Nginx 開啟了 SSL 雙向驗(yàn)證, weblogic 也開啟了雙向驗(yàn)證。瀏覽器訪問 Nginx�����、Nginx 訪問 webogic 都需要證書����,Nginx 配置如下:
server {
error_log logs/info.log info;
listen 9105 ssl default_server;
server_name 192.168.7.163;
#證書文件
ssl_certificate C:/OpenSSL/bin/server/server-cert.pem;
#私鑰文件
ssl_certificate_key C:/OpenSSL/bin/server/server-key.pem;
# 開啟 ssl 雙向認(rèn)證
#ssl_client_certificate C:/OpenSSL/bin/test/ca-cert.pem;
ssl_client_certificate C:/OpenSSL/bin/ca/ca-cert.pem;
ssl_verify_client on;
ssl_prefer_server_ciphers on;
#設(shè)置長連接
keepalive_timeout 70;
location /portal1 {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_ssl_certificate C:/OpenSSL/bin/test/user-cert.pem;
proxy_ssl_certificate_key C:/OpenSSL/bin/test/user-key.pem;
proxy_set_header X-Forwarded-Proto https;
proxy_ssl_protocols TLSv1 SSLv3;
proxy_http_version 1.1;
proxy_ssl_ciphers DEFAULT:!DH;
proxy_ssl_server_name on;
proxy_ssl_session_reuse off;
proxy_set_header X-SSL-Client-Cert $ssl_client_cert;
proxy_set_header Client-Cert $ssl_client_cert;
proxy_pass https://192.168.7.163:20021/portal;
}
目前問題是:weblogic 端怎樣獲取瀏覽器訪問 nginx 的證書而不是 Nginx 反向代理 weblogic 時(shí)通過如下配置配置的固定的證書
proxy_ssl_certificate C:/OpenSSL/bin/test/user-cert.pem;
proxy_ssl_certificate_key C:/OpenSSL/bin/test/user-key.pem;
java 中獲取證書代碼如下, 這段代碼獲取的始終是 Nginx 反向代理配置的證書而不是瀏覽器訪問 Nginx 的證書:
X509Certificate[] certs=(X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
