别名“tomcat”不标识密钥条目

2q5ifsrm  于 2021-07-09  发布在  Java
关注(0)|答案(1)|浏览(481)

我已经通过使用openssl生成csr请求了一个证书。我有私钥文件。现在我想在tomcat中使用的密钥库中安装证书。我尝试了以下方法:
使用以下命令创建p12文件: openssl pkcs12 -export -in website_com.crt -inkey website_com.key -name tomcat -out website_com.p12 使用以下命令将其导入密钥库: keytool -importkeystore -deststorepass mypass -destkeystore somename.jks -srckeystore website_com.p12 -srcstoretype PKCS12 导入成功,在somename.jks中创建了tomcat别名。ssl端口的tomcat连接器:

< Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" URIEncoding="UTF-8">
    <!--    <SSLHostConfig sslProtocol="TLS" sslEnabledProtocols="TLSv1.2"  -->    
        <SSLHostConfig protocols="TLSv1.3"
            ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, 
            TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
            TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
            TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
            TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
            TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
            TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
            TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384,
            TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
            TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
            TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSVF">
            <Certificate certificateKeystoreFile="D:\apache-tomcat-9.0.37\conf\somename.jks"
                         certificateKeystorePassword="mypass"
                         certificateKeyAlias="tomcat"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>

终端窗口截图

知道我做错什么了吗?
p、 无法生成新的csr并请求新的证书

Javasslweb-servicestomcatKeytool

1条答案

按热度按时间
agyaoht7

agyaoht71#

我通过使用第一步中生成的p12文件而不是.jks文件来解决这个问题。

< Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" URIEncoding="UTF-8">
        <SSLHostConfig protocols="TLSv1.3"
            <Certificate certificateKeystoreFile="D:\apache-tomcat-9.0.37\conf\somename.p12"
                         CertificateKeystorePassword="mypass"
                         certificateKeystoreType="PKCS12"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>
赞(0)分享  回复(0)举报  2021-07-09
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com