【发布时间】:2014-04-24 05:10:46
【问题描述】:
我已将 xml 文件配置为
<Call name="addConnector">
<Arg>
<New class="org.mortbay.jetty.security.SslSelectChannelConnector">
<Set name="Host">
<SystemProperty default="0.0.0.0" name="https.host"></SystemProperty>
</Set>
<Set name="Port">
<SystemProperty default="0" name="https.port"></SystemProperty>
</Set>
<Set name="MaxIdleTime">60000</Set>
<Set name="Acceptors">5</Set>
<Set name="AcceptQueueSize">100</Set>
<Set name="StatsOn">true</Set>
<Set name="Keystore"><SystemProperty default="." name="java.config"></SystemProperty>/mykeystore.keystore</Set>
<Set name="KeyPassword">password</Set>
<Set name="Password">password</Set>
<Set name="NeedClientAuth">true</Set>
<Set name="WantClientAuth">true</Set>
</New>
</Arg>
</Call>
当 NeedClientAuth 设置为 false 时,我可以打开 https://server.com:50881/admin/
当NeedClientAuth设置为true时,如上参数所示,失败并报错
259498 2014-04-23 12:02:23,881 [825245763@qtp-1957835280-3] WARN org.mortbay.log - javax.net.ssl.SSLHandshakeException: null cert chain
260138 2014-04-23 12:02:24,521 [825245763@qtp-1957835280-3] WARN org.mortbay.log - javax.net.ssl.SSLHandshakeException: null cert chain
260689 2014-04-23 12:02:25,072 [825245763@qtp-1957835280-3] WARN org.mortbay.log - javax.net.ssl.SSLProtocolException: handshake alert: no_certificate
我已将根/中间/签名证书添加到服务器密钥库 我还在客户端 IE 浏览器中添加了 root/intermediate
问题 如有配置错误请指教 并且命令正确运行以创建密钥库并安装来自 CA 的签名证书
创建密钥库 keytool -keystore serverdns.keystore -alias server -genkey -keyalg RSA -keysize 2048
创建 CSR keytool -certreq -alias server -keystore serverdns.keystore -file server.csr
安装签名证书 keytool -import -trustcacerts -alias server -keystore serverdns.keystore -file signedcert.der.cer
【问题讨论】: