配置 jboss web 应用程序以支持 SSL

配置 jboss web 应用程序以支持 SSL

我有一个 Spring JSF Web 应用程序,它部署在 JBoss6 应用程序服务器中,我想为其添加 SSL(即 https)。如何使用 JBoss6 以正确的方式执行此操作?

我已启用 jboss6\server\default\deploy\jbossweb.sar\server.xml 文件,如下所示,

 <Connector protocol="HTTP/1.1" SSLEnabled="true" 
       port="${jboss.web.https.port}" address="${jboss.bind.address}"
       scheme="https" secure="true" clientAuth="false" 
       keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore" 
       keystorePass="rmi+ssl" sslProtocol = "TLS" /> 

部署应用程序时出现以下错误。

Caused by: java.security.UnrecoverableKeyException: Password verification failed
    at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769) [:1.6.0_22]
    ... 149 more

14:12:21,476 ERROR [AbstractKernelController] Error installing to Start: name=WebServer state=Create: LifecycleException:  Protocol handler initialization failed: java.io.IOException: Keystore was tampered with, or password was incorrect
    at org.apache.catalina.connector.Connector.initialize(Connector.java:1020) [:6.0.0.Final]
    at org.apache.catalina.core.StandardService.initialize(StandardService.java:701) [:6.0.0.Final]
    at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:443) [:6.0.0.Final]
    at org.jboss.web.tomcat.service.deployers.TomcatService.startService(TomcatService.java:359) [:6.0.0.Final]
    at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:355) [:6.0.0.Final (Build SVNTag:JBoss_6.0.0.Final date: 20101228)]
    at org.jboss.system.ServiceMBeanSupport.pojoStart(ServiceMBeanSupport.java:195) [:6.0.0.Final (Build SVNTag:JBoss_6.0.0.Final date: 20101228)]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_22]
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [:1.6.0_22]

答案1

确保 server.xml 中有这个,

     <Connector port="443" maxHttpHeaderSize="8192"
     maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
     enableLookups="false" disableUploadTimeout="true"
     acceptCount="100" scheme="https" secure="true"
     **keystoreFile="/path/to/file/mycert.jks"**
     clientAuth="false" sslProtocol="TLS">

用这个关联以供参考。

相关内容