use*_*450 3 ssl jboss keystore wildfly
我在JBoss Wildfly 8.1中配置了SSL.我已生成密钥库文件并更新了standaolne.xml文件,如下所示
<security-realm name="security-realm">
<server-identities>
<ssl>
<keystore path="security/keystore.jks" relative-to="jboss.server.config.dir" keystore-password="changeit" key-password=" changeit"/>
</ssl>
</server-identities>
</security-realm>
密钥库密码和密钥密码以明文形式显示.我们无法以明文形式显示它.我想加密密码.我尝试了很多,但在这方面无法提供可靠的帮助.所以任何机构都可以帮助我如何加密这个密码以及如何在sandalone.xml文件中使用它.
您可以使用VaultTool屏蔽WildFly的密码.
WildFly Application Server中使用的VaultTool用于为安全属性(例如密码)创建/使用存储,稍后可以在屏蔽形式的WildFly配置文件中使用这些属性.
因此,用户可以使用对其安全属性的引用,而不是将它们以明文形式放入配置文件中.
首先,您需要创建一个Java Keystore来存储敏感字符串.
$ keytool -genseckey -alias vault -storetype jceks -keyalg AES -keysize 128 -storepass vault22 -keypass vault22 -validity 730 -keystore WILDFLY_HOME/vault/vault.keystore
然后初始化密码库并存储ssl密钥库的密码:
wildfly-8.1.0.Final/bin$ sh vault.sh
=========================================================================
JBoss Vault Tool
JBOSS_HOME: "wildfly-8.1.0.Final"
JAVA: ""
JAVA_OPTS: ""
=========================================================================
**********************************
**** JBoss Vault ***************
**********************************
Please enter a Digit:: 0: Start Interactive Session 1: Remove Interactive Session 2: Exit
0
Starting an interactive session
Enter directory to store encrypted files:/home/fsierra/vault/
Enter Keystore URL:home/fsierra/vault/vault.keystore
Enter Keystore password:
Enter Keystore password again:
Values match
Enter 8 character salt:12345678
Enter iteration count as a number (e.g.: 44):17
Enter Keystore Alias:Vault
Initializing Vault
ene 13, 2015 12:42:48 PM org.picketbox.plugins.vault.PicketBoxSecurityVault init
INFO: PBOX000361: Default Security Vault Implementation Initialized and Ready
Vault Configuration in WildFly configuration file:
********************************************
...
</extensions>
<vault>
<vault-option name="KEYSTORE_URL" value="/home/fsierra/vault/vault.keystore"/>
<vault-option name="KEYSTORE_PASSWORD" value="MASK-49SI2WfwF1X"/>
<vault-option name="KEYSTORE_ALIAS" value="Vault"/>
<vault-option name="SALT" value="12345678"/>
<vault-option name="ITERATION_COUNT" value="17"/>
<vault-option name="ENC_FILE_DIR" value="/home/fsierra/vault/"/>
</vault><management> ...
********************************************
Vault is initialized and ready for use
Handshake with Vault complete
Please enter a Digit:: 0: Store a secured attribute 1: Check whether a secured attribute exists 2: Exit
0
Task: Store a secured attribute
Please enter secured attribute value (such as password):
Please enter secured attribute value (such as password) again:
Values match
Enter Vault Block:keystore
Enter Attribute Name:password
Secured attribute value has been stored in Vault.
Please make note of the following:
********************************************
Vault Block:keystore
Attribute Name:password
Configuration should be done as follows:
VAULT::keystore::password::1
********************************************
Please enter a Digit:: 0: Store a secured attribute 1: Check whether a secured attribute exists 2: Exit
最后,密码存储密码已被屏蔽,以便在配置文件和部署中使用.
例如(standalone.xml):
<extensions>
...
</extensions>
<vault>
<vault-option name="KEYSTORE_URL" value="/home/fsierra/vault/vault.keystore"/>
<vault-option name="KEYSTORE_PASSWORD" value="MASK-49SI2WfwF1X"/>
<vault-option name="KEYSTORE_ALIAS" value="Vault"/>
<vault-option name="SALT" value="12345678"/>
<vault-option name="ITERATION_COUNT" value="17"/>
<vault-option name="ENC_FILE_DIR" value="/home/fsierra/vault/"/>
</vault>
<management>
<security-realms>
...
<security-realm name="SslRealm">
<server-identities>
<ssl>
<keystore path="ssl.jks" relative-to="jboss.server.config.dir" keystore-password="${VAULT::keystore::password::1}"/>
</ssl>
</server-identities>
</security-realm>
</security-realms>
</management>
参考文献:
| 归档时间: |
|
| 查看次数: |
4669 次 |
| 最近记录: |