简体繁体中英

setting-up ssl certificate on Tomcat: Invalid chain

原文 2013-07-05 09:31:14 0 2 tomcat/ ssl/ chain/ thawte

I'm trying to set-up a Thawte 123SSL certificate on my server but i've lost the original keystore used to generate the CSR. However I have the .p12 file with the private key and the .crt, so I created a new keystore using the sentence:

keytool -importkeystore -srckeystore file.p12 -srcstoretype pkcs12 -destkeystore /path/to/keystore.jks

After that, I added the intermediate CA certificates as:

keytool -import -alias Primary -trustcacerts -file SSL123_PrimaryCA.pem -keystore keystore.jks

keytool -import -alias Secondary -trustcacerts -file SSL123_SecondaryCA.pem -keystore keystore.jks

Then I added a Connector port to my server.xml

I think that's all, but when I check the status with Thawte Certificate Checker https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=SO9555 failed due to Invalid Chain:

Please install or replace the following intermediate CA certificates on your Web or Application server and perform this test again.

So.. what exactly am I doing wrong? How can I fix that?

Thanks for any advice!

2 answers

以其他别名导入中间证书不会有任何效果，您需要一次将整个链导入到私钥所在的别名中，如本答案所述。

Keystores are a little tricky to work with.

When you look at your keystore by performing "keytool -list -v -keystore [keystorename]" and see multiple certificates chaining then more than likely your installation of the intermediates is fine. The Thawte checker is slightly out of date and is expecting a certificate chain that might differ from modern standards.

Depending on the version of keytool it might not like the .pem extension of those files to

keytool -import -trustcacerts -alias secondaryIntermediate -keystore your_keystore_filename -file secondary_inter.cer

keytool -import -trustcacerts -alias primaryIntermediate -keystore your_keystore_filename -file primary_inter.cer

If you play with keystores a lot there is a GUI tool called portecle http://portecle.sourceforge.net/ thats free to download online that you can use. that makes life a lot easier for fixing and playing with keystores.

Tomcat SSL certificate authority invalid

Setting up SSL on Tomcat 8

Tomcat SSL Implementation not showing the Certificate chain in the browser

How to set up existing SSL certificate in tomcat?

Setting up tomcat + ssl failed.. cannot connect to SSL channel?

Need help setting up a truststore's chain of authority (in Tomcat)

ssl tomcat certificate error

SSL Wildcard Certificate into Tomcat

Tomcat and SSL Client certificate

SSL on tomcat with wildcard certificate

暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Tomcat SSL certificate authority invalid Setting up SSL on Tomcat 8 Tomcat SSL Implementation not showing the Certificate chain in the browser How to set up existing SSL certificate in tomcat? Setting up tomcat + ssl failed.. cannot connect to SSL channel? Need help setting up a truststore's chain of authority (in Tomcat) ssl tomcat certificate error SSL Wildcard Certificate into Tomcat Tomcat and SSL Client certificate SSL on tomcat with wildcard certificate

Related Tags

setting-up ssl certificate on Tomcat: Invalid chain

Question

2 answers

solution1
1 2013-07-30 00:03:04

solution2
0 2013-07-29 21:20:18

setting-up ssl certificate on Tomcat: Invalid chain

Question

2 answers

solution1 1 2013-07-30 00:03:04

solution2 0 2013-07-29 21:20:18

solution1
1 2013-07-30 00:03:04

solution2
0 2013-07-29 21:20:18