Wso2 SSL证书安装失败
我在APIM上安装了官方SSL证书。现在碳网应用程序无法加载。catalina-server.xml可能有问题吗?所有xml都配置了新的密钥库和密码 启动时wso2carbon.log中的唯一错误:Wso2 SSL证书安装失败,wso2,wso2carbon,wso2-am,Wso2,Wso2carbon,Wso2 Am,我在APIM上安装了官方SSL证书。现在碳网应用程序无法加载。catalina-server.xml可能有问题吗?所有xml都配置了新的密钥库和密码 启动时wso2carbon.log中的唯一错误: TID: [-1] [] [2016-05-10 08:52:45,170] ERROR {org.wso2.carbon.tomcat.ext.internal.CarbonTomcatServiceComponent} - Error while adding the carbon web-a
TID: [-1] [] [2016-05-10 08:52:45,170] ERROR {org.wso2.carbon.tomcat.ext.internal.CarbonTomcatServiceComponent} - Error while adding the carbon web-app {org.wso2.carbon.tomcat.ext.internal.CarbonTomcatServiceComponent}
org.wso2.carbon.tomcat.CarbonTomcatException: Webapp failed to deploy
at org.wso2.carbon.tomcat.internal.CarbonTomcat.addWebApp(CarbonTomcat.java:302)
at org.wso2.carbon.tomcat.internal.CarbonTomcat.addWebApp(CarbonTomcat.java:185)
at org.wso2.carbon.tomcat.ext.internal.CarbonTomcatServiceComponent.activate(CarbonTomcatServiceComponent.java:59)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.eclipse.equinox.internal.ds.model.ServiceComponent.activate(ServiceComponent.java:260)
at org.eclipse.equinox.internal.ds.model.ServiceComponentProp.activate(ServiceComponentProp.java:146)
at org.eclipse.equinox.internal.ds.model.ServiceComponentProp.build(ServiceComponentProp.java:345)
at org.eclipse.equinox.internal.ds.InstanceProcess.buildComponent(InstanceProcess.java:620)
at org.eclipse.equinox.internal.ds.InstanceProcess.buildComponents(InstanceProcess.java:197)
at org.eclipse.equinox.internal.ds.Resolver.buildNewlySatisfied(Resolver.java:473)
at org.eclipse.equinox.internal.ds.Resolver.enableComponents(Resolver.java:217)
at org.eclipse.equinox.internal.ds.SCRManager.performWork(SCRManager.java:816)
at org.eclipse.equinox.internal.ds.SCRManager$QueuedJob.dispatch(SCRManager.java:783)
at org.eclipse.equinox.internal.ds.WorkThread.run(WorkThread.java:89)
at org.eclipse.equinox.internal.util.impl.tpt.threadpool.Executor.run(Executor.java:70)
Caused by: java.lang.NullPointerException
at org.wso2.carbon.tomcat.internal.CarbonTomcat.addWebApp(CarbonTomcat.java:233)
... 17 more
我刚刚花了两天时间使用一个公共的let's encrypt证书来完成这项工作。
此过程是在wso2am-2.2.0.zip版本上完成的,它可能无法在其他版本上工作
我在/opt/wso2中安装了它 以下是我所做的: 这些是我的变量,现有的jks路径,它是关键
jks_location="/opt/tomcat/conf/tomcat.jks" jks_password="changeit" key_password="changeit" jks_alias=tomcat server_name="your public server name"
我替换了一些证书值,但不是与客户机信任存储有关的证书值
grep -R wso2carbon.jks /opt/wso2/ | cut -d ':' -f1 | grep "\.xml$" | grep -v -e ".b$" -e logs -e migration -e "\.db" | sort -u | while read file ; do awk '{if(/<\/[Kk]eyStore/ && q==0 && p==1){print "<KeyAlias>'$jks_alias'</KeyAlias>"}
if(/<\/[Kk]eyStore>/ || /<\/dataBridgeConfiguration>/ ){p=0;q=0}if($1~/<[Kk]eyStore/ || /<\/dataBridgeConfiguration>/ ){p=1}
if(/<KeyAlias/ && p==1){q=1}
if(p==1 && /<Password>/){
print " <Password>'$jks_password'</Password>"
} else if (p==1 && /<password/){
print " <password>'$jks_password'</password>"
} else if (p==1 && /<keyStorePassword/){
print " <keyStorePassword>'$jks_password'</keyStorePassword>"
} else if (p==1 && /<KeyPassword/){
print " <KeyPassword>'$key_password'</KeyPassword>"
} else if (p==1 && /<KeyAlias/){
print " <KeyAlias>'$jks_alias'</KeyAlias>"
} else if (p==1 && /<Location/){
print " <Location>'$jks_location'</Location>"
} else if (p==1 && /<location/){
print " <location>'$jks_location'</location>"
} else if (p==1 && /<keyStoreLocation/){
print " <keyStoreLocation>'$jks_location'</keyStoreLocation>"
} else if (/keystoreFile=.*wso2carbon.jks/){
print " keystoreFile=\"'$jks_location'\""
} else if (/keystorePass="wso2carbon"/){
print " keystorePass=\"'$jks_password'\""
} else if (/<parameter name="wss.ssl.key.store.file">/){
print " <parameter name=\"wss.ssl.key.store.file\">'$jks_location'</parameter>"
} else if (/<parameter name="wss.ssl.key.store.pass"/){
print " <parameter name=\"wss.ssl.key.store.pass\">'$jks_password'</parameter>"
}
else {print}
}' $file > "$file".t ; echo "$file" ; cp -a "$file".t "$file" ; done
sed -i '/<ServerURL>local/a<!-- Manual add-->\n <HostName>'$server_name'<\/HostName>\n <MgtHostName>'$server_name'<\/MgtHostName>' /opt/wso2/repository/conf/carbon.xml
grep -i -R "https://localhost:" /opt/wso2/ | grep -v '\.log' | cut -d ':' -f1 | sort -u | grep -v '\.t$' | xargs -I file sed -i -e 's|https://localhost:|https://'$server_name:'|g' file
例如,密码标记只能在密钥库标记内更改
希望对您有所帮助您使用的是哪一版本的API Manager?我使用的是最新版本1.10.0您是否已将catalineserver.xml指向新的密钥库?
keytool -import -alias lets_encrypt_root -file your-root-file.pem -keystore /opt/wso2/repository/resources/security/client-truststore.jks -storePass wso2carbon
grep -i -R "https://localhost:" /opt/wso2/ | grep -v '\.log' | cut -d ':' -f1 | sort -u | grep -v '\.t$' | xargs -I file sed -i -e 's|https://localhost:|https://'$server_name:'|g' file