1

我尝试使用 cas-server-webapp 登录 cas-management-app,但我遇到了证书路径问题。

我生成了密钥库文件:

"$JAVA_HOME/bin/keytool.exe" -genkey -alias tomcat -keyalg RSA
Enter keystore password:  pass
Re-enter new password: pass
What is your first and last name?
  [Unknown]:  localhost
What is the name of your organizational unit?
  [Unknown]:  localhost
What is the name of your organization?
  [Unknown]:  localhost
What is the name of your City or Locality?
  [Unknown]:  Crc
What is the name of your State or Province?
  [Unknown]:  Lesser
What is the two-letter country code for this unit?
  [Unknown]:  PL
Is CN=localhost, OU=localhost, O=localhost, L=Crc, ST=Lesser, C=PL correct?
  [no]:  yes

Enter key password for <tomcat>
        (RETURN if same as keystore password):  pass
Re-enter new password: pass

我更改了 Tomcat 配置:server.xml

<Connector
           protocol="org.apache.coyote.http11.Http11NioProtocol"
           port="8443" maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           keystoreFile="C:/Users/Mateusz/.keystore" keystorePass="pass"
           clientAuth="false" sslProtocol="TLS"/>

keystoreFile的值是有效路径。

在下一步中,我将(使用浏览器)证书导出到 localhost.crt 并将其添加到 cacerts:

 "$JAVA_HOME/bin/keytool.exe" -import -alias incommon -file <localhost.crt location> -keystore cacerts -storepass changeit

当我列出 cacerts 时,一切正常:

$ "$JAVA_HOME/bin/keytool.exe" -v -list -keystore cacerts -storepass changeit

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: incommon
Creation date: 2015-11-02
Entry type: trustedCertEntry

Owner: CN=localhost, OU=localhost, O=localhost, L=Crc, ST=Lesser, C=PL
Issuer: CN=localhost, OU=localhost, O=localhost, L=Crc, ST=Lesser, C=PL
Serial number: 32432ba5
Valid from: Mon Nov 02 19:19:02 CET 2015 until: Sun Jan 31 19:19:02 CET 2016
Certificate fingerprints:
         MD5:  9F:A6:4A:B0:F3:26:89:60:73:5C:CA:36:59:0A:32:F9
         SHA1: 62:12:60:61:A9:3D:83:E8:1B:C5:3A:85:27:9A:7F:A7:D3:54:7D:D1
         SHA256: F1:43:EE:6E:F7:D4:C6:DF:20:16:71:C1:0D:F5:88:5F:85:21:BE:E6:3C:E5:C1:8D:28:6A:51:BB:38:E7:A2:94
         Signature algorithm name: SHA256withRSA
         Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: B0 94 2A 98 B8 A4 21 71   EB 34 46 D4 16 67 24 E8  ..*...!q.4F..g$.
0010: 67 61 C4 D6                                        ga..
]
]

当我运行 Tomcat 服务器时,打开https://localhost:8443/cas-management我可以看到登录表单。写入用户登录名和密码后,我看到消息:

The CAS management webapp is unavailable.
There was an error trying to complete your request. Please notify your support desk or try again.

日志文件给我信息

SEVERE: Servlet.service() for servlet [default] in context with path [/cas-management] threw exception
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

我尝试使用 InstallCert 类安装证书,但没有任何改变。我还尝试在 Tomcat 配置中使用 truststoreFile 和 truststorePass 设置信任存储路径(jssecacerts)。

我不知道下一步我能做些什么来在我的 Tomcat 服务器上成功配置 SSL。

4

0 回答 0