1. 首页
  2. 问答
  3. 通过SSL进行JBoss管理

通过SSL进行JBoss管理

2013-05-17 83 views
2

我将JBoss AS 7.1.1配置为使用ssl作为管理界面后出现问题。通过SSL进行JBoss管理

我跟着this guide来保护管理控制台。这工作。

但现在我意识到,本地管理界面不再工作。
当我开始我的JBoss在Eclipse中通过JBoss的工具,我有很多这些错误消息:

ERROR [org.jboss.remoting.remote.connection] (Remoting "myhost:MANAGEMENT" read-1) JBREM000200: Remote connection failed: javax.net.ssl.SSLException: Received fatal alert: certificate_unknown

我在standalone.xml以下配置:

<management> 
    <security-realms> 
     <security-realm name="ManagementRealm"> 
      <server-identities> 
       <ssl> 
        <keystore path="my.keystore" relative-to="jboss.server.config.dir" password="xxPASSxx"/> 
       </ssl> 
      </server-identities> 
      <authentication> 
       <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/> 
      </authentication> 
     </security-realm> 
     ... 
    </security-realms> 
    <management-interfaces> 
     <native-interface security-realm="ManagementRealm"> 
      <socket-binding native="management-native"/> 
     </native-interface> 
     <http-interface security-realm="ManagementRealm"> 
      <socket-binding https="management-https"/> 
     </http-interface> 
    </management-interfaces> 
</management> 

<interfaces> 
    <interface name="management"> 
     <any-address/> 
    </interface> 
    ... 
</interfaces> 

<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}"> 
    <socket-binding name="management-native" interface="management" port="${jboss.management.native.port:9999}"/> 
    <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9443}"/> 
    <socket-binding name="ajp" port="8009"/> 
    <socket-binding name="http" port="8080"/> 
    <socket-binding name="https" port="8443"/> 
    <socket-binding name="osgi-http" interface="management" port="8090"/> 
    <socket-binding name="remoting" port="4447"/> 
    <socket-binding name="txn-recovery-environment" port="4712"/> 
    <socket-binding name="txn-status-manager" port="4713"/> 
    <socket-binding name="messaging" port="5445"/> 
    <socket-binding name="messaging-throughput" port="5455"/> 
    <outbound-socket-binding name="mail-smtp"> 
     <remote-destination host="localhost" port="25"/> 
    </outbound-socket-binding> 
</socket-binding-group>

我错过了什么?

来源

2013-05-17 Ben

回答

0

您需要提供指向您的信任库的eclipse -vmargs。例如:

C:\Eclipse\DevStudio64Bit\studio\jbdevstudio.exe -vmargs "-Djavax.net.ssl.trustStore=/opt/apps/java/keystore/localhost.jks"

这将使Eclipse来传递一个有效的证书到服务器进行管理的目的。

来源

2013-07-12 16:23:38

相关问题

 相关问题