我正在尝试在jboss-as-7.1.1.Final上配置ssl自签名的一种方法。
我已经使用Java keytool创建了密钥库
以下是我用来生成密钥库的命令
keytool -genkey -alias foo -keyalg RSA -keystore foo.keystore -validity 10950
密钥库已生成。我已经修改了standalone.xml文件
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" redirect-port="8443"/>
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
<ssl name="foo-ssl" key-alias="foo" password="password" certificate-key-file="D:\Projects\Fiserv\certificate\self signed\foo.keystore" protocol="TLSv1" verify-client="true"/>
</connector>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
<alias name="example.com"/>
</virtual-server>
</subsystem>
http wprks很好,但是当我使用https时,出现以下错误
Certificate-based authentication failed
Hide details
This server requires a certificate for authentication, and didn't accept the one sent by the browser. Your certificate may have expired, or the server may not trust its issuer. You can try again with a different certificate, if you have one, or you may have to obtain a valid certificate from elsewhere.
Error code: ERR_BAD_SSL_CLIENT_AUTH_CERT
最佳答案
您需要将verify-client =“ true”设置为false。现在,您已指定客户端也必须出示证书(即相互认证)。多数民众赞成在错误代码说:ERR_BAD_SSL_CLIENT_AUTH_CERT