Keytool错误:无法从回复建立链

时间:2013-07-04 08:12:30

标签: java authentication ssl x509certificate keytool

我从CA导入试用版SSL证书时出错。以下是我创建密钥库的步骤。如果我错了,请纠正我。提前谢谢!

1.首先,我创建了一个要放入服务器的密钥库。

keytool -keystore server_keystore.jks -genkey -alias server -keyalg rsa -keysize 2048

2.处理CSR。

keytool -keystore server_keystore.jks -certreq -alias server -keyalg rsa -file server.csr
  • 将CSR发送给CA(Thawte)并回复三个试用证书,即CA root,CA intermediate和trial SSL。将其保存为文件扩展名为.cer的文本文件。 (trial_ca_ssl.cer,trial_ca_root.cer,trial_ca_intermediate.cer)

3.Tried在server_keystore.jks中导入trial_ca_ssl.cer,但收到错误。

keytool -import -keystore server_keystore.jks -file trial_ca_ssl.cer -alias server

错误:

keytool error: java.lang.Exception: Failed to establish chain from reply

2 个答案:

答案 0 :(得分:0)

您应该将trial_ca_ssl.cer文字放在最高server.cer之上。这将构成两个这样的证书的层次结构。然后你应该导入它。

  

-----开始证书----- MIIDSjCCAjKgAwIBAgIIEvabM2CgLZcwDQYJKoZIhvcNAQEFBQAwMzETMBEGA1UE   AxMKV2FsdGVyIENBMTEPMA0GA1UEChMGV2FsdGVyMQswCQYDVQQGEwJTRTAeFw0w   MzA5MjkwOTI2MzRaFw0wNDA5MjgwOTM2MzRaMDMxEzARBgNVBAMTCldhbHRlciBD   QTExDzANBgNVBAoTBldhbHRlcjELMAkGA1UEBhMCU0UwggEgMA0GCSqGSIb3DQEB   AQUAA4IBDQAwggEIAoIBAQC3hXksEud68WwPWWHLJQQkTCuX / K32KHPPn / uPUzab   CPC / FnaTmF9yEHmpFdAUr0v5ZPnxVQpcuwrDZc4YfaTLfyUHicQbkftsPAj / 2hE4   UukS2j + nQQcJEnIY0vSZOAOLU3j4bf / RlS6Jl7TPFFfWTxuQF8AruQ + YhaE52JFi   SapGGXKQJxhsvKT91rLaWSFWNMTTLSDPaBXYEYFuFhLNclDJWf4whfxHSHHkARB /   3Z0XlT4sFj0fmqEQ6yQb6 / WqMFK + 1XAIBXZO2MXe26IigWkXw1GfkIx1 + fbUPrzu   8EI2jb0TWl21j1 + Mvh3APZtVj5FJNuZN9bgdbrq88hLXAgERo2QwYjAPBgNVHRMB   Af8EBTADAQH / MA8GA1UdDwEB / wQFAwMHBgAwHQYDVR0OBBYEFNhHOtAwo8MOE / NI   zzg9KFxCYs8YMB8GA1UdIwQYMBaAFNhHOtAwo8MOE / nIzzg9KFxCYs8YMA0GCSqG   Sib3DQEBBQUAA4IBAQBHpvicbuJTACtpdwe6cF1nQ57FHnnYr + AAE + ZpH43R6R9d   eMps02nFAMSs5o8sbPokrpwAtk2yYwCohEFDkZ5JPzIBkgNlNnVHNNRHQTRJ6v6Q   F2MWUEPc1u5kxSjXEVMmZerG9oknMwpYFmkOnKF46vP3Njt / ExOeRAvCEQq2b8pz   2QGg8 / IK6Omfi7IwxtVYUpgvhdcWekbFIlxkXZiEdlHNBIV1GzzPK1VEzg5kugD /   h6jeykrsKASx + 55AkkBPt2kI + ZikVtp3SVhfZQMGY86c5QMQGlPWYNsr4ociyhfX   I52Qby + / HNG1ijpx66Z30lUMmXTtWtL4C​​u8s7UvC

     

----- END CERTIFICATE -----

     

-----开始证书----- MIICxzCCAa + gAwIBAgIIBfqGjbQu14swDQYJKoZIhvcNAQEFBQAwMzETMBEGA1UE   AxMKV2FsdGVyIENBMTEPMA0GA1UEChMGV2FsdGVyMQswCQYDVQQGEwJTRTAeFw0w   MzA5MjkwOTMzMDFaFw0wNDAxMDcwOTQzMDFaMDQxETAPBgNVBAMTCER1ZGUgQ0Ex   MRIwEAYDVQQKEwlEdWRlIEluYy4xCzAJBgNVBAYTAlNFMIGdMA0GCSqGSIb3DQEB   AQUAA4GLADCBhwKBgQCM1hR / DYPXfKDa3oVJbppV4OcYtn2XP9W5Kc1d0 + U4qLOm   JsqIFHDWR07o1QFiPhc9z0UGtwYeE3CpQ8fG8zeur5e286PYptZIST77B9vOdQdl   PA + dFKFIaEwdzcS7H3Lf38WTE4D1OnyRX5jsiUe + YIQRtjv / BMEM + kSR84G9TwIB   EaNkMGIwDwYDVR0TAQH / BAUwAwEB / zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1UdDgQW   BBTDrXZGYXS9GyIUBOZrglhwNjjcnTAfBgNVHSMEGDAWgBTYRzrQMKPDDhP5yM84   PshcQmLPGDANBgkqhkiG9w0BAQUFAAOCAQEAdmTP1qVUcAKOf + / zvb2lcLKvFwKT   6KqDlO5NofjqCIfNgCjO2mO176cslnFIbEZQqgGIUnJ3AwfHKHj + U3kM3n5T29kF   xiLKxIDfjsY6qC03KHeGAgxI92XZyPsO1is6Y6qUnAmiwhIp5HS6E0 + xIP1shmtJ   ZvqU8bueKUWSjx3JDzq + UNLX5pFkK0P0R90TCUEkBx1FNWqoWwb8zfAuO5zcNTEj   5E9esLjwxJQnIVPiA2l3FfZN9yomK + q7kTZJkX2kMx7G850lPR8CneXZT6bIOfck   Dw3PqQiroMNx2 + GZC / F / wTXsF92aujyG + IZx1FIcNg / MoHXBWG7T8YrjnQ ==

     

----- END CERTIFICATE -----

有关详细信息,请阅读EJBCA的用户指南。

答案 1 :(得分:-1)

一种可能性是您在Mac中使用默认的openssl工具,但是从较新版本的openssl复制\ openssl \ apps \ ca-cert.srl。

相关问题
最新问题