从证书颁发机构收到crt后如何使用myserver.key创建密钥库 [英] How to create keystore with myserver.key after receiving crt from Certificate Authority
本文介绍了从证书颁发机构收到crt后如何使用myserver.key创建密钥库的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我使用以下命令创建了私钥和csr文件
I created a private key and csr file with the following command
openssl req -nodes -newkey rsa:2048 -sha1 -keyout myserver.key -out server.csr
输出的两个文件是
- myserver.key
- server.csr
我将server.csr文件上传到了Network Solutions,并取回了4个"crt"文件.
I uploaded the server.csr file to Network Solutions and got back 4 "crt" files.
- AddTrustExternalCARoot.crt
- OV_NetworkSolutionsOVServerCA2.crt
- OV_USERTrustRSACertificationAuthority.crt
- STAR.{mydomain} .CA.CRT
如何从已有文件中创建密钥库,并在Tomcat 7中的server.xml文件中对其进行配置.
How can I create a keystore out of the files I have and configure it in Tomcat 7 in the server.xml file.
推荐答案
可能是最简单的方法:
- 下载 KeyStore Explorer
- 启动KSE并选择创建新的密钥库",然后选择"JKS"
- 在工具"菜单中选择导入密钥对",然后选择"PKCS#8".取消选择加密密钥",浏览到"myserver.key"作为私钥文件,并浏览到"STAR.{mydomain} .CA.CRT"作为证书文件.
- 在创建密钥对条目之后,右键单击它,选择编辑证书链"并附加两个"OV"证书.
- 保存密钥库,并确保对密钥库和密钥对使用相同的密码.
- 将
keystoreFile="..." keystorePass="..."
添加到server.xml中SSL端口(默认8443)的<Connector>
标记中
- Download KeyStore Explorer
- Start KSE and select "Create a new KeyStore", choose "JKS"
- Select "Import Key Pair" in the "Tools" menu, choose "PKCS#8". Unselect "Encrypted Key", browse to "myserver.key" as the private key file and "STAR.{mydomain}.CA.CRT" as the certificate file.
- After the key pair entry is created, right click on it, select "Edit certificate chain" and append the two "OV" certificates.
- Save the keystore and make sure to use the same password for the keystore and the key pair.
- Add
keystoreFile="..." keystorePass="..."
to the<Connector>
tag for the SSL port (default 8443) in your server.xml
这篇关于从证书颁发机构收到crt后如何使用myserver.key创建密钥库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文