无法生成自签名证书

时间:2015-03-05 23:54:50

标签: tomcat ssl openssl ssl-certificate

我正在尝试生成.pem格式的证书,以便从一个KPSA应用程序到运行在tomcat服务器上的应用程序进行ssl连接。我在tomcat中启用了SSL连接,而其他kpsa应用程序默认是进行ssl连接。因此,启用了来自两端的SSL连接。

我需要以下面的格式生成2个证书:

1。 cacert.pem

-----BEGIN CERTIFICATE-----

MIIDNjCCAp+gAwIBAgIBADANBgkqhkiG9w0BAQQFADB2MQswCQYDVQQGEwJJTjEL

MAkGA1UECBMCVE4xCzAJBgNVBAcTAkNIMQwwCgYDVQQKEwNDVFMxEDAOBgNVBAsT

B1RlbGVjb20xFTATBgNVBAMTDDE3Mi4xNi42NC4xMTEWMBQGCSqGSIb3DQEJARYH

Y0BjLmNvbTAeFw0xMjEwMjYwNzA5MjFaFw0xMjExMjUwNzA5MjFaMHYxCzAJBgNV

BAYTAklOMQswCQYDVQQIEwJUTjELMAkGA1UEBxMCQ0gxDDAKBgNVBAoTA0NUUzEQ

MA4GA1UECxMHVGVsZWNvbTEVMBMGA1UEAxMMMTcyLjE2LjY0LjExMRYwFAYJKoZI

hvcNAQkBFgdjQGMuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVrNAY

mHFU3WUJvi3Cxs1YIN51YrSgyqOGvmWmzOrGUjKo6oCvS5al3IFD7geT0zuNkCj5

j5U+YcPz00xoefrR8ATTvT6kpEFSyDU5zenh0xNfIp58hSwWtwcgEmaGda1m2m3R

Tmv5ZM9NCSL8Re1dOOKrdV3qcj8dSny0LMSMhwIDAQABo4HTMIHQMB0GA1UdDgQW

BBR5qF2inDvx3AF+5DBQFoBsWf4nrTCBoAYDVR0jBIGYMIGVgBR5qF2inDvx3AF+

5DBQFoBsWf4nraF6pHgwdjELMAkGA1UEBhMCSU4xCzAJBgNVBAgTAlROMQswCQYD

VQQHEwJDSDEMMAoGA1UEChMDQ1RTMRAwDgYDVQQLEwdUZWxlY29tMRUwEwYDVQQD

EwwxNzIuMTYuNjQuMTExFjAUBgkqhkiG9w0BCQEWB2NAYy5jb22CAQAwDAYDVR0T

BAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQAt6KqmCJTqkslrDdVk90RUKxxOaPEP

rJKE5Ouo3sn1MBG0PGwBYbzihoAuFxVlSNTBhIE5xr5qdTwWGuIm7zj2OZJi+vbU

MjbEpCDBa2SLI1pyDTIeS98lrqF3XQREZ2p0RudJ8zKYoSsPWNTgkeHXTKZ4wRzt

ijMe3G9x+ehE8g==

-----END CERTIFICATE-----

2。服务器cert.pem

证书:

Data:

    Version: 3 (0x2)

    Serial Number: 1 (0x1)

    Signature Algorithm: md5WithRSAEncryption

    Issuer: C=IN, ST=TN, L=CH, O=CTS, OU=Telecom, CN=172.16.64.11/Email=c@c.com

    Validity

        Not Before: Oct 26 07:11:12 2012 GMT

        Not After : Oct 26 07:11:12 2013 GMT

    Subject: C=IN, ST=TN, L=CH, O=CTS, OU=Telecom, CN=172.19.128.147

    Subject Public Key Info:

        Public Key Algorithm: rsaEncryption

        RSA Public Key: (1024 bit)

            Modulus (1024 bit):

                00:c8:1b:54:55:4f:7c:1e:b3:f5:b4:1e:c3:42:ee:

                e7:46:b4:01:2f:82:36:72:8f:76:0b:51:3e:8f:d7:

                dc:c1:1c:48:5f:3d:ce:55:5c:8a:cd:7d:13:08:83:

                a9:6a:61:d0:58:4b:b3:37:9c:db:39:f7:ef:83:be:

                4a:17:da:89:64:94:a0:c9:3f:ac:48:43:3f:0a:81:

                ea:cd:0b:fb:4c:a3:41:92:46:c8:9f:dd:77:06:a6:

                c5:78:71:a0:76:4a:5d:9e:27:9a:cb:d4:ca:83:3e:

                e8:08:7c:02:6a:0b:85:cc:87:dc:88:86:08:72:a5:

                9c:b1:5d:a4:8d:80:ef:97:dd

            Exponent: 65537 (0x10001)

    X509v3 extensions:

        X509v3 Basic Constraints:

            CA:FALSE

        Netscape Comment:

            OpenSSL Generated Certificate

        X509v3 Subject Key Identifier:

            18:8A:0B:BA:BA:C1:BC:6C:6E:9E:7E:87:31:60:08:18:57:E9:83:58

        X509v3 Authority Key Identifier:

            keyid:79:A8:5D:A2:9C:3B:F1:DC:01:7E:E4:30:50:16:80:6C:59:FE:27:AD

            DirName:/C=IN/ST=TN/L=CH/O=CTS/OU=Telecom/CN=172.16.64.11/Email=c@c.com

            serial:00



Signature Algorithm: md5WithRSAEncryption

    bf:9c:86:8c:32:5f:88:29:54:35:db:de:16:69:12:5b:21:89:

    11:ff:8c:42:a9:ab:94:61:83:96:b1:85:0a:8c:61:d9:28:a2:

    d6:2a:f3:53:61:0a:65:2f:b5:f0:e7:a0:30:b2:e2:e0:f8:8d:

    85:b8:2c:15:87:11:33:6d:16:b1:36:46:f3:d0:79:76:1a:c9:

    05:72:8d:c5:64:e6:72:54:5b:87:7e:f5:f6:d0:be:0b:f3:d3:

    36:98:b4:2e:92:f5:13:18:2e:5d:fa:1f:d1:40:87:ef:05:fd:

    ca:50:92:6d:29:d0:99:d9:06:bd:14:c8:4e:27:e9:ab:56:bf:

    e9:d4

    -----BEGIN CERTIFICATE-----

    MIIDSzCCArSgAwIBAgIBATANBgkqhkiG9w0BAQQFADB2MQswCQYDVQQGEwJJTjEL

    MAkGA1UECBMCVE4xCzAJBgNVBAcTAkNIMQwwCgYDVQQKEwNDVFMxEDAOBgNVBAsT

    B1RlbGVjb20xFTATBgNVBAMTDDE3Mi4xNi42NC4xMTEWMBQGCSqGSIb3DQEJARYH

    Y0BjLmNvbTAeFw0xMjEwMjYwNzExMTJaFw0xMzEwMjYwNzExMTJaMGAxCzAJBgNV

    BAYTAklOMQswCQYDVQQIEwJUTjELMAkGA1UEBxMCQ0gxDDAKBgNVBAoTA0NUUzEQ

    MA4GA1UECxMHVGVsZWNvbTEXMBUGA1UEAxMOMTcyLjE5LjEyOC4xNDcwgZ8wDQYJ

    KoZIhvcNAQEBBQADgY0AMIGJAoGBAMgbVFVPfB6z9bQew0Lu50a0AS+CNnKPdgtR

    Po/X3MEcSF89zlVcis19EwiDqWph0FhLszec2zn374O+ShfaiWSUoMk/rEhDPwqB

    6s0L+0yjQZJGyJ/ddwamxXhxoHZKXZ4nmsvUyoM+6Ah8AmoLhcyH3IiGCHKlnLFd

    pI2A75fdAgMBAAGjgf4wgfswCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3Bl

    blNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFBiKC7q6wbxsbp5+

    hzFgCBhX6YNYMIGgBgNVHSMEgZgwgZWAFHmoXaKcO/HcAX7kMFAWgGxZ/ietoXqk

    eDB2MQswCQYDVQQGEwJJTjELMAkGA1UECBMCVE4xCzAJBgNVBAcTAkNIMQwwCgYD

    VQQKEwNDVFMxEDAOBgNVBAsTB1RlbGVjb20xFTATBgNVBAMTDDE3Mi4xNi42NC4x

    MTEWMBQGCSqGSIb3DQEJARYHY0BjLmNvbYIBADANBgkqhkiG9w0BAQQFAAOBgQC/

    nIaMMl+IKVQ1294WaRJbIYkR/4xCqauUYYOWsYUKjGHZKKLWKvNTYQplL7Xw56Aw

    suLg+I2FuCwVhxEzbRaxNkbz0Hl2GskFco3FZOZyVFuHfvX20L4L89M2mLQukvUT

    GC5d+h/RQIfvBf3KUJJtKdCZ2Qa9FMhOJ+mrVr/p1A==

    -----END CERTIFICATE-----

我已经生成了证书,但由于无法加载支持的可信CA文件,我收到错误。

上述证书已过期,我需要再次生成相同的证书。我是SSL证书的新手,有人可以帮帮我吗?

0 个答案:

没有答案