堆栈内存溢出
  简体   繁体   English

tomcat如何知道提供哪种证书

[英]how does tomcat know which certificaate to provide

 原文  2015-04-29 19:35:16       java/ tomcat/ ssl/ keytool

问题描述

I'm using tomcat server as a servlet container, I wanted the connections to this server to be secure "https" so I created a keystore, using the command keytool -genkey -keyalg RSA -keystore tomcat.jks I filled the prompt questions and then generated a CSR from this key and signed it using another certificate, then I imported the signed certificate to my keystore, but after running the server, and check the certificate came to the browser, I find that it is the same as the privateKeyentry in the keystore not the signed certificate, it even have the SHA1 finger print of the entry that matches the privatekeyentry . 我正在使用tomcat服务器作为servlet容器,我希望与此服务器的连接是安全的“https”所以我创建了一个密钥库,使用命令keytool -genkey -keyalg RSA -keystore tomcat.jks我填写了提示问题和然后从这个密钥生成一个CSR并使用另一个证书签名,然后我将签名证书导入我的密钥库,但是在运行服务器后,检查证书是否来到浏览器,我发现它与privateKeyentry相同密钥库不是签名证书,它甚至具有与privatekeyentry匹配的条目的SHA1指纹。 my question is should the tomcat provide the signed certificate in this case? 我的问题是tomcat是否应该在这种情况下提供签名证书? and why it is providing the privatekeyentry when asked for a certificate, and what it will do if there is more than one certificate in the keystore file, and more than one private key entry? 以及为什么它在被要求提供证书时提供privatekeyentry,以及如果密钥库文件中有多个证书,以及多个私钥条目,它会怎么做?

2 个解决方案

解决方案1
 2 已采纳  2015-04-29 22:48:21

You need to import the signed certificate using the same alias as when you generated the private/public key pair. 您需要使用与生成私钥/公钥对时相同的别名导入签名证书。 Otherwise the certificate isn't associated with the private key, which is required for SSL, and the original certificate-wrapper for the private key is used instead. 否则,证书不与SSL所需的私钥相关联,而是使用私钥的原始证书包装器。

解决方案2
 1  2015-04-29 20:14:07

I have multiple certificates in my tomcat keystore. 我的tomcat密钥库中有多个证书。 Each of my <Connector> elements in my server.xml refers to the same keystore but a different certificate. 我的server.xml中的每个<Connector>元素都引用相同的密钥库,但引用的是不同的证书。 When you import the certificate into the keystore, you should specify an alias for that entry and tell the connector which alias to use. 将证书导入密钥库时,应指定该条目的别名,并告知连接器使用哪个别名。 

<Connector ... keyAlias="myalias" ... >

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Tomcat 如何知道选择哪个 jar 来运行 servlet? - How does Tomcat know which jar to choose for running a servlet? 如何知道spring boot中嵌入了哪个tomcat版本 - How to know which tomcat version embedded in spring boot 实现BeanFactoryAware? 它如何知道使用哪个beanFactory? - BeanFactoryAware?? How does it know which beanFactory to use? BufferedReader如何知道要读取哪个文件? - How does the BufferedReader know which file to read? JUnit如何知道要测试哪个类? - How does JUnit know which class to be tested? 方法如何知道要处理哪个对象? - How does a method know which object to work on? keytool如何知道要使用哪个CA - how does keytool know which CA to use 如何知道页面是否在Tomcat中受到保护 - How to know if a page is protected in tomcat 如何在Tomcat中为Web应用程序提供上下文配置? - How to provide a context configuration for a web application in Tomcat? Tomcat 支持哪些技术? - Which technologies does Tomcat support?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM