堆栈内存溢出
  简体   繁体   English

如何为tomcat密钥库安装SSL证书

[英]How to install SSL Certs for tomcat keystore

 原文  2014-02-06 17:44:11       java/ apache/ tomcat/ ssl/ https

问题描述

I am trying to setup SSL for tomcat. 我正在尝试为tomcat设置SSL。 Following the below linked instructions, I ran the command: 按照以下链接的说明,我运行了命令: 

keytool -genkey -alias alias_name -keyalg RSA -keystore keystore_name -keysize 2048

Instructions: https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&actp=CROSSLINK&id=AR227 说明: https : //knowledge.verisign.com/support/ssl-certificates-support/index?page=content&actp=CROSSLINK&id=AR227

That generated the tomcat.keystore file. 那生成了tomcat.keystore文件。 I generated the csr file using the above instructions as well and used it to request a SSL certificate from godaddy. 我也使用上述说明生成了csr文件,并使用它从godaddy请求了SSL证书。 They generated the .crt files and I downloaded them. 他们生成了.crt文件,我下载了它们。 I then tried to import them using: 然后,我尝试使用以下命令导入它们:

http://www.sslshopper.com/tomcat-ssl-installation-instructions.html http://www.sslshopper.com/tomcat-ssl-installation-instructions.html 

keytool -import -trustcacerts -alias (root/intermediate/tomcat) -file (root.crt, intermediate.crt, primary.crt) -keystore tomcat.keystore

I notice in the ssl installation instructions they specify "-keystore keystore.key", as opposed to the "tomcat.keystore" file I specify. 我在ssl安装说明中注意到,它们指定的是“ -keystore keystore.key”,而不是我指定的“ tomcat.keystore”文件。 Where do I get the .key file or will the .keystore file work the same? 我在哪里可以获取.key文件,或者.keystore文件可以正常工作? I import the .crt files, but the ssl cert doesn't get updated. 我导入了.crt文件,但ssl证书没有更新。 It still shows as an unverified cert that expires in 3 months opposed to the 2 years that the godaddy ssl cert is valid for. 它仍然显示为未经验证的证书,该证书在3个月后过期,而不是godaddy ssl证书的有效期为2年。 Any ideas on why the imports would not work properly? 关于为什么进口不能正常工作的任何想法? The server is running CentOS 6.5 and Tomcat version 7.0.50 if that has any bearing. 服务器正在运行CentOS 6.5和Tomcat版本7.0.50(如果有影响的话)。

1 个解决方案

解决方案1
 0 已采纳  2014-02-06 18:10:27

After doing some more digging, it turns out the problem I was having was that for the import of the Primary cert, the alias name provided must be exactly the same as the one used when generating the csr. 经过更多的挖掘之后,事实证明我遇到的问题是,对于导入主证书,提供的别名必须与生成csr时使用的别名完全相同。 I imported the certs again using the correct alias name and now the cert is recognized properly. 我使用正确的别名再次导入了证书,现在可以正确识别证书了。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Tomcat如何处理密钥库中的多个SSL证书? - How does Tomcat handle multiple SSL certs in the keystore? Tomcat和SSL:无效的密钥库格式 - Tomcat and SSL: invalid keystore format 从标准apache ssl certs生成java密钥库(用于jetty) - Generate a java keystore (for jetty) from standard apache ssl certs 如何查看由keytool导入的密钥库中的导入证书? - How to view imported certs in keystore imported by keytool? Java SSL 握手错误 - Tomcat 密钥库 - Java SSL handshake error - Tomcat keystore Tomcat SSL不同的密钥库和密钥密码 - Tomcat SSL Different Keystore and Key password 使用 Tomcat 的密钥库在 Tomcat 中进行 SSL 客户端调用 - Make SSL client call in Tomcat using Tomcat's keystore 如何为嵌入式证书指定JVM SSL参数? - How to specify JVM SSL arguments for embedded certs? 使用证书.cer在Tomcat上安装SSL - Install SSL on Tomcat with certificate .cer 在Tomcat中安装更新的SSL证书 - Install a renewed SSL certificate in Tomcat
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM