IIS apache VFS2 上的证书无法恢复 KEY SSL
[英]IIS Certificate on apache VFS2 cannot recover KEY SSL
问题描述
I'm building an app using VFS2 to communicate throught FTPS on a IIS server.
我正在构建一个应用程序,使用 VFS2 在 IIS 服务器上通过 FTPS 进行通信。
For testing purpose I've created a self signed certificate on IIS server.出于测试目的,我在 IIS 服务器上创建了一个自签名证书。 For now, I can connect through Winscp and FileZilla.目前,我可以通过 Winscp 和 FileZilla 进行连接。
Then I exported the private key and certificate from IIS然后我从 IIS 导出了私钥和证书
- Right click on certificate右键单击证书
- Yes I want to export private KEY是的,我想导出私钥
- Set a password and export to PFX file.设置密码并导出到 PFX 文件。
Then然后
Created a brand new JKS KeyStore with KeyStore explorer with the same password as the key .
使用与密钥相同的密码,使用 KeyStore explorer 创建了一个全新的 JKS KeyStore。Imported the key into the keystore with the same password as the store
使用与存储相同的密码将密钥导入密钥库
Now, with VFS2 when i'm trying to make a FTPS connection, I've got an exception:现在,当我尝试建立 FTPS 连接时,使用 VFS2,我遇到了一个例外:
UnrecoverableKeyException: Cannot recover key
Which as the internet says, an exception that occurs when keystore and key password aren't the same.正如互联网所说,当密钥库和密钥密码不同时会发生异常。 I've checked and recreated stores and key 200 times, and the password are the same.我已经检查并重新创建了商店和密钥 200 次,并且密码是相同的。
Did I do something wrong in all that process?我在整个过程中做错了什么吗?
1 个解决方案
解决方案1
0 2021-03-08 10:40:10
Instead of exporting the certificate from iis try to export the certificate from the certificate store:不要从 iis 导出证书,而是尝试从证书存储中导出证书:
- Run mmc.exe运行 mmc.exe
- Click the 'Console' menu and then click 'Add/Remove Snap-in'.单击“控制台”菜单,然后单击“添加/删除管理单元”。
- Click the 'Add' button and then choose the 'certificates' snap-in and click on 'Add'.单击“添加”按钮,然后选择“证书”管理单元并单击“添加”。
- Select 'Computer Account' then click 'Next'. Select“计算机帐户”,然后单击“下一步”。
- Select 'Local Computer' and then click 'OK'. Select“本地计算机”,然后单击“确定”。
- Click 'Close' and then click 'OK'.单击“关闭”,然后单击“确定”。
- Expand the menu for 'Certificates' and click on the 'Personal' folder.展开“证书”菜单,然后单击“个人”文件夹。
- Right-click on the certificate that you want to export and select 'All tasks' -> 'Export'.右键单击要导出的证书和 select 'All tasks' -> 'Export'。
- A wizard will appear.将出现一个向导。 Make sure you check the box to include the private key and continue through with this wizard until you have a.PFX file.确保选中该框以包含私钥并继续执行此向导,直到您拥有一个 .PFX 文件。
Next run openssl to extract the private key, and the cert file.接下来运行 openssl 以提取私钥和证书文件。
Extract the private key:提取私钥:
Export the private key file from the.PFX file.从 .PFX 文件中导出私钥文件。
openssl pkcs12 -in filename.pfx -nocerts -out key.pem
Extract the certificate file:提取证书文件:
Export the certificate file from the.PFX file.从 .PFX 文件中导出证书文件。
openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem
Remove the passphrase:删除密码:
This command removes the passphrase from the private key so Apache won't prompt you for your passphase when it starts.此命令从私钥中删除密码,因此 Apache 在启动时不会提示您输入密码。
openssl rsa -in key.pem -out server.key
Make sure that the following lines are present in your apache virtual host configuration file and they are correct:确保 apache 虚拟主机配置文件中存在以下行并且它们是正确的:
SSLEngine on
SSLOptions +StrictRequire
SSLCertificateFile /path/to/certificate/cert.pem
SSLCertificateKeyFile /patch/to/key/server.key
Restart the apache server after doing all the configuration changes.完成所有配置更改后重新启动 apache 服务器。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.