[英]how does tomcat know which certificaate to provide
I'm using tomcat server as a servlet container, I wanted the connections to this server to be secure "https" so I created a keystore, using the command keytool -genkey -keyalg RSA -keystore tomcat.jks
I filled the prompt questions and then generated a CSR from this key and signed it using another certificate, then I imported the signed certificate to my keystore, but after running the server, and check the certificate came to the browser, I find that it is the same as the privateKeyentry
in the keystore not the signed certificate, it even have the SHA1 finger print of the entry that matches the privatekeyentry
. 我正在使用tomcat服务器作为servlet容器,我希望与此服务器的连接是安全的“https”所以我创建了一个密钥库,使用命令
keytool -genkey -keyalg RSA -keystore tomcat.jks
我填写了提示问题和然后从这个密钥生成一个CSR并使用另一个证书签名,然后我将签名证书导入我的密钥库,但是在运行服务器后,检查证书是否来到浏览器,我发现它与privateKeyentry
相同密钥库不是签名证书,它甚至具有与privatekeyentry
匹配的条目的SHA1指纹。 my question is should the tomcat provide the signed certificate in this case? 我的问题是tomcat是否应该在这种情况下提供签名证书? and why it is providing the privatekeyentry when asked for a certificate, and what it will do if there is more than one certificate in the keystore file, and more than one private key entry?
以及为什么它在被要求提供证书时提供privatekeyentry,以及如果密钥库文件中有多个证书,以及多个私钥条目,它会怎么做?
You need to import the signed certificate using the same alias as when you generated the private/public key pair. 您需要使用与生成私钥/公钥对时相同的别名导入签名证书。 Otherwise the certificate isn't associated with the private key, which is required for SSL, and the original certificate-wrapper for the private key is used instead.
否则,证书不与SSL所需的私钥相关联,而是使用私钥的原始证书包装器。
I have multiple certificates in my tomcat keystore. 我的tomcat密钥库中有多个证书。 Each of my <Connector> elements in my server.xml refers to the same keystore but a different certificate.
我的server.xml中的每个<Connector>元素都引用相同的密钥库,但引用的是不同的证书。 When you import the certificate into the keystore, you should specify an alias for that entry and tell the connector which alias to use.
将证书导入密钥库时,应指定该条目的别名,并告知连接器使用哪个别名。
<Connector ... keyAlias="myalias" ... >
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.