堆栈内存溢出
  简体   繁体   English

无法将根证书和中间证书添加到密钥库

[英]Unable to add Root and Intermediate Certificate to Keystore

 原文  2021-06-15 06:57:41       ssl/ ssl-certificate/ keystore/ root-certificate

问题描述

I have problems with appending the root and intermediate certificate to my SSL certificate.我在将根证书和中间证书附加到我的 SSL 证书时遇到问题。 Please see below the steps.请看下面的步骤。

  1. Create Java keystore named jira.corp.net.jks with Self signed certificate jira.corp.net使用自签名证书jira.corp.net创建名为jira.corp.net.jks的 Java 密钥库
  2. Create a CSR to get CA signed certificate for jira.corp.net创建 CSR 以获取jira.corp.net的 CA 签名证书
  3. Received CA signed certificate and imported jira.corp.net into jira.corp.net.jks via Import Reply option in Keystore Explorer收到 CA 签名证书并通过 Keystore Explorer 中的 Import Reply 选项将jira.corp.net导入jira.corp.net.jks
  4. Appended intermediate and root certificate附加中间证书和根证书

The above steps works perfectly fine.上述步骤工作得很好。 Now, since my application requires the signed certificate in a different keystore cacerts , I imported the signed certificate.现在,由于我的应用程序需要不同密钥库cacerts中的签名证书,我导入了签名证书。 But now I don't get option to append the intermediate and root certificate.但现在我没有选择 append 中间证书和根证书。 Because of this I get the below error,因此,我收到以下错误,

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target sun.security.validator.ValidatorException:PKIX 路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到请求目标的有效证书路径

I understand that since the certificate request was created in a different keystore, the append option is not available.我了解,由于证书请求是在不同的密钥库中创建的,因此 append 选项不可用。 But how do I import the root and intermediate certificate in this case?但是在这种情况下如何导入根证书和中间证书?

I have checked many blogs but couldn't make it work.我检查了许多博客,但无法使其正常工作。 If someone has knowledge on how to fix, please suggest.如果有人知道如何修复,请提出建议。

Thanks!谢谢!

1 个解决方案

解决方案1
 0  2022-01-20 13:45:03

Hi i usually generated the root CA with openssl and never worked importing that into the cacerts with keytools.嗨,我通常使用 openssl 生成根 CA,但从未使用 keytools 将其导入到 cacerts 中。 You can instead generate it with this application i made out of desperation (it's a Java 11 app):您可以使用我出于绝望而制作的这个应用程序来生成它(它是一个 Java 11 应用程序):

https://github.com/kendarorg/JavaCaCertGenerator https://github.com/kendarorg/JavaCaCertGenerator

Its only purpose is to replace the generation of the private key and the root certificate, in a form "fit" for cacerts.它的唯一目的是以“适合”cacerts 的形式替换私钥和根证书的生成。 From there you can produce the various certificates for the addresses and import the root CA inside the default cacert从那里您可以为地址生成各种证书并在默认 cacert 中导入根 CA

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在密钥库传输安全层(TLS)中保护根证书和中间证书 - Protecting the root and intermediate certificate in keystore Transport Security Layer (TLS) Java密钥库中的中间CA证书 - Intermediate CA certificate in Java keystore 中级和根证书文件 - Intermediate and Root certificate files 将证书添加到 Mirth Keystore - Add certificate to Mirth Keystore 将根证书、服务器证书和中间证书转换为.cert和.key文件 - Convert root certificate ,server certificate and intermediate certificate to .cert and .key file Haproxy ssl配置 - 安装根证书和中间证书 - Haproxy ssl configuration - install root and intermediate certificate 区分根 CA 和中间 CA 证书 - Distinguish between Root CA and Intermediate CA Certificate HTTPS通信中的根CA,中间证书和Web服务器证书 - root CA , intermediate certificate and web server certificate in HTTPS communication 只能在一个文件中使用中间证书和根证书验证证书 - Can verify certificate only with intermediate and root certificate in one file 有没有办法将个人证书,中间根和受信任的根封装在可移植文件中? - Is there a way to encapsulate personal certificate, intermediate root and trusted root in a portable file?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM