问题
I created a private key and csr file with the following command
openssl req -nodes -newkey rsa:2048 -sha1 -keyout myserver.key -out server.csr
The two files outputted are
- myserver.key
- server.csr
I uploaded the server.csr file to Network Solutions and got back 4 "crt" files.
- AddTrustExternalCARoot.crt
- OV_NetworkSolutionsOVServerCA2.crt
- OV_USERTrustRSACertificationAuthority.crt
- STAR.{mydomain}.CA.CRT
How can I create a keystore out of the files I have and configure it in Tomcat 7 in the server.xml file.
回答1:
Probably easiest way:
- Download KeyStore Explorer
- Start KSE and select "Create a new KeyStore", choose "JKS"
- Select "Import Key Pair" in the "Tools" menu, choose "PKCS#8". Unselect "Encrypted Key", browse to "myserver.key" as the private key file and "STAR.{mydomain}.CA.CRT" as the certificate file.
- After the key pair entry is created, right click on it, select "Edit certificate chain" and append the two "OV" certificates.
- Save the keystore and make sure to use the same password for the keystore and the key pair.
- Add
keystoreFile="..." keystorePass="..."to the<Connector>tag for the SSL port (default 8443) in your server.xml
来源:https://stackoverflow.com/questions/27586399/how-to-create-keystore-with-myserver-key-after-receiving-crt-from-certificate-au