我正在尝试生成.pem格式的证书,以便从一个KPSA应用程序到运行在tomcat服务器上的应用程序进行ssl连接。我在tomcat中启用了SSL连接,而其他kpsa应用程序默认是进行ssl连接。因此,启用了来自两端的SSL连接。
我需要以下面的格式生成2个证书:
1。 cacert.pem
-----BEGIN CERTIFICATE-----
MIIDNjCCAp+gAwIBAgIBADANBgkqhkiG9w0BAQQFADB2MQswCQYDVQQGEwJJTjEL
MAkGA1UECBMCVE4xCzAJBgNVBAcTAkNIMQwwCgYDVQQKEwNDVFMxEDAOBgNVBAsT
B1RlbGVjb20xFTATBgNVBAMTDDE3Mi4xNi42NC4xMTEWMBQGCSqGSIb3DQEJARYH
Y0BjLmNvbTAeFw0xMjEwMjYwNzA5MjFaFw0xMjExMjUwNzA5MjFaMHYxCzAJBgNV
BAYTAklOMQswCQYDVQQIEwJUTjELMAkGA1UEBxMCQ0gxDDAKBgNVBAoTA0NUUzEQ
MA4GA1UECxMHVGVsZWNvbTEVMBMGA1UEAxMMMTcyLjE2LjY0LjExMRYwFAYJKoZI
hvcNAQkBFgdjQGMuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVrNAY
mHFU3WUJvi3Cxs1YIN51YrSgyqOGvmWmzOrGUjKo6oCvS5al3IFD7geT0zuNkCj5
j5U+YcPz00xoefrR8ATTvT6kpEFSyDU5zenh0xNfIp58hSwWtwcgEmaGda1m2m3R
Tmv5ZM9NCSL8Re1dOOKrdV3qcj8dSny0LMSMhwIDAQABo4HTMIHQMB0GA1UdDgQW
BBR5qF2inDvx3AF+5DBQFoBsWf4nrTCBoAYDVR0jBIGYMIGVgBR5qF2inDvx3AF+
5DBQFoBsWf4nraF6pHgwdjELMAkGA1UEBhMCSU4xCzAJBgNVBAgTAlROMQswCQYD
VQQHEwJDSDEMMAoGA1UEChMDQ1RTMRAwDgYDVQQLEwdUZWxlY29tMRUwEwYDVQQD
EwwxNzIuMTYuNjQuMTExFjAUBgkqhkiG9w0BCQEWB2NAYy5jb22CAQAwDAYDVR0T
BAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQAt6KqmCJTqkslrDdVk90RUKxxOaPEP
rJKE5Ouo3sn1MBG0PGwBYbzihoAuFxVlSNTBhIE5xr5qdTwWGuIm7zj2OZJi+vbU
MjbEpCDBa2SLI1pyDTIeS98lrqF3XQREZ2p0RudJ8zKYoSsPWNTgkeHXTKZ4wRzt
ijMe3G9x+ehE8g==
-----END CERTIFICATE-----
2。服务器cert.pem
证书:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=IN, ST=TN, L=CH, O=CTS, OU=Telecom, CN=172.16.64.11/Email=c@c.com
Validity
Not Before: Oct 26 07:11:12 2012 GMT
Not After : Oct 26 07:11:12 2013 GMT
Subject: C=IN, ST=TN, L=CH, O=CTS, OU=Telecom, CN=172.19.128.147
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:c8:1b:54:55:4f:7c:1e:b3:f5:b4:1e:c3:42:ee:
e7:46:b4:01:2f:82:36:72:8f:76:0b:51:3e:8f:d7:
dc:c1:1c:48:5f:3d:ce:55:5c:8a:cd:7d:13:08:83:
a9:6a:61:d0:58:4b:b3:37:9c:db:39:f7:ef:83:be:
4a:17:da:89:64:94:a0:c9:3f:ac:48:43:3f:0a:81:
ea:cd:0b:fb:4c:a3:41:92:46:c8:9f:dd:77:06:a6:
c5:78:71:a0:76:4a:5d:9e:27:9a:cb:d4:ca:83:3e:
e8:08:7c:02:6a:0b:85:cc:87:dc:88:86:08:72:a5:
9c:b1:5d:a4:8d:80:ef:97:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
18:8A:0B:BA:BA:C1:BC:6C:6E:9E:7E:87:31:60:08:18:57:E9:83:58
X509v3 Authority Key Identifier:
keyid:79:A8:5D:A2:9C:3B:F1:DC:01:7E:E4:30:50:16:80:6C:59:FE:27:AD
DirName:/C=IN/ST=TN/L=CH/O=CTS/OU=Telecom/CN=172.16.64.11/Email=c@c.com
serial:00
Signature Algorithm: md5WithRSAEncryption
bf:9c:86:8c:32:5f:88:29:54:35:db:de:16:69:12:5b:21:89:
11:ff:8c:42:a9:ab:94:61:83:96:b1:85:0a:8c:61:d9:28:a2:
d6:2a:f3:53:61:0a:65:2f:b5:f0:e7:a0:30:b2:e2:e0:f8:8d:
85:b8:2c:15:87:11:33:6d:16:b1:36:46:f3:d0:79:76:1a:c9:
05:72:8d:c5:64:e6:72:54:5b:87:7e:f5:f6:d0:be:0b:f3:d3:
36:98:b4:2e:92:f5:13:18:2e:5d:fa:1f:d1:40:87:ef:05:fd:
ca:50:92:6d:29:d0:99:d9:06:bd:14:c8:4e:27:e9:ab:56:bf:
e9:d4
-----BEGIN CERTIFICATE-----
MIIDSzCCArSgAwIBAgIBATANBgkqhkiG9w0BAQQFADB2MQswCQYDVQQGEwJJTjEL
MAkGA1UECBMCVE4xCzAJBgNVBAcTAkNIMQwwCgYDVQQKEwNDVFMxEDAOBgNVBAsT
B1RlbGVjb20xFTATBgNVBAMTDDE3Mi4xNi42NC4xMTEWMBQGCSqGSIb3DQEJARYH
Y0BjLmNvbTAeFw0xMjEwMjYwNzExMTJaFw0xMzEwMjYwNzExMTJaMGAxCzAJBgNV
BAYTAklOMQswCQYDVQQIEwJUTjELMAkGA1UEBxMCQ0gxDDAKBgNVBAoTA0NUUzEQ
MA4GA1UECxMHVGVsZWNvbTEXMBUGA1UEAxMOMTcyLjE5LjEyOC4xNDcwgZ8wDQYJ
KoZIhvcNAQEBBQADgY0AMIGJAoGBAMgbVFVPfB6z9bQew0Lu50a0AS+CNnKPdgtR
Po/X3MEcSF89zlVcis19EwiDqWph0FhLszec2zn374O+ShfaiWSUoMk/rEhDPwqB
6s0L+0yjQZJGyJ/ddwamxXhxoHZKXZ4nmsvUyoM+6Ah8AmoLhcyH3IiGCHKlnLFd
pI2A75fdAgMBAAGjgf4wgfswCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3Bl
blNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFBiKC7q6wbxsbp5+
hzFgCBhX6YNYMIGgBgNVHSMEgZgwgZWAFHmoXaKcO/HcAX7kMFAWgGxZ/ietoXqk
eDB2MQswCQYDVQQGEwJJTjELMAkGA1UECBMCVE4xCzAJBgNVBAcTAkNIMQwwCgYD
VQQKEwNDVFMxEDAOBgNVBAsTB1RlbGVjb20xFTATBgNVBAMTDDE3Mi4xNi42NC4x
MTEWMBQGCSqGSIb3DQEJARYHY0BjLmNvbYIBADANBgkqhkiG9w0BAQQFAAOBgQC/
nIaMMl+IKVQ1294WaRJbIYkR/4xCqauUYYOWsYUKjGHZKKLWKvNTYQplL7Xw56Aw
suLg+I2FuCwVhxEzbRaxNkbz0Hl2GskFco3FZOZyVFuHfvX20L4L89M2mLQukvUT
GC5d+h/RQIfvBf3KUJJtKdCZ2Qa9FMhOJ+mrVr/p1A==
-----END CERTIFICATE-----
我已经生成了证书,但由于无法加载支持的可信CA文件,我收到错误。
上述证书已过期,我需要再次生成相同的证书。我是SSL证书的新手,有人可以帮帮我吗?