0

我有点不知道如何在 WidlFly 11 中使用证书。我是文档,发现了很多术语,如 JSSE、OpenSSL、Elytron、ApplicationRealm。执行代码时出现问题

final URL url = new URL("https://someUrl");
HttpsURLConnection httpURLConnection = (HttpsURLConnection)url.openConnection();

抛出此异常sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

那么,究竟需要配置什么?我尝试了Elytron Doccumentation中的“为应用程序启用单向 SSL/TLS”部分,但没有奏效。

ps:我使用的是java 9.01 ps2:我使用的是standalone-full.xml

如果您需要更多信息,请告诉我

4

2 回答 2

4

This is unrelated to WildFly - you need to configure certificates trusted by java URL connections - you need to create and configure truststore:

  1. create keystore containing certificate of server (if it is self-signed certificate), or better, certificate of its CA:

    keytool -import -file myCA.cert -alias myCA -storepass mypassword -noprompt -keystore my.truststore

  2. start using created keystore file as truststore in WildFly by setting javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword system properties:

    bin/jboss-cli.sh -c
/system-property=javax.net.ssl.trustStore:add(value="/path/to/my.truststore")
/system-property=javax.net.ssl.trustStorePassword:add(value="mypassword")

Elytron documentation you mention is related only to server side - but this is client side configuration, which is not currently handled by it.

于 2018-03-08T11:35:59.547 回答
1

该证书不受信任,iirc 在 WildFly 11 中有一个自签名证书,因此您需要信任它或安装真正的证书。 在 Java 客户端中接受服务器的自签名 ssl 证书

于 2018-01-31T05:34:56.647 回答