问题描述
我已经设置gemfire.properties,以使Web组件使用ssl-enabled-components=web并要求设置SSL并设置密钥库.定位器和服务器正常运行,并且GFSH连接到JMX管理器.但是,当我尝试启动Swagger UI时,我得到的是ERR_SSL_VERSION_OR_CIPHER_MISMATCH.当配置是ssl-ciphers=和ssl-protocols=或设置为any ...
I've setup gemfire.properties to make the web component require SSL using ssl-enabled-components=web and setting up a keystore. The locator and server are starting ok and GFSH connects to the JMX manager. However, when I try and start the Swagger UI then I am getting ERR_SSL_VERSION_OR_CIPHER_MISMATCH. It happens when the config is that ssl-ciphers= and ssl-protocols= or set to any...
那么Apache Geode所需的REST API密码是什么?谢谢
So what's the required REST API cipher for Apache Geode? Thanks
推荐答案
我使用通过以下方式创建的基本证书对此进行了测试:
I tested this with a basic cert created with the following:
keytool -genkeypair -alias self -dname "CN=trusted" \
-validity 3650 -keypass password -keystore ./trusted.keystore \
-storepass password -storetype JKS
以您描述的方式失败.我重新创建了证书,并在-keyalg EC中使用了不同的密钥算法,然后工作了.我会在某个时候能否给出更详细的解释.
It failed in the way you describe. I recreated the cert and used a different key algorithm with -keyalg EC and then worked. I'll see if I can give a more detailed explanation at some point.
更新:
我正在使用Mac OS,我的/Library/Java/JavaVirtualMachines/jdk1.8.0_121.jdk/Contents/Home/jre/lib/security/java.security文件包含以下证书限制:
I'm using Mac OS and my /Library/Java/JavaVirtualMachines/jdk1.8.0_121.jdk/Contents/Home/jre/lib/security/java.security file contains the following restriction for certificates:
jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
DSA keySize < 1024, EC keySize < 224
使用-keyalg EC时,生成的证书使用SHA256withECDSA签名,但是如果没有该选项,则使用SHA1withDSA签名,因此不可接受.
With -keyalg EC, the generated certificate is signed with SHA256withECDSA, but without that option it is signed with SHA1withDSA, so not acceptable.
这篇关于使Geode REST API与SSL一起使用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!