TOMCAT 6 SSL 错误:别名不能识别关键条目 [英] TOMCAT 6 SSL Error: Alias name does not identify a key entry

问题描述

我在收到 CA 后尝试配置密钥库.我收到了一个中级 CA 和 CA.我已使用此命令导入它们

I'm trying to configure the keystore after I have received the CA. I received one intermediate CA and the CA. I have imported them using this commands

keytool -delete -alias tomcat -keystore B1i.keystore

keytool -import -alias root -keystore ".\B1iXcellerator\B1i.keystore" -trustcacerts -file ".\B1iXcellerator\int.crt"

keytool -import -alias tomcat -keystore ".\B1iXcellerator\B1i.keystore" -trustcacerts -file ".\B1iXcellerator\ssmobile2.crt"

您的访问密钥文件包含 2 个条目

Your access key file contains 2 entries

root，2017 年 9 月 14 日，trustedCertEntry，Empreinte du certificat (SHA1) : 55:83:E3:E1:A7:51:17:21:1E:AF:C8:5E:D1:15:BB:C1:AC:96:9D:B5

root, 14-sept.-2017, trustedCertEntry, Empreinte du certificat (SHA1) : 55:83:E3:E1:A7:51:17:21:1E:AF:C8:5E:D1:15:BB:C1 :AC:96:9D:B5

tomcat，2017 年 9 月 14 日，trustedCertEntry，Empreinte du certificat (SHA1) : DF:1C:D4:79:02:D5:59:D2:94:1D:DE:D5:73:99:2D:1A:25:09:BC:49

tomcat, 14-sept.-2017, trustedCertEntry, Empreinte du certificat (SHA1) : DF:1C:D4:79:02:D5:59:D2:94:1D:DE:D5:73:99:2D:1A :25:09:BC:49

在 server.xml 中我改变了这个:

And in the server.xml I changed this:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" keystoreFile="./webapps/B1iXcellerator/B1i.keystore" keyAlias="tomcat" keystorePass="******"/>

但我收到错误LifecycleException: service.getName(): "Catalina";协议处理程序启动失败:java.io.IOException:别名 tomcat 没有识别一个关键条目

But I'm getting the error LifecycleException: service.getName(): "Catalina"; Protocol handler start failed: java.io.IOException: Alias name tomcat does not identify a key entry

我做错了什么?

推荐答案

keytool -delete -alias tomcat -keystore B1i.keystore

您可能通过这一步删除了您的私钥.您应该省略这一步，并在接下来的步骤中使用 tomcat alas:见下文.

You probably deleted your private key with this step. You should have omitted this step, and used the tomcat alas in the next steps: see below.

keytool -import -alias root -keystore ".\B1iXcellerator\B1i.keystore" -trustcacerts -file ".\B1iXcellerator\int.crt"
keytool -import -alias tomcat -keystore ".\B1iXcellerator\B1i.keystore" -trustcacerts -file ".\B1iXcellerator\ssmobile2.crt"

除非已经存在别名为root"的私钥条目，否则这些步骤不会产生预期效果.

These steps don't have the desired effect unless there was already a private key entry with alias 'root'.

您可能不得不重新开始，生成新的密钥对、新的 CSR，并重新签名.这一次，使用与密钥对相同的别名，导入没有-trustcacerts选项的签名证书，并导入根证书>-trustcacerts 和不同的别名(感谢 @dave_thompson_085).

You are probably going to have to start again, generating a new keypair, a new CSR, getting it re-signed. This time, import the signed certificates without the -trustcacerts option, using the same alias as the keypair, and import the root certificates with -trustcacerts and a different alias (thanks @dave_thompson_085).

当你不知道它们是什么时，不要删除它们.

And don't delete things when you don't know what they are.

这篇关于TOMCAT 6 SSL 错误:别名不能识别关键条目的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！