密钥库中的私钥和签名证书之间的联系 [英] link between private key and signed certificate in keystore

问题描述

我做了码头SSL配置。

我一直在使用它增加了一个私钥密钥库密钥工具创建的企业社会责任，

根据收到的企业社会责任认证，转换后的证书DER格式并导入证书到密钥库为trustcacerts

该签名证书的根/中间证书的证书路径

我也装在受信任的根证书下的IE浏览器的根和中间证书将其转换为DER格式后。

而使用https，浏览器显示证书错误，并认为该证书作为自签名证书。

问

这是否意味着在不考虑安装签名证书，因为证书没有在证书路径根/中间证书？

虽然从CA收到的签名证书有链接到证书路径根/中级证书。

请建议如果有什么是错的过程。随后加入该密钥工具命令。

创建密钥库

  

密钥工具-keystore serverdns.keystore -alias服务器-genkey -keyalg RSA
  -keysize 2048

创建CSR

  

的keytool -certreq -alias -keystore服务器-file serverdns.keystore
  server.csr

安装签名证书

  

的keytool -import -alias -trustcacerts证书-keystore serverdns.keystore
  -file signedcert.der.cer

我一直在使用相同的别名服务器在安装签名证书尝试，但它与误差

失败

  

keytool的错误：java.lang.Exception的：无法从建立连锁
  回复

解决方案

您需要使用相同的别名作为私钥和CSR导入签名的证书。否则，他们之间没有连接，并且新的证书只是另一个证书。你不应该使用 -trustcacerts 这一步，如果你被询问是否信任该证书，你有别名错了。

I am doing the jetty SSL configuration.

I have created CSR using keytool which has added a private key to the keystore,

Received the certificate based on the CSR, converted the certificate to DER format and imported the certificate into the keystore as trustcacerts

The signed certificate has the root/intermediate certificates in the certificate path

I also installed the root and intermediate certificate in the IE under the trusted root certificate after converting it into DER format.

while using https , the browser shows certificate error and considers the certificate as self signed certificate.

Question

Does this mean the the installed signed certificate is not considered since the certificate does not have the Root/intermediate certificate in the certificate path?

Though the signed certificate received from the CA have the link to the root/intermediate certificate in the certificate path.

Please suggest if anything is wrong in the process . Adding the keytool commands followed for this.

Created keystore

keytool -keystore serverdns.keystore -alias server -genkey -keyalg RSA -keysize 2048

create CSR

keytool -certreq -alias server -keystore serverdns.keystore -file server.csr

installing signed certificate

keytool -import -trustcacerts -alias cert -keystore serverdns.keystore -file signedcert.der.cer

I have tried using the same alias 'server' while installing the signed certificate but it failed with the error

keytool error: java.lang.Exception: Failed to establish chain from reply

解决方案

You need to import the signed certificate using the same alias as the private key and the CSR. Otherwise there is no connection between them, and the new certificate is just another certificate. You should not use -trustcacerts for this step, and if you are asked whether to trust the certificate you've got the alias wrong.

这篇关于密钥库中的私钥和签名证书之间的联系的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！