堆栈内存溢出
  简体   繁体   English

未检测到Thawte SSL免费证书-Jetty服务器

[英]Thawte SSL free Certificate not detected - jetty server

 原文  2014-11-13 16:16:19       java/ ssl/ jetty-9

问题描述


I generated the keystore : 我生成了密钥库:
keytool -genkeypair -alias jetty -keyalg RSA -validity 30 -keystore keystore.jks keytool -genkeypair -alias jetty -keyalg RSA -validity 30 -keystore keystore.jks
I generated a CSR : 我生成了一个CSR:
keytool -certreq -alias jetty -file certreq.csr -keystore keystore.jks keytool -certreq -alias jetty-文件certreq.csr -keystore keystore.jks
then I use this CSR to get a free SSL certificate, after that they send 3 certificates, which I added to my keystore : 然后我使用此CSR获取免费的SSL证书,然后它们发送3个证书,并将其添加到我的密钥库中:

keytool -import -trustcacerts -alias root -file root.cer -keystore myKeystore keytool-导入-trustcacerts-别名root-文件root.cer -keystore myKeystore

keytool -import -trustcacerts -alias intermediate-file intermediate.cer -keystore myKeystore keytool -import -trustcacerts -alias中间文件middle.cer -keystore myKeystore

keytool -import -trustcacerts -alias trial -file trial.cer -keystore myKeystore keytool-导入-trustcacerts-别名测试-文件trial.cer -keystore myKeystore

I use jetty 9 so here's the config for it in jetty-ssl.xml : 我使用jetty 9,所以这是jetty-ssl.xml中的配置: 

   <Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
  <Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.keystore" default="etc/keystore"/></Set>
  <Set name="KeyStorePassword"><Property name="jetty.keystore.password" default="ironhide"/></Set>
  <Set name="KeyManagerPassword"><Property name="jetty.keymanager.password" default="ironhide"/></Set>
  <Set name="TrustStorePassword"><Property name="jetty.truststore.password" default="ironhide"/></Set>

But when I restart the server, it still shows as it is self-signed with https on the browser with red X mark 但是当我重新启动服务器时,它仍然显示为浏览器上带有红色X标记的 https自签名

here's the keystore: 这是密钥库:

Keystore type: JKS Keystore provider: SUN 密钥库类型:JKS密钥库提供者:SUN

Your keystore contains 4 entries 您的密钥库包含4个条目

root, Nov 16, 2014, trustedCertEntry, Certificate fingerprint (SHA1): 51:51:B8:63:8A:4C:1F:15:54:56:ED:37:C9:10:35:CA: D3:01:B9:36 根,2014年11月16日,trustedCertEntry,证书指纹(SHA1):51:51:B8:63:8A:4C:1F:15:54:56:ED:37:C9:10:3​​5:CA:D3:01 :B9:36
intermediate, Nov 16, 2014, trustedCertEntry, Certificate fingerprint (SHA1): BE:D1:D1:4E:25:A7:94:36:83:9E:4B:A7:CD:84:48:96: B7:0A:7F:B0 中级,2014年11月16日,trustCertEntry,证书指纹(SHA1):BE:D1:D1:4E:25:A7:94:36:83:9E:4B:A7:CD:84:48:96:B7:0A :7F:B0
trial, Nov 16, 2014, trustedCertEntry, Certificate fingerprint (SHA1): DF:A1:52:F0:60:31:4C:DB:0C:61:3D:CA:C4:A6:85:FE: D4:4C:CD:04 试用,2014年11月16日,trustCertEntry,证书指纹(SHA1):DF:A1:52:F0:60:31:4C:DB:0C:61:3D:CA:C4:A6:85:FE:D4:4C :CD:04
getlinked, Nov 14, 2014, PrivateKeyEntry, Certificate fingerprint (SHA1): 2C:82:F7:E8:09:C2:7D:7C:71:9E:86:C0:EC:85:22:AE: 20:7D:43:14 getlinked,2014年11月14日,PrivateKeyEntry,证书指纹(SHA1):2C:82:F7:E8:09:C2:7D:7C:71:9E:86:C0:EC:85:22:AE:20:7D :43:14

2 个解决方案

解决方案1
 0  2014-11-13 16:41:14

Assuming your alias, when you generated the private key + CSR was "getlinked", the signed certificate file is trial.cer (PEM encoded), and that the intermediate certificate from the CA is intermediate.cer (PEM encoded). 假设您使用别名,则当您生成私钥+ CSR时,它被“获取链接”,签名的证书文件为trial.cer(PEM编码),而来自CA的中间证书为middle.cer(PEM编码)。

If your certificate is just the certificate only, you may need to "chain" the certificate by concatenating the intermediate certificate to it. 如果您的证书仅是证书,则可能需要通过将中间证书串联到证书来“链接”证书。

Unix: Unix: 

cat trial.cer intermediate.cer > chained.cer

Windows: 视窗: 

copy /b trial.cer+intermediate.cer chained.cer

Then, based on the alias used to generate the CSR 然后,基于用于生成CSR的别名 

keytool -import -alias getlinked -file chained.cer -keystore myKeystore

Add a set for the Alias property. 为Alias属性添加一个集合。 

<Set name="CertAlias">getlinked</Set>

解决方案2
 0  2014-11-20 10:58:46

Okey guys, I solved the problem, so the issue is that the "MYDOMAIN" certificate should have the same alias as the private key in the keystore, Okey,我解决了这个问题,所以问题是“ MYDOMAIN”证书应与密钥库中的私钥具有相同的别名,
keytool -genkeypair -alias jetty -keyalg RSA -validity 30 -keystore keystore.jks keytool -genkeypair -alias jetty -keyalg RSA -validity 30 -keystore keystore.jks
keytool -import -trustcacerts -alias jetty -file trial.cer -keystore myKeystore keytool-导入-trustcacerts-别名码头-文件trial.cer -keystore myKeystore

this worked for me, I tried it with a bought certificate and it's all good. 这对我有用,我用买来的证书尝试了,一切都很好。

thank you guys for your help. 谢谢你们的帮助。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Tomcat试用Thawte证书 - Tomcat trial Thawte certificate Jetty需要URL的SSL客户端证书 - Jetty require SSL client certificate by URL Thawte的Glassfish 4.0 SSL证书 - Glassfish 4.0 SSL cert from Thawte Jetty 9 托管具有多个 SSL 证书的多个虚拟主机 - Jetty 9 hosting multiple virtual host with multiple SSL certificate Okhttp android Websocket和Jetty服务器与SSL的连接 - Okhttp android Websocket and Jetty Server connection with SSL 使用pfx文件在Jetty服务器中配置SSL - Configure SSL in jetty server using pfx file 具有多个SSL证书的Java服务器 - Java Server with Multiple SSL Certificate 无法在Firefox 50上通过SSL连接到Jetty 9服务器 - Can't connect to Jetty 9 server via SSL with Firefox 50 Java SSL服务器不接受中间证书链 - Java SSL server not accepting intermediate certificate chain 在证书的帮助下使用SSL套接字连接到服务器 - Connect to Server using SSL Socket with the help of certificate
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM