2

在我将 JBoss AS 7.1.1 配置为使用 ssl 作为管理接口后,我的 JBoss AS 7.1.1 出现问题。

我按照本指南来保护管理控制台。这行得通。

但是现在我意识到本机管理界面不再起作用了。
当我通过 JBoss 工具在 Eclipse 中启动我的 JBoss 时,我收到很多以下错误消息:

 ERROR [org.jboss.remoting.remote.connection] (Remoting "myhost:MANAGEMENT" read-1) JBREM000200: Remote connection failed: javax.net.ssl.SSLException: Received fatal alert: certificate_unknown

我在以下配置standalone.xml

 <management>
    <security-realms>
        <security-realm name="ManagementRealm">
            <server-identities>
                <ssl>
                    <keystore path="my.keystore" relative-to="jboss.server.config.dir" password="xxPASSxx"/>
                </ssl>
            </server-identities>
            <authentication>
                <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
            </authentication>
        </security-realm>
        ...
    </security-realms>
    <management-interfaces>
        <native-interface security-realm="ManagementRealm">
            <socket-binding native="management-native"/>
        </native-interface>
        <http-interface security-realm="ManagementRealm">
            <socket-binding https="management-https"/>
        </http-interface>
    </management-interfaces>
</management>

<interfaces>
    <interface name="management">
        <any-address/>
    </interface>
    ...
</interfaces>

<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
    <socket-binding name="management-native" interface="management" port="${jboss.management.native.port:9999}"/>
    <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9443}"/>
    <socket-binding name="ajp" port="8009"/>
    <socket-binding name="http" port="8080"/>
    <socket-binding name="https" port="8443"/>
    <socket-binding name="osgi-http" interface="management" port="8090"/>
    <socket-binding name="remoting" port="4447"/>
    <socket-binding name="txn-recovery-environment" port="4712"/>
    <socket-binding name="txn-status-manager" port="4713"/>
    <socket-binding name="messaging" port="5445"/>
    <socket-binding name="messaging-throughput" port="5455"/>
    <outbound-socket-binding name="mail-smtp">
        <remote-destination host="localhost" port="25"/>
    </outbound-socket-binding>
</socket-binding-group>

我错过了什么?

4

1 回答 1

0

您需要-vmargs将该点提供给您的信任库。例如:

C:\Eclipse\DevStudio64Bit\studio\jbdevstudio.exe -vmargs "-Djavax.net.ssl.trustStore=/opt/apps/java/keystore/localhost.jks"

这将允许 Eclipse 将有效证书传递给服务器以进行管理。

于 2013-07-12T16:23:38.940 回答