从证书颁发机构收到crt后如何使用myserver.key创建密钥库 [英] How to create keystore with myserver.key after receiving crt from Certificate Authority

问题描述

我使用以下命令创建了私钥和csr文件

I created a private key and csr file with the following command

openssl req -nodes -newkey rsa:2048 -sha1 -keyout myserver.key -out server.csr

输出的两个文件是

• myserver.key
• server.csr

我将server.csr文件上传到了Network Solutions，并取回了4个"crt"文件.

I uploaded the server.csr file to Network Solutions and got back 4 "crt" files.

• AddTrustExternalCARoot.crt
• OV_NetworkSolutionsOVServerCA2.crt
• OV_USERTrustRSACertificationAuthority.crt
• STAR.{mydomain} .CA.CRT

如何从已有文件中创建密钥库，并在Tomcat 7中的server.xml文件中对其进行配置.

How can I create a keystore out of the files I have and configure it in Tomcat 7 in the server.xml file.

推荐答案

可能是最简单的方法:

1. 下载 KeyStore Explorer
2. 启动KSE并选择创建新的密钥库"，然后选择"JKS"
3. 在工具"菜单中选择导入密钥对"，然后选择"PKCS#8".取消选择加密密钥"，浏览到"myserver.key"作为私钥文件，并浏览到"STAR.{mydomain} .CA.CRT"作为证书文件.
4. 在创建密钥对条目之后，右键单击它，选择编辑证书链"并附加两个"OV"证书.
5. 保存密钥库，并确保对密钥库和密钥对使用相同的密码.
6. 将keystoreFile="..." keystorePass="..."添加到server.xml中SSL端口(默认8443)的<Connector>标记中

1. Download KeyStore Explorer
2. Start KSE and select "Create a new KeyStore", choose "JKS"
3. Select "Import Key Pair" in the "Tools" menu, choose "PKCS#8". Unselect "Encrypted Key", browse to "myserver.key" as the private key file and "STAR.{mydomain}.CA.CRT" as the certificate file.
4. After the key pair entry is created, right click on it, select "Edit certificate chain" and append the two "OV" certificates.
5. Save the keystore and make sure to use the same password for the keystore and the key pair.
6. Add keystoreFile="..." keystorePass="..." to the <Connector> tag for the SSL port (default 8443) in your server.xml

这篇关于从证书颁发机构收到crt后如何使用myserver.key创建密钥库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！