我有2台服务器。 Server1是一个在Tomcat上安装了Alfresco 4.2的Ubuntu 12.04 LTS。 Server2是一个Windows 7与我的CAS服务器(SSO)在eclipse安装。 在前面都有apache和mod proxy AJP来协商SSL。
server1.tld上的Alfresco返回server2.tld上的CAS。 但是当我login时,server1上的Alfresco / tomcat返回一个exception:
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching server2.tld found 服务器1上的Vhost:
<VirtualHost *:80> ServerName server1.tld Redirect permanent / https://server1.tld/ </VirtualHost> <VirtualHost *:443> ServerName server1 ServerAdmin [email protected] DocumentRoot "/home/user/alfresco-4.2.e/" CustomLog /var/log/apache2/access.ged.log combined ErrorLog /var/log/apache2/errors.ged.log Header Always set Cache-Control "no-cache,no-store" Header Always set Pragma "no-cache" Header Always set Expires 0 RewriteEngine On ProxyPass / ajp://server1.tld:8039/ ProxyPassreverse / ajp://server1.tld:8039/ SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/ssl/certs/server1.tld.crt SSLCertificateKeyFile /etc/ssl/private/server1.tld.pem SSLCACertificateFile /etc/ssl/certs/ca.crt SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 </VirtualHost>
服务器2上的Vhost:
<VirtualHost *:80> ServerName server2.tld Redirect permanent / https://server2.tld </VirtualHost> <VirtualHost *:443> ServerName server2.tld ServerAdmin [email protected] DocumentRoot "C:\Users\user\eclipse\sso-cas\cas.web" CustomLog logs/access.cas.log combined ErrorLog logs/errors.cas.log Header Always set Cache-Control "no-cache,no-store" Header Always set Pragma "no-cache" Header Always set Expires 0 RewriteEngine On ProxyPass / ajp://server2.tld:8029/ ProxyPassreverse / ajp://server2.tld:8029/ SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile "C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\server2.tld.crt" SSLCertificateKeyFile "C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\server2.tld.pem" SSLCACertificateFile "C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\ca.crt" SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 </VirtualHost>
如何解决? 如果可能的话,在Alfresco没有任何代码更改。
编辑
也许问题是tomcat的server.xmlconfiguration? 目前在tomcat server1 server.xml上configuration:
<Connector port="8039" URIEncoding="UTF-8" protocol="AJP/1.3" redirectPort="8473" />
目前在tomcat server2 server.xml上configuration:
<Connector port="8029" protocol="AJP/1.3" redirectPort="8443"/>
我没有ssl属性,因为我认为apache和tomcat之间的通信是不安全的。 但是有什么不对吗?