https

1 周，1 日 Questions & Answers 1422

我想请求帮助为KeyClope设置https（http正在正确运行） Keyclope在docker（jboss/Keyclope）中以域集群模式运行。现在，我只想让服务器做出响应，这样所有其他功能现在都无关紧要了。我按照官方的KeyClope文档设置：

使用：Keyclope 9.0.2（WildFly Core 10.0.3.最终版）

主人。xml

<security-realm name="UndertowRealm">
<server-identities>
<ssl>
<keystore path="/opt/jboss/keycloak/domain/servers/auth-0/configuration/keycloak.keystore" keystore-password="123456keycloak" alias="t2rkeystore" />
</ssl>
</server-identities>
</security-realm>

二,。领域xml

>  <subsystem xmlns="urn:jboss:domain:undertow:10.0" default-server="default-server"... >
>     <buffer-cache name="default"/>
>     <server name="default-server">
>         <ajp-listener name="ajp" socket-binding="ajp"/>
>         <http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true" proxy-address-forwarding="true"/>
>         <https-listener name="https" socket-binding="https"  security-realm="**UndertowRealm**" enable-http2="true" />
>          <host name="default-host" alias="localhost">
>             <location name="/" handler="welcome-content"/>
>             <http-invoker security-realm="**UndertowRealm**"/>
>                   <filter-ref name="request-dumper"/>
>           </host>
>     </server>...

启动显示https正在8443端口上运行

> keycloak_1  | [Server:auth-0] 13:18:15,700 INFO 
> [org.wildfly.extension.undertow] (MSC service thread 1-3) WFLYUT0006:
> Undertow HTTPS listener https listening on 0.0.0.0:8443

操作系统还显示8443端口正在监听

> tcp6       0      0 :::8443        :::*          LISTEN

Keystore看起来也不错：

> keytool -keystore
> /opt/jboss/keycloak/domain/servers/auth-0/configuration/keycloak.keystore
> -list -v
> 
> Alias name: t2rkeystore Creation date: Apr 3, 2020 Entry type:
> PrivateKeyEntry Certificate chain length: 1 Certificate[1]: Owner:
> CN=t2r, O=Default Company Ltd, L=Default City, C=SK Issuer:
> CN=tatramed.sk, O=Default Company Ltd, L=Default City, C=SK Serial
> number: e59614237777c77e Valid from: Thu Apr 02 09:20:36 GMT 2020
> until: Sun Mar 31 09:20:36 GMT 2030 Certificate fingerprints:
>          SHA1: D7:20:9B:A0:B7:B6:67:B5:1A:CA:8C:72:66:3C:DF:43:EA:CD:2E:92
>          SHA256: 5B:AA:19:45:D5:F6:41:48:B3:F1:85:A7:CB:F9:97:22:58:B2:F3:C7:F1:7E:83:DC:35:DB:B0:A7:B9:26:64:0F
> Signature algorithm name: SHA256withRSA Subject Public Key Algorithm:
> 2048-bit RSA key Version: 1

但是，在chrome页面中，仍然会导致错误连接被拒绝还有卷曲：

> curl -k -i -v --trace - https://localhost:8443 Warning: --trace
> overrides an earlier trace/verbose option
> == Info: About to connect() to localhost port 8443 (#0)
> == Info:   Trying ::1...
> == Info: Connected to localhost (::1) port 8443 (#0)
> == Info: Initializing NSS with certpath: sql:/etc/pki/nssdb
> == Info: NSS error -5938 (PR_END_OF_FILE_ERROR)
> == Info: Encountered end of file
> == Info: Closing connection 0 curl: (35) Encountered end of file

证书通过以下方式使用openssl自行创建：

> openssl genrsa -out keycloak.key 2048 openssl req -new -key
> keycloak.key -out keycloak.csr openssl x509 -req -days 3650 -in
> keycloak.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out
> keycloak.crt openssl pkcs12 -export -in keycloak.crt -inkey
> keycloak.key -out keycloak.p12 -name t2rkeystore -CAfile ca.crt
> //password: 123456keycloak
> 
> keytool -importkeystore -deststorepass 123456keycloak -destkeystore
> /opt/jboss/keycloak/domain/servers/auth-0/configuration/keycloak.keystore
> -srckeystore /opt/jboss/keycloak/domain/servers/auth-0/configuration/keycloak.p12
> -srcstoretype PKCS12 -srcstorepass 123456keycloak

还尝试了“elytron->；服务器ssl上下文”方式，结果相同：(

我错过了什么吗

谢谢你的建议

Python中文网

有 Java 编程相关的问题?

java为jboss/KeyClope设置ssl/https

共 (0) 个答案