SSL中间证书 [英] SSL intermediate certificates

问题描述

要让我们的SSL证书正常工作，我们遇到很多麻烦.

We are having a lot of trouble getting our SSL certificates to work properly.

我们首先通过创建pkcs12文件并将其导出到Java密钥库，从现有密钥和证书生成了密钥库(使用多个来源).

We have generated our keystores (using multiple sources) from an existing key and certificate by first creating a pkcs12 file and exporting it to a java keystore.

现在，Thawte需要安装2个中间ca文件.如果我检查我们的密钥库，那么所有三个(两个中间体和我们自己的)都存在. Tomcat可以正常启动，但是在访问该站点(并使用verisign ssl检查器)时，没有拾取两个中间证书.

Now, Thawte requires that you install 2 intermediate ca files. If I inspect our keystore, all three (the 2 intermediates and our own) are present. Tomcat starts up properly, but on visiting the site (and using the verisign ssl checker), the two intermediate certificates are not picked up.

如果任何人有更多安装Thawte证书的经验，我们将不胜感激.我们拥有以下文件供您使用.不幸的是，我们没有用于创建CSR的原始密钥库，但是我们有私钥.

If anyone has more experience with installing certificates from Thawte, any input would be appreciated. We have the following files at our disposal. Unfortunately we do not have the original keystore used to create the CSR, but we do have the private key.

1. CSR文件
2. 私钥(.key文件)
3. 我们的.crt文件
4. Thawte的主要和次要中间文件(单独和捆绑的.p7b文件)

此外，我们正在使用不带Apache的tomcat 7.0.27.

Also, we are using tomcat 7.0.27 without apache.

谢谢！

推荐答案

看来，使它正常运行的唯一方法是撤销旧证书，并使用新的CSR对其进行续订.

Seems the only way we got it working properly was by revoking the old certificate and renewing it with a new CSR.

这篇关于SSL中间证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！