[英]IIS Certificate on apache VFS2 cannot recover KEY SSL
I'm building an app using VFS2 to communicate throught FTPS on a IIS server.我正在构建一个应用程序,使用 VFS2 在 IIS 服务器上通过 FTPS 进行通信。
For testing purpose I've created a self signed certificate on IIS server.出于测试目的,我在 IIS 服务器上创建了一个自签名证书。 For now, I can connect through Winscp and FileZilla.
目前,我可以通过 Winscp 和 FileZilla 进行连接。
Then I exported the private key and certificate from IIS然后我从 IIS 导出了私钥和证书
Then然后
Created a brand new JKS KeyStore with KeyStore explorer with the same password as the key .使用与密钥相同的密码,使用 KeyStore explorer 创建了一个全新的 JKS KeyStore。
Imported the key into the keystore with the same password as the store使用与存储相同的密码将密钥导入密钥库
Now, with VFS2 when i'm trying to make a FTPS connection, I've got an exception:现在,当我尝试建立 FTPS 连接时,使用 VFS2,我遇到了一个例外:
UnrecoverableKeyException: Cannot recover key
UnrecoverableKeyException:无法恢复密钥
Which as the internet says, an exception that occurs when keystore and key password aren't the same.正如互联网所说,当密钥库和密钥密码不同时会发生异常。 I've checked and recreated stores and key 200 times, and the password are the same.
我已经检查并重新创建了商店和密钥 200 次,并且密码是相同的。
Did I do something wrong in all that process?我在整个过程中做错了什么吗?
Instead of exporting the certificate from iis try to export the certificate from the certificate store:不要从 iis 导出证书,而是尝试从证书存储中导出证书:
Next run openssl to extract the private key, and the cert file.接下来运行 openssl 以提取私钥和证书文件。
Extract the private key:提取私钥:
Export the private key file from the.PFX file.从 .PFX 文件中导出私钥文件。
openssl pkcs12 -in filename.pfx -nocerts -out key.pem
Extract the certificate file:提取证书文件:
Export the certificate file from the.PFX file.从 .PFX 文件中导出证书文件。
openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem
Remove the passphrase:删除密码:
This command removes the passphrase from the private key so Apache won't prompt you for your passphase when it starts.此命令从私钥中删除密码,因此 Apache 在启动时不会提示您输入密码。
openssl rsa -in key.pem -out server.key
Make sure that the following lines are present in your apache virtual host configuration file and they are correct:确保 apache 虚拟主机配置文件中存在以下行并且它们是正确的:
SSLEngine on
SSLOptions +StrictRequire
SSLCertificateFile /path/to/certificate/cert.pem
SSLCertificateKeyFile /patch/to/key/server.key
Restart the apache server after doing all the configuration changes.完成所有配置更改后重新启动 apache 服务器。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.