I've made a certificate request using openssl and sent it to the VeriSign.
Now I have three things:
1) Certificate request created with openssl (req.pem)
2) Private key file (key.pem)
3) My VeriSign SSL certificate (cert.pem)
But I need to import all this stuff into java keystore to make it work with
my tomcat application. So first I simple tried to follow instructions on
https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&actp=CROSSLINK&id=AR234
, but with this method my VeriSign
certificate entry type isn't KeyEntry or PrivateKeyEntry (it's trustedCertEntry),
so tomcat doesn't start saying "No available certificate or key corresponds
to the SSL cipher suites which are enabled."
然后我尝试使用openssl将VeriSign证书和private导出到PKC12商店,然后将此商店导入java密钥库。似乎没问题:证书enrty类型是PrivateKeyEntry,tomcat启动并运行,所有Linux浏览器(包括FireFox)都接受此证书。但是这里有一个问题:证书链长度值为1而不是4,Windows中的FireFox将此证书解释为不可信,称为“未知发行者”。
使这项工作的正确方法是什么?
P.S。对不起代码块,但这个网站的解析器让我发疯了