Tomcat 上的 SSL 证书 - 别名无法识别密钥 [英] SSL Certificate on Tomcat - Alias name does not identify a key

问题描述

想知道是否有人能告诉我我在哪里搞砸了！我有一个 keytool 创建的密钥库，一个来自 Thawte 的主要、次要和 ssl 证书.我最初使用 openssl 创建了 CSR，然后使用记录的过程将私钥转换为 PKCS12 以导入密钥库.

Wondering if someone can enlighten me on where im screwing this up! I have a keytool created keystore, a primary, secondary and ssl cert from Thawte. I originally created the CSR with openssl then using the process documented converted the private key to PKCS12 to import into the keystore.

我相信我已经将它们全部导入到密钥库中(但显然不是！)但是我从 Tomcat 得到的错误是:'java.io.IOException Alias name does not identify a key entry

I believe i have imported them all in to the keystore ok (but obviously not!) but the error i'm getting from Tomcat is: 'java.io.IOException Alias name does not identify a key entry

如果我执行keytool -list -keystore keystore.ks 这就是我得到的:

If i do akeytool -list -keystore keystore.ks this is what i get:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 4 entries

    secondary, Jun 22, 2012, trustedCertEntry,
    Certificate fingerprint (MD5): EB:A3:71:66:38:5E:3E:F4:24:64:ED:97:52:E9:9F:1B
    tomcat, Jun 22, 2012, trustedCertEntry,
    Certificate fingerprint (MD5): EA:D0:43:F8:7F:D5:1C:4A:BA:A7:F4:64:A9:6A:A1:B0
    primary, Jun 22, 2012, trustedCertEntry,
    Certificate fingerprint (MD5): D6:6A:92:1C:83:BF:A2:AE:6F:99:5B:44:E7:C2:AB:2A
    1, Jul 2, 2012, PrivateKeyEntry,
    Certificate fingerprint (MD5): EA:D0:43:F8:7F:D5:1C:4A:BA:A7:F4:64:A9:6A:A1:B0

我很确定我的 Tomcat server.xml 没问题，但这里也适用于 https 连接器:

I'm pretty sure my Tomcat server.xml is ok but here it is too for the https connector:

<Connector port="443"
    protocol="org.apache.coyote.http11.Http11Protocol"
    maxHttpHeaderSize="8192"
    SSLEnabled="true"
    maxThreads="150"
    minSpareThreads="25"
    maxSpareThreads="75"
    enableLookups="false"
    disableUploadTimeout="true"
    acceptCount="100"
    scheme="https"
    secure="true"
    clientAuth="false"
    sslProtocol="TLS"
    URIEncoding="UTF-8"
    keystorePass="xxxxxx"
    keystoreFile="/keys/keystore.ks"
    keyAlias="tomcat"/>

有什么想法吗?这是我第一次这样做，所以也许我搞砸了一些显而易见的事情?

Any ideas? This is the first time i've done this so maybe ive messed up something blindingly obvious?

该站点在端口 80 上运行良好.

THe site works fine on port 80.

希望听到一些建议:)

推荐答案

当您使用 keytool 列出别名时，别名是每个条目逗号之前的名称.在这里，您有 4 个条目:secondary、tomcat、primary 和 1.只有别名 1 用于私钥.

When you list alias with keytool, the alias name is what's before the comma for each entry. Here, you have 4 entries: secondary, tomcat, primary and 1. Only alias 1 is for a private key.

(请注意，您可以直接使用 keystoreType="PKCS12" 代替 PKCS#12 文件.)

(Note that you can use a PKCS#12 file directly using keystoreType="PKCS12" instead.)

这篇关于Tomcat 上的 SSL 证书 - 别名无法识别密钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！