0

我是 ejbca 的新手,我必须将它安装在虚拟机上才能工作

    Ubuntu 20.04
    ejbca_7_4_3_2
    wildfly-18.0.0.Final
    mariadb-server version: 10.3.32-MariaDB-0ubuntu0.20.04.1 Ubuntu 20.04
    openjdk version "1.8.0_312"
    Apache Ant(TM) version 1.10.7 compiled on October 24 2019

经过几次尝试(并且克隆和删除了很多虚拟机),我终于通过命令得到“构建成功”消息,ant runinstall但是ant deploy-keystore 当我尝试使用 URL https://localhost:8443/ejbca/ (证书SuperAdmin.p12 已安装)我的浏览器(firefox 96.0 64bits)给出消息


    An error occurred during a connection to localhost:8443. Cannot communicate securely with peer: no common encryption algorithm(s).
    
    Error code: SSL_ERROR_NO_CYPHER_OVERLAP

我的日志文件中有这个错误,第一个与ant -q clean deployear 最后一个相关,每次我尝试通过 URL https://localhost:8443/ejbca/ 访问时都会出现


    ERROR [org.jboss.as.jsf] (MSC service thread 1-1) WFLYJSF0002: Could not load JSF managed bean class: org.ejbca.ui.web.admin.peerconnector.PeerConnectorMBean



    ERROR [io.undertow.request] (default I/O-2) Closing SSLConduit after exception on handshake: javax.net.ssl.SSLHandshakeException: no cipher suites in common
      at sun.security.ssl.Alert.createSSLException(Alert.java:131)
      at sun.security.ssl.Alert.createSSLException(Alert.java:117)
      at sun.security.ssl.TransportContext.fatal(TransportContext.java:311)
      at sun.security.ssl.TransportContext.fatal(TransportContext.java:267)
      at sun.security.ssl.TransportContext.fatal(TransportContext.java:258)
      at sun.security.ssl.ServerHello$T12ServerHelloProducer.chooseCipherSuite(ServerHello.java:461)
      at sun.security.ssl.ServerHello$T12ServerHelloProducer.produce(ServerHello.java:296)
      at sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:421)
      at sun.security.ssl.ClientHello$T12ClientHelloConsumer.consume(ClientHello.java:1020)
      at sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:727)
      at sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:693)
      at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377)
      at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
      at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:981)
      at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:968)
      at java.security.AccessController.doPrivileged(Native Method)
      at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:915)
      at io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1072)
      at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
      at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
      at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
      at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
      at java.lang.Thread.run(Thread.java:748)
4

1 回答 1

0

错误 [io.undertow.request] (默认 I/O-2) 异常后关闭 SSLConduit

听起来像是 TLS 配置问题。您将在运行的命令中找到配置 WildFly 时所做的 TLS 配置:

/opt/wildfly/bin/jboss-cli.sh --connect '/subsystem=elytron/server-ssl-context=httpspriv:add(key-manager=httpsKM,protocols=["TLSv1.2"],use-cipher -suites-order=false,cipher-suite-filter="TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",trust-manager=httpsTM,need-client-auth=true)'

结果在 WildFly 中的standalone.xml 中某处,您可以直接在 WildFly 中对其进行修改。例如,如果您在使用上述 RSA 算法选择时在服务器证书中有 EC 密钥。

在 server.log 中,如果解析值或密钥库时出现任何错误,您还应该看到 WildFly 何时启动。确保您的服务器和客户端证书具有与 TLS 算法设置匹配的密钥和算法,否则 WildFly 将删除这些算法。

于 2022-01-28T14:53:40.330 回答