问题描述
我在收到 CA 后尝试配置密钥库.我收到了一个中级 CA 和 CA.我已使用此命令导入它们
I'm trying to configure the keystore after I have received the CA.I received one intermediate CA and the CA. I have imported them using this commands
keytool -delete -alias tomcat -keystore B1i.keystore
keytool -import -alias root -keystore ".\B1iXcellerator\B1i.keystore" -trustcacerts -file ".\B1iXcellerator\int.crt"
keytool -import -alias tomcat -keystore ".\B1iXcellerator\B1i.keystore" -trustcacerts -file ".\B1iXcellerator\ssmobile2.crt"
您的访问密钥文件包含 2 个条目
Your access key file contains 2 entries
root,2017 年 9 月 14 日,trustedCertEntry,Empreinte du certificat (SHA1) : 55:83:E3:E1:A7:51:17:21:1E:AF:C8:5E:D1:15:BB:C1:AC:96:9D:B5
root, 14-sept.-2017, trustedCertEntry,Empreinte du certificat (SHA1) : 55:83:E3:E1:A7:51:17:21:1E:AF:C8:5E:D1:15:BB:C1:AC:96:9D:B5
tomcat,2017 年 9 月 14 日,trustedCertEntry,Empreinte du certificat (SHA1) : DF:1C:D4:79:02:D5:59:D2:94:1D:DE:D5:73:99:2D:1A:25:09:BC:49
tomcat, 14-sept.-2017, trustedCertEntry,Empreinte du certificat (SHA1) : DF:1C:D4:79:02:D5:59:D2:94:1D:DE:D5:73:99:2D:1A:25:09:BC:49
在 server.xml 中我改变了这个:
And in the server.xml I changed this:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="./webapps/B1iXcellerator/B1i.keystore" keyAlias="tomcat" keystorePass="******"/>
但我收到错误LifecycleException: service.getName(): "Catalina";协议处理程序启动失败:java.io.IOException:别名 tomcat 没有识别一个关键条目
But I'm getting the errorLifecycleException: service.getName(): "Catalina"; Protocol handler start failed: java.io.IOException: Alias name tomcat does not identify a key entry
我做错了什么?
推荐答案
keytool -delete -alias tomcat -keystore B1i.keystore
您可能通过这一步删除了您的私钥.您应该省略这一步,并在接下来的步骤中使用 tomcat
alas:见下文.
You probably deleted your private key with this step. You should have omitted this step, and used the tomcat
alas in the next steps: see below.
keytool -import -alias root -keystore ".\B1iXcellerator\B1i.keystore" -trustcacerts -file ".\B1iXcellerator\int.crt"
keytool -import -alias tomcat -keystore ".\B1iXcellerator\B1i.keystore" -trustcacerts -file ".\B1iXcellerator\ssmobile2.crt"
除非已经存在别名为root"的私钥条目,否则这些步骤不会产生预期效果.
These steps don't have the desired effect unless there was already a private key entry with alias 'root'.
您可能不得不重新开始,生成新的密钥对、新的 CSR,并重新签名.这一次,使用与密钥对相同的别名,导入没有-trustcacerts
选项的签名证书,并导入根证书>-trustcacerts
和不同的别名(感谢 @dave_thompson_085).
You are probably going to have to start again, generating a new keypair, a new CSR, getting it re-signed. This time, import the signed certificates without the -trustcacerts
option, using the same alias as the keypair, and import the root certificates with -trustcacerts
and a different alias (thanks @dave_thompson_085).
当你不知道它们是什么时,不要删除它们.
And don't delete things when you don't know what they are.
这篇关于TOMCAT 6 SSL 错误:别名不能识别关键条目的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!