如何在Tomcat上更新ssl证书? [英] How renew ssl certificate on Tomcat?
问题描述
遵循go-daddy文档:
Following the go-daddy documentation :
https://www.godaddy.com/help /tomcat-4x5x6x-renew-a-certificate-5355
流程:
我已经创建了myDomain.csr并将其发送给GoDaddy,并从他们那里得到了3个文件的答复( gd_bundle-g2-g1.crt , gdig2.crt.pem ,59a41eaec32d2046.crt)
I've create myDomain.csr and send it to GoDaddy , got reply from them with 3 files ( gd_bundle-g2-g1.crt , gdig2.crt.pem ,59a41eaec32d2046.crt)
我提到已过期的旧证书具有链结构,不幸的是,Go-daddy仅给我固定"证书.
I mentioned that the old cert which was expired has a chain structure , unfortunately Go-daddy give me only "flat" certificates.
我试图自己做一个链条:
I tried to make a chain by myself :
cat 59a41eaec32d2046.crt gd_bundle-g2-g1.crt gdig2.crt.pem >> myDomain.crt
之后:
sudo keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file myDomain.crt
sudo keytool -import -alias intermed -keystore tomcat.keystore -trustcacerts -file gdig2.crt
sudo keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file gd_bundle-g2-g1.crt
并完全按照文档中的内容更改server.xml
and change the server.xml exactly as in the documentation
我附上我认为应该如何显示的图片
I Attach pictures of how in my opinion it should appear
但是实际上,在连锁之后,我有:
But Actually after my chain I had :
当我打开浏览器GOT时:
When I open the Browser GOT:
Secure Connection Failed
An error occurred during a connection to talenttribe.me. Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
Learn more…
Report errors like this to help Mozilla identify and block malicious sites
不明白我在想什么...是链条创建还是tomcat问题?
Don't understand what I'm missing...is it Chain creation or tomcat issues ??
BR,
推荐答案
如果从现有供应商处续签,则只需替换tomcat证书. 证书名称hexcode.crt其他无需更改.它对我有用.
You just need to replace tomcat certificate if your renew from existing vendor. certificate name hexcode.crt Other no need to change. Its works for me.
keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file filepath
这篇关于如何在Tomcat上更新ssl证书?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!