WSO2是:更改HTTPS证书
我是WSO2配置方面的新手,也是HTTPS证书工作方式方面的新手,所以请耐心听我说 我正在尝试更改WSO2中HTTPS连接的证书。在没有任何配置的情况下,WSO2返回一个DNWSO2是:更改HTTPS证书,https,wso2,ssl-certificate,Https,Wso2,Ssl Certificate,我是WSO2配置方面的新手,也是HTTPS证书工作方式方面的新手,所以请耐心听我说 我正在尝试更改WSO2中HTTPS连接的证书。在没有任何配置的情况下,WSO2返回一个DNCN=localhost、O=WSO2、L=Mountain View、ST=CA、C=US的证书。我正试图用我自己的证书,按照来自的说明更改此设置 我已经在密钥库中导入了我的证书,并按照本文所述更改了配置。一个显著的区别是我找不到${carbon.home}/repository/conf/mgt transports.x
CN=localhost、O=WSO2、L=Mountain View、ST=CA、C=US的证书。我正试图用我自己的证书,按照来自的说明更改此设置
我已经在密钥库中导入了我的证书,并按照本文所述更改了配置。一个显著的区别是我找不到${carbon.home}/repository/conf/mgt transports.xml
执行此操作后,连接到IS服务器管理服务将返回“localhost”证书,而不是导入的证书
repository/conf/carbon.xml
<KeyStore>
<!-- Keystore file location-->
<Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
<!-- Keystore type (JKS/PKCS12 etc.)-->
<Type>JKS</Type>
<!-- Keystore password-->
<Password>wso2carbon</Password>
<!-- Private Key alias-->
<KeyAlias>testcert</KeyAlias>
<!-- Private Key password-->
<KeyPassword>wso2carbon</KeyPassword>
</KeyStore>
<!--
Encrypt Decrypt Store will be used for encrypting and decrypting
-->
<RegistryKeyStore>
<!-- Keystore file location-->
<Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
<!-- Keystore type (JKS/PKCS12 etc.)-->
<Type>JKS</Type>
<!-- Keystore password-->
<Password>wso2carbon</Password>
<!-- Private Key alias-->
<KeyAlias>testcert</KeyAlias>
<!-- Private Key password-->
<KeyPassword>wso2carbon</KeyPassword>
</RegistryKeyStore>
${carbon.home}/repository/resources/security/wso2carbon.jks
JKS
WSO2碳
测试证书
WSO2碳
${carbon.home}/repository/resources/security/wso2carbon.jks
JKS
WSO2碳
测试证书
WSO2碳
步骤1:使用私钥和公钥(密钥对)创建新密钥库。
在/repository/resources/security/directory内。默认密钥库(wso2carbon.jks)和信任库(client truststore.jks)将存储在这里
•使用java密钥工具(包含在标准jdk中)创建包含密钥对的密钥库,并将其保存为jks文件。密钥库包含此服务器的密钥对(公钥和私钥)
•密钥库/密钥对应具有以下属性:
KeystoreType = JKS,
KeyPairAlgorithm = RSA,
Size = 2048 bits
SignatureAlgorithm = SHA-256 WITH RSA
Password (Must be exactly the same as the keystore password)
Name(Subject): The CN(Common Name) of the key-pair should be the server’s hostname upon which the IS will be deployed (if you intend to use it as the key manager for api manager)
Extensions:
Key usage : Digital Signature , Key Encipherment , Data Encipherment , on Repudian
Subject Alternate name : IP address = IP address of this server
步骤2:将证书链从步骤1中创建的密钥库导入信任库
创建具有相同属性的新信任存储
•将证书从密钥库(步骤1)导出到信任库
步骤3:按如下所示更改配置文件,以反映刚刚创建的新密钥库和信任库
更改以下文件(在/repository/conf/中)中的相应值:
或多或少,只要在文件中搜索“jks”
删除旧密钥库
步骤4:重新启动
File Line number/s
identity.xml 180
carbon.xml 310
326
343
axis2/axis2_pt.xml 272
280
396
404
axis2/axis2.xml 272
280
396
404
axis2/axis2_nhttp.xml 278
286
405
413
security/secret-conf.properties 21
30
sec.policy 1