我已经完成了向glassfish v4添加SSL证书的步骤。我已经验证它通过浏览器和我的java swing客户端(我在客户端使用apache的http客户端库)工作Glassfish v4&SSL - 管理员不再有效
什么不行的是管理控制台!由于成功导入SSL,我无法再连接到管理控制台,http://www.myhost.com:4848,我仍然得到登录屏幕,始终有效的管理员用户名/密码组合已停止工作。当我尝试从netbeans部署一个web应用时,我也注意到了一些问题,但是我还没有研究足够的东西来知道它是否是同一个问题。
以下是我添加ssl证书的步骤。这些将直接从glassfish v4安全指南,p1-26到p1-29中解除。我确实添加了一个步骤来更改主密码,但我应该早一点完成,但我在此包含它。为了保护我的隐私,我还在以下步骤中省略或更改了某些文件夹名称,但除此之外,我已将所有这些复制出终端应用程序。
有谁知道管理员出了什么问题?有一点需要注意 - 遵循glassfish的管理员和安全指南表示,我可以覆写s1的别名。你会注意到我在使用下面的步骤中的证书时使用了别名
在此先感谢您的帮助!
步骤1 - 停止服务器
/usr/home/myhost
110 % glassfish4/bin/asadmin stop-domain domain1
Waiting for the domain to stop .
Command stop-domain executed successfully.
步骤2 - 更新主密码
/usr/home/myhost
110 % glassfish4/bin/asadmin
Use "exit" to exit and "help" for online help.
asadmin> change-master-password domain1
Enter the current master password>
Enter the new master password>
Enter the new master password again>
Command change-master-password executed successfully.
asadmin> exit
Command multimode executed successfully.
步骤3 - 变化的密钥文件
/usr/home/myhost
111 % cd glassfish4/glassfish/domains/domain1/config/
目录
步骤4 - 从密钥库中删除为s1as
/usr/home/myhost/glassfish4/glassfish/domains/domain1/config
113 % keytool -delete -alias s1as -keystore keystore.jks
Enter keystore password:
步骤5 - 生成一个新的密钥对
/usr/home/myhost/glassfish4/glassfish/domains/domain1/config
114 % keytool -genkey -alias s1as -keyalg RSA -keystore keystore.jks -keysize 2048
Enter keystore password:
What is your first and last name?
[Unknown]: www.myhost-dev.com
What is the name of your organizational unit?
[Unknown]: development
What is the name of your organization?
[Unknown]: myhost, inc
What is the name of your City or Locality?
[Unknown]: mycity
What is the name of your State or Province?
[Unknown]: mystate
What is the two-letter country code for this unit?
[Unknown]: us
Is CN=www.myhost-dev.com, OU=development, O="myhost, inc", L=mycity, ST=mystate, C=us correct?
Enter key password for <s1as>
(RETURN if same as keystore password):
步骤6 - 生成证书签名请求文件(CSR)
/usr/home/myhost/glassfish4/glassfish/domains/domain1/config
115 % keytool -certreq -alias s1as -file toSymantec02.csr -keystore keystore.jks
Enter keystore password:
第7步 - 提交CSR到Symantec
步骤8 - 复制从赛门铁克中间和SSL证书到config目录
步骤9 - 进口中间证书
/usr/home/myhost/glassfish4/glassfish/domains/domain1/config
115 % keytool -import -trustcacerts -alias Intermediate -keystore keystore.jks -file IntermediateCA.crt
Enter keystore password:
Certificate was added to keystore
步骤10 - 进口ssl证书
/usr/home/myhost/glassfish4/glassfish/domains/domain1/config
116 % keytool -import -trustcacerts -alias s1as -keystore keystore.jks -file ssl_certificate.crt
Enter keystore password:
Certificate reply was installed in keystore
步11 - 重新启动服务器
/usr/home/myhost
118 % glassfish4/bin/asadmin start-domain domain1
Enter master password (3) attempt(s) remain)>
Waiting for domain1 to start ...............................
Successfully started the domain : domain1
domain Location: /usr/home/myhost/glassfish4/glassfish/domains/domain1
Log File:/usr/home/myhost/glassfish4/glassfish/domains/domain1/logs/server.log
Admin Port: 4848
Command start-domain executed successfully.
迈克!非常感谢先生!你的建议做了诀窍 - 并感谢背景信息 – cotfessi