我已经使用 Bouncy Castle 生成了证书库,我的示例代码如下,
String domainName ="localhost";
String certPath ="C://testCert.crt";
KeyPairGenerator keyPairGenerator;
try {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider ());
keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(1024);
KeyPair KPair = keyPairGenerator.generateKeyPair();
X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
v3CertGen.setSerialNumber(BigInteger.valueOf(Math.abs(new SecureRandom().nextInt())));
v3CertGen.setIssuerDN(new X509Principal("CN=" + domainName + ", OU=None, O=None L=None, C=None"));
v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30));
v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365*10)));
v3CertGen.setSubjectDN(new X509Principal("CN=" + domainName + ", OU=None, O=None L=None, C=None"));
v3CertGen.setPublicKey(KPair.getPublic());
v3CertGen.setSignatureAlgorithm("MD5WithRSAEncryption");
X509Certificate pkCertificate = v3CertGen.generateX509Certificate(KPair.getPrivate());
KeyStore keystore = KeyStore.getInstance("JKS");
keystore.load(null, null);
keystore.setKeyEntry("test", KPair.getPrivate(), "password".toCharArray(), new X509Certificate[] {pkCertificate});
FileOutputStream fos;
fos = new FileOutputStream(certPath);
fos.write(pkCertificate.getEncoded());
fos.close();
}catch (Exception e1) {
e1.printStackTrace();
}
证书生成成功,没有任何编译错误,但是在启动tomcat时生成错误
“严重:由于 keystore 格式无效,无法使用路径 C:/testCert.crt 加载 keystore 类型 JKS”
server.xml 的条目如下,
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false"
disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreAlias="test" keystorePass="password"
keystoreFile="C:/testCert.crt" />
最佳答案
您不需要将证书的编码形式写入文件(fos.write(pkCertificate.getEncoded());
是错误的做法),但使用 keyStore.store(fos,"password".toCharArray);
代替。
关于java - 无效的 keystore 格式 - tomcat,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/5739586/