堆栈内存溢出
  简体   繁体   English

Tomcat SSL:找不到可信证书

[英]Tomcat SSL: No trusted certificate found

 原文  2010-09-19 15:44:59       tomcat/ ssl/ ssl-certificate/ certificate/ keytool

问题描述

I created a certificate using keytool: 我使用keytool创建了一个证书: 

keytool -genkey -alias tomcat -keyalg RSA

Exported and imported it into my keystore: 将其导出并导入我的密钥库: 

keytool -export -alias tomcat name.crt
keytool -import -file name.crt

When I do keytool -list I have 2 entries: 当我做keytool -list时,我有2个条目: 

tomcat, Sept 15, 2010, keyEntry,
Certificate fingerprint (MD5): ...
mykey, Sept 17, 2010, trustedCertEntry
Certificate fingerprint (MD5):...

Note that the fingerprints for both entries are the same. 请注意,两个条目的指纹是相同的。

I configured my server.xml to point to my .keystore file 我将server.xml配置为指向我的.keystore文件 

<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
       maxThreads="150" scheme="https" secure="true"
       keystoreFile="${user.home}/.keystore" keystorePass="changeit"
       clientAuth="false" sslProtocol="TLS" />

<Connector port="8009" protocol="AJP/1.3" redirectPort="443" />

But in my tomcat logs I see when I perform an action in my Java app: 但是在我的tomcat日志中,我看到我在Java应用程序中执行操作时: 

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
...
sun.security.validator.ValidatorException: No trusted certificate found

Is there any other configuration that needs to be done? 是否还需要进行其他配置?

1 个解决方案

解决方案1
 1  2010-09-19 16:33:55

You need the client (ie the browser) to trust your servers certificates. 您需要客户端(即浏览器)信任您的服务器证书。

For this you either import the certificate of the server in the browser as a trusted certificate, which only works when you have the browser under your control. 为此,您可以将浏览器中的服务器证书作为可信证书导入,只有在您拥有浏览器的情况下才能使用该证书。 Or you get your certificate signed by a trusted authority, which costs money. 或者您获得由受信任的机构签署的证书,这需要花钱。

exporting and reimporting under a different name doesn't make any sense. 以不同的名称导出和重新导入没有任何意义。

Update: 更新:

I think I start to understand what you are trying to do. 我想我开始明白你要做什么了。 You want a java client access a webapp via https. 您希望java客户端通过https访问webapp。 yes? 是?

In this case you need to provide a 'truststore' ie a keystore containing the trusted certificates. 在这种情况下,您需要提供“信任库”,即包含受信任证书的密钥库。 You'll want to set the system Property javax.net.ssl.trustStore to the name of the truststore to use. 您需要将系统属性javax.net.ssl.trustStore设置为要使用的信任库的名称。

You'll probably can use a handcrafted TrustManager as well. 您可能也可以使用手工制作的TrustManager。 This site seems to give information about that: http://download.oracle.com/javase/1.4.2/docs/guide/security/jsse/JSSERefGuide.html 该网站似乎提供了相关信息: http//download.oracle.com/javase/1.4.2/docs/guide/security/jsse/JSSERefGuide.html

This simple example might help as well: http://stilius.net/java/java_ssl.php 这个简单的例子也可能有所帮助: http//stilius.net/java/java_ssl.php

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 由于不信任服务器的证书,tomcat中的SSL实现给出了消息 - SSL implementation in tomcat gives message as Server's certificate is not trusted Java notnoop,APNS在tomcat内部找不到可信证书 - Java notnoop,APNS No trusted certificate found from inside tomcat Tomcat服务器中带有自签名证书的可信SSL,无需在浏览器中导入证书 - Trusted SSL With Self Sign Certificate In Tomcat Server Without Importing Certificate In Browser Tomcat 和 SSL 客户端证书 - Tomcat and SSL Client certificate tomcat 上的 SSL 带通配符证书 - SSL on tomcat with wildcard certificate Tomcat - SSL 证书配置 - Tomcat - SSL certificate configure ssl tomcat证书错误 - ssl tomcat certificate error SSL通配符证书进入Tomcat - SSL Wildcard Certificate into Tomcat 如何在Nginx和tomcat中使用受信任的证书? - How to use trusted certificate with nginx and tomcat? 远程服务器不信任tomcat上的verisign证书 - verisign certificate on tomcat is not trusted by remote server
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM