如何从openssl生成的密钥生成X.509证书 [英] How do I generate X.509 certificate from key generated by openssl

问题描述

我有一个运行在ec2实例上的Web服务器，该实例内部调用使用Spring Boot构建的REST服务器.现在，我正在尝试使此REST服务器在SSL下运行.到目前为止，这是我所做的:

I've a web server running on an ec2-instance which internally calls a REST server that is built using Spring Boot. Now, I am trying to get this REST server running under SSL. Here's what I've done so far:

1)创建了CSR&使用此命令的密钥文件

1) Created a CSR & a key file using this command

openssl req -newkey rsa:2048 -nodes -keyout mydomain.key -out mydomain.csr

2)Copied 'csr' to get SSL certificate from GoDaddy.

3)在我的ec2-instance上的Nginx下成功安装了证书.

3) Successfully installed the certificate under Nginx on my ec2-instance.

4)当我点击https下的主页时，它可以工作.我不再从浏览器收到不安全"消息.

4) When I hit the home page under https, it works. I no longer get 'Not secure' message from the browser.

5)登录失败，因为它发出了REST调用，但REST服务器未在SSL下运行，因此我试图使其在SSL下运行.

5) Login fails because it makes a REST call but REST server is not running under SSL so I am trying to get it running under SSL.

6)运行以下命令:

keytool -import -alias mydomain -keystore tomcat.keystore -trustcacerts -file mydomain.com.chained.crt
keytool -import -alias mydomain-key -keystore tomcat.keystore -trustcacerts -file mydomain.key

上一条命令给我一条错误消息: "keytool错误:java.lang.Exception:输入的不是X.509证书"

The previous command gives me an error message: "keytool error: java.lang.Exception: Input not an X.509 certificate"

但这是在上述&的第1步中创建的.同一文件在Nginx下工作.我缺少什么(除了我对设置SSL知之甚少的事实以外)?我相信，我需要第二条命令在application.properties中指定"server.ssl.keyAlias"的值.

But this was the one created in step 1 above & the same file works under Nginx. What am I missing (other than the fact that I know very little about setting up SSLs!)? I need the second command to specify the value of 'server.ssl.keyAlias' in application.properties, I believe.

推荐答案

不是一个真正的答案，但评论溢出.

Not really an answer but overflowed comment.

您不需要生成" X.509证书；你已经从GoDaddy那里得到了.如果(且仅)以与(外部)nginx相同的名称访问SpringBoot服务器(我不清楚)，您需要转换对私钥和证书链 >从PEM格式到Java使用的格式.参见:
如何在Java密钥库中导入现有的x509证书和私钥以在SSL中使用?
如何使用.key和由openssl生成的Java中的.crt文件?
导入私有密钥/public-certificate对在Java KeyStore中
也许将密钥和SSL证书导入到Java密钥库中

You don't need to 'generate' an X.509 cert; you already got that from GoDaddy. If (and only if) the SpringBoot server is accessed by the same name(s) as (external) nginx -- which is unclear to me -- you need to convert the pair of private key AND certificate CHAIN from PEM format to a format Java uses. See:
How to import an existing x509 certificate and private key in Java keystore to use in SSL?
How can I set up a letsencrypt SSL certificate and use it in a Spring Boot application?
How to use .key and .crt file in java that generated by openssl?
Importing the private-key/public-certificate pair in the Java KeyStore
maybe Import key and SSL Certificate into java keystore

这篇关于如何从openssl生成的密钥生成X.509证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！