
keytool -genkey -alias foo -keyalg RSA -keystore foo.keystore -validity 10950
密钥库已生成。我还修改了standalone.xml 文件
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" redirect-port="8443"/>
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
<ssl name="foo-ssl" key-alias="foo" password="password" certificate-key-file="D:\Projects\Fiserv\certificate\self signed\foo.keystore" protocol="TLSv1" verify-client="true"/>
</connector>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
<alias name="example.com"/>
</virtual-server>
</subsystem>
http wprks 很好,但是当我使用 https 时,我得到以下错误
Certificate-based authentication failed
Hide details
This server requires a certificate for authentication, and didn't accept the one sent by the browser. Your certificate may have expired, or the server may not trust its issuer. You can try again with a different certificate, if you have one, or you may have to obtain a valid certificate from elsewhere.
Error code: ERR_BAD_SSL_CLIENT_AUTH_CERT
【问题讨论】: