WAS 7.0,我已经设置了一个密钥库(带有 CA 签名者)和 SSL 配置,并为出站连接设置了动态 SSL 配置,所有这些都在集群级别。但是,这不会在出站呼叫期间接听。而是寻找 AppServer/Java/jre/lib/security/cacerts。它无法找到证书,因此未通过出站连接的证书。
我已经为 jvm 启用了 javax.net.ssl 日志记录,但是在集群级别设置的出站 SSL 配置没有显示在日志中。
我们可以配置/强制使用 WAS 密钥库而不是 java 密钥库吗?我们在哪里可以配置它以使用 java 密钥库而不是 WAS 密钥库?
SystemOut O setting up default SSLSocketFactory
SystemOut O try to load via ThreadContext Class Loader
SystemOut O ClassLoader
com.ibm.ws.classloader.CompoundClassLoader@53975397[war:xxxx/xxxx-war-2.1.0.0-SNAPSHOT.war]
Local ClassPath: /xxxxx/app/profiles/base/installedApps/xxxx/xxx.ear/xxx-war-2.1.0.0-SNAPSHOT.war
Parent: com.ibm.ws.classloader.CompoundClassLoader@51da51da[app:xxxx]
Delegation Mode: PARENT_FIRST
SystemOut O URL is file:/xxxxx/app/WebSphere/AppServer/plugins/com.ibm.ws.security.crypto.jar
SystemOut O URL is of type File
SystemOut O Try to get Jar file
SystemOut O verifySingleJarFile
SystemOut O Get the manifest file
SystemOut O verify if jar is signed by trusted signer
SystemOut O verification complete
SystemOut O Classloaded
SystemOut O class com.ibm.websphere.ssl.protocol.SSLSocketFactory is loaded
SystemOut O instantiated an instance of class com.ibm.websphere.ssl.protocol.SSLSocketFactory
SystemOut O keyStore is: /xxxx/xxxx/app/WebSphere/AppServer/java/jre/lib/security/cacerts
SystemOut O keyStore type is: jks
SystemOut O keyStore provider is:
SystemOut O init keystore
SystemOut O SSLContextImpl: Using X509ExtendedKeyManager com.ibm.jsse2.hd
SystemOut O trustStore is: /xxxx/xxxx/app/WebSphere/AppServer/java/jre/lib/security/cacerts
SystemOut O trustStore type is: jks
SystemOut O trustStore provider is:
SystemOut O init truststore