使用自定义SSL配置的java启动WebLogic服务器
目前,我正在使用Oracle WebLogic Server 12c进行一点试验。 我设置了一个新域来试验SSL。 我已经创建了自定义身份存储、证书和信任 按照此处的说明:https://helpx.adobe.com/uk/experience-manager/6-3/forms/using/admin-help/configuring-ssl-weblogic-server.html#creating_an_ssl_credential_for_use_on_weblogic_server
我还设置了我的AdminServer来使用这些,我可以通过激活域范围的管理端口并连接到管理控制台来测试。我在浏览器中检查了提供的证书,可以验证这是我的自定义证书
到目前为止还不错。但是,当我创建托管服务器,并将其配置为同时使用自定义标识、信任和证书,并将设置保存在管理控制台中时,我无法使用提供的startManagedWebLogic启动服务器。sh脚本。 失败的原因是,正如我在日志中看到的,服务器试图使用DemoCert和DemoTrust。因此,它无法连接到AdminServer,无法加载其配置
我的问题是: 如果一开始总是使用默认设置启动托管服务器,那么我应该如何使用自定义SSL设置启动托管服务器?有没有办法修改启动脚本以使用不同的默认值?还是有不同的“最佳实践”
服务器未启动的错误有:
<Apr 6, 2020 2:40:46,041 PM CEST> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: A MultiException has 6 exceptions. They are:
1. weblogic.security.SecurityInitializationException: Authentication for user weblogic denied.
2. java.lang.IllegalStateException: Unable to perform operation: post construct on weblogic.security.SecurityService
3. java.lang.IllegalArgumentException: While attempting to resolve the dependencies of weblogic.jndi.internal.RemoteNamingService errors were found
4. java.lang.IllegalStateException: Unable to perform operation: resolve on weblogic.jndi.internal.RemoteNamingService
5. java.lang.IllegalArgumentException: While attempting to resolve the dependencies of weblogic.io.common.internal.FileService errors were found
6. java.lang.IllegalStateException: Unable to perform operation: resolve on weblogic.io.common.internal.FileService
A MultiException has 6 exceptions. They are:
1. weblogic.security.SecurityInitializationException: Authentication for user weblogic denied.
2. java.lang.IllegalStateException: Unable to perform operation: post construct on weblogic.security.SecurityService
3. java.lang.IllegalArgumentException: While attempting to resolve the dependencies of weblogic.jndi.internal.RemoteNamingService errors were found
4. java.lang.IllegalStateException: Unable to perform operation: resolve on weblogic.jndi.internal.RemoteNamingService
5. java.lang.IllegalArgumentException: While attempting to resolve the dependencies of weblogic.io.common.internal.FileService errors were found
6. java.lang.IllegalStateException: Unable to perform operation: resolve on weblogic.io.common.internal.FileService
at org.jvnet.hk2.internal.Collector.throwIfErrors(Collector.java:89)
at org.jvnet.hk2.internal.ClazzCreator.resolveAllDependencies(ClazzCreator.java:250)
at org.jvnet.hk2.internal.ClazzCreator.create(ClazzCreator.java:358)
at org.jvnet.hk2.internal.SystemDescriptor.create(SystemDescriptor.java:487)
at org.glassfish.hk2.runlevel.internal.AsyncRunLevelContext.findOrCreate(AsyncRunLevelContext.java:305)
Truncated. see log file for complete stacktrace
Caused By: weblogic.security.SecurityInitializationException: Authentication for user weblogic denied.
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:1158)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.postInitialize(CommonSecurityServiceManagerDelegateImpl.java:1272)
at weblogic.security.service.SecurityServiceManager.postInitialize(SecurityServiceManager.java:586)
at weblogic.security.SecurityService.start(SecurityService.java:130)
at weblogic.server.AbstractServerService.postConstruct(AbstractServerService.java:76)
Truncated. see log file for complete stacktrace
Caused By: javax.security.auth.login.FailedLoginException: [Security:090938]Authentication failure: The specified user failed to log in. weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090295]caught unexpected exception, No such object
at com.bea.common.security.utils.ExceptionHandler.throwFailedLoginException(ExceptionHandler.java:62)
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:369)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:117)
at java.security.AccessController.doPrivileged(Native Method)
at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:114)
Truncated. see log file for complete stacktrace
>
我已经检查了用户名和密码,它们输入正确
编辑:如果我禁用管理端口,并使用
startManagedWeblogic ms0 t3://localhost:7001 (1)
而不是
startManagedWeblogic ms0 t3s://localhost:9001 (2)
服务器按预期启动。启用管理端口(2)的连续启动确实成功,尽管在启动期间尝试访问管理服务器时存在持续问题
编辑2: 感谢下面的回复,我已经尝试使用NodeManager来实现这一点。不幸的是,由于SSL异常,我无法从管理控制台访问它:
javax.net.ssl.SSLHandshakeException
我发现,我必须将Nodemanager配置为在Nodemanager中也使用自定义ssl设置。属性文件。 我使用了以下设置:
## SSL ##
# Configure default SSL
KeyStores=CustomIdentityAndCustomTrust
# Identity keystore
CustomIdentityKeyStoreFileName=/home/iffuw/feck-credentials.jks
CustomIdentityKeyStoreType=jks
CustomIdentityKeyStorePassPhrase=whatever
# private key
CustomIdentityAlias=feck-credentials
CustomIdentityPrivateKeyPassPhrase=whatever
# Trust keystore
CustomTrustKeyStoreFileName=/home/iffuw/feck-ca.jks
CustomTrustKeyStoreType=jks
CustomTrustKeyPassPhrase=whatever
CustomTrustKeyStorePassPhrase=whatever
请注意,密码短语并不都是,但两个密钥存储库(Id和Trust)的密码短语是相同的。 当我启动NodeManager时,来自密钥和标识块的密码短语被加密。来自信任块的密码短语结果为空。 这里可能出了点问题,但我不知道是什么。 有什么想法吗?节点管理员。日志说:
<Apr 6, 2020 4:30:40 PM CEST> <INFO> <Upgrade> <Removing NodeManager property: CustomTrustKeyStorePassPhrase>
这正常吗
# 1 楼答案
在脚本startManagedWebLogic中。sh您需要设置参数:
更有用的(示例)SSL/JKS参数:
另一方面,如果通过管理控制台启动托管服务器(实际上是节点管理器在工作),则可以避免这种情况