使用密钥库文件部署 HTTPRouter 操作时出现问题
我正在尝试从自签名证书创建密钥库和信任库文件,以在 JBoss ESB 中部署的 HTTPRouter 操作中使用。我使用 openssl 检索感兴趣的证书,并使用以下命令生成密钥库文件和信任库文件:
keytool -import -alias ejb-ssl -file cert.der -keystore cert.truststore
keytool -import -alias ejb-ssl -file cert.der -keystore cert.keystore -trustcacerts
在生成密钥库和信任库文件之前,我将证书转换为 X509 格式,否则 keytool 实用程序将无法工作,返回异常,并显示消息“输入不是 x.509 证书”异常。为了转换兴趣证书,我使用以下命令:
openssl x509 -in cert.cer -outform DER -out cert.der
然后将这些文件复制到 ESB 的“esbcontent/META-INF”文件夹中。以下是我为 HTTPRouter 操作设置的属性
#Configurators
configurators=HttpProtocol
#HttpProtocol Config...
protocol-socket-factory=org.jboss.soa.esb.http.protocol.SelfSignedSSLProtocolSocketFactoryBuilder
keystore=/META-INF/keystore/cert.keystore
keystore-passw=password
truststore=/META-INF/truststore/cert.truststore
truststore-passw=password
当我部署 ESB 时,我收到以下错误:
Caused by: org.jboss.soa.esb.ConfigurationException: Invalid 'keystore' config. Must be valid URL.
查看从第三方 Web 服务检索的证书,所有 URL 看起来都正常。有谁知道为什么 JBoss 不接受生成的密钥库中的 URL?我开始为这件事撕心裂肺了!
另外,我一直在尝试使用 org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory 作为协议套接字工厂。使用此功能时,ESB 部署正常。但是,HTTPRouter 似乎没有将请求发送到第三方 Web 服务。我使用 SoapUI 建立 Web 服务没问题,所以我认为这是我的 HTTPRouter 操作配置的问题。
非常感谢您提供的任何帮助!
I am attempting to create a keystore and truststore file from a self-signed certificate, for use in a HTTPRouter action, deployed within a JBoss ESB. I used openssl to retrieve the certificate of interest and generated a keystore file and a truststore file with the following commands:
keytool -import -alias ejb-ssl -file cert.der -keystore cert.truststore
keytool -import -alias ejb-ssl -file cert.der -keystore cert.keystore -trustcacerts
Before generating the keystore and truststore files, I am converting the certificate to X509 format, otherwise the keytool utility does not work, returning an exception with the message 'input not an x.509 certificate' exception. To convert the certificate of interest, I am using the following command:
openssl x509 -in cert.cer -outform DER -out cert.der
I then copied these files into the my ESB's 'esbcontent/META-INF' folder. Below are the properties I am setting for the HTTPRouter action
#Configurators
configurators=HttpProtocol
#HttpProtocol Config...
protocol-socket-factory=org.jboss.soa.esb.http.protocol.SelfSignedSSLProtocolSocketFactoryBuilder
keystore=/META-INF/keystore/cert.keystore
keystore-passw=password
truststore=/META-INF/truststore/cert.truststore
truststore-passw=password
When I deploy the ESB I am getting the following error:
Caused by: org.jboss.soa.esb.ConfigurationException: Invalid 'keystore' config. Must be valid URL.
Looking at the certificate retrieved from the third party webservice, all URL's look OK. Does anyone have any idea why JBoss would not accept the URL in the generated keystore? I'm starting to tear my hair out on this one!
Also, I have been trying to use the org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory for the protocol-socket-factory. When using this, the ESB deploys OK. However, the HTTPRouter does not seem to send the request to the third party web service. I've used SoapUI to establish the web service is ok, so I think it's a problem with my configuration of the HTTPRouter action.
Any help offered is greatly appreaciated!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我花了很长时间才弄清楚,但解决方案非常简单。密钥库文件的路径必须是绝对路径。它不可能是相对的!因此,替换
为
解决了问题!
当想要在各种不同的环境(Windows 和 Ubuntu)中部署 ESB 时,使用此绝对路径保留属性文件并不总是合适。我使用 gradle 作为构建工具,因此我使用 ReplaceTokens 功能将密钥库令牌替换为所需的绝对路径。我想您还可以将密钥库文件复制到部署目录中,以便所有需要它的 ESB 都可以使用它。
希望这可以帮助遇到此问题的其他人。最后是一个简单的解决方案,但文档中没有任何地方提到使用绝对路径引用密钥库文件。但是,这样做解决了我的问题。
谢谢
This took me an awful long time to figure out, but the solution turned out to be very simple. The path to the keystore file must be absolute. It CANNOT BE RELATIVE! Therefore, replacing
with
Solved the problem!
Leaving the properties file with this absolute path isn't always suitable when wanting to deploy the ESB within various different environments (Windows and Ubuntu). I'm using gradle as my build tool, so I used the ReplaceTokens feature to replace the keystore token with the absolute path required. I suppose you could also copy the keystore file into the deploy directory so it's available for all ESB's who require it.
Hope this helps someone else who comes across this problem. Was a simple solution in the end, but there is no mention anywhere in the docs for the keystore file to be referenced with an absolute path. But, doing that fixed the issue for me.
Thanks