How to create keystore with myserver.key after receiving crt from Certificate Authority

为君一笑 提交于 2019-12-11 02:05:32

问题


I created a private key and csr file with the following command

openssl req -nodes -newkey rsa:2048 -sha1 -keyout myserver.key -out server.csr

The two files outputted are

  • myserver.key
  • server.csr

I uploaded the server.csr file to Network Solutions and got back 4 "crt" files.

  • AddTrustExternalCARoot.crt
  • OV_NetworkSolutionsOVServerCA2.crt
  • OV_USERTrustRSACertificationAuthority.crt
  • STAR.{mydomain}.CA.CRT

How can I create a keystore out of the files I have and configure it in Tomcat 7 in the server.xml file.


回答1:


Probably easiest way:

  1. Download KeyStore Explorer
  2. Start KSE and select "Create a new KeyStore", choose "JKS"
  3. Select "Import Key Pair" in the "Tools" menu, choose "PKCS#8". Unselect "Encrypted Key", browse to "myserver.key" as the private key file and "STAR.{mydomain}.CA.CRT" as the certificate file.
  4. After the key pair entry is created, right click on it, select "Edit certificate chain" and append the two "OV" certificates.
  5. Save the keystore and make sure to use the same password for the keystore and the key pair.
  6. Add keystoreFile="..." keystorePass="..." to the <Connector> tag for the SSL port (default 8443) in your server.xml


来源:https://stackoverflow.com/questions/27586399/how-to-create-keystore-with-myserver-key-after-receiving-crt-from-certificate-au

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!