我正在为Tomcat服务器安装SSL,并遵循这个颁发机构的说明https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=SO16181,它指出:
Verify the following information:
The SSL certificate is imported into the alias with the "Entry Type" of
PrivateKeyEntry or KeyEntry. If not, please import the certificate into
the Private Key alias.
当我导入我使用的证书(Tomcat)时:
keytool -import -trustcacerts -alias your_alias_name -keystore your_keystore_filename
-file your_certificate_filename
但是当我这样做时,它会导入为trustCertEntry
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 3 entries
primaryca, Jul 26, 2014, trustedCertEntry,
Certificate fingerprint (SHA1): <snip>
tomcat, Jul 26, 2014, trustedCertEntry,
Certificate fingerprint (SHA1): <snip>
secondaryca, Jul 26, 2014, trustedCertEntry,
Certificate fingerprint (SHA1): <snip>
我如何使别名为tomcat的导入项目变成PrivateKeyEntry?
primaryca
。服务器应该发送服务器证书和任何中间证书,以构建到受信任机构的路径。客户端是否信任机构或primaryca
是由客户端决定的。如果客户端不信任机构或primaryca
,则你无法做任何事情(除了要求他们信任它)。 - jww