我正在尝试在我的tomcat上为centos框上的https请求启用SSL。 (方框ip是10.10.10.10)
我使用以下方法创建了密钥库文件:
./keytool -genkey -alias 10.10.10.10 -keyalg RSA -keystore /home/as5714/ipnew_keystore
创建密钥库文件。
然后我在server.xml文件中进行了以下更改:
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="200"
SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/etc/ssl/ipnew_keystore"
keystorePass="password"/>
完成此更改后,我重新启动了我的tomcat。
然而,在对我的tomcat进行https调用时出现错误:
这是卷曲:
curl -v -X POST -H"Content-Type:application/json" -d '{"browserDetails":"","appVersion":"""email":""}' https://10.41.66.69:443/service/getData
这是我得到的日志:
* About to connect() to 10.10.10.10 port 443 (#0)
* Trying 10.10.10.10...
* Connected to 10.10.10.10 (10.10.10.10) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* Server certificate:
* subject: CN=10.10.10.10,OU=Web,O=Snapdeal,L=Delhi,ST=Delhi,C=IN
* start date: Feb 24 13:03:34 2016 GMT
* expire date: May 24 13:03:34 2016 GMT
* common name: 10.10.10.10
* issuer: CN=10.10.10.10,OU=Web,O=Snapdeal,L=Delhi,ST=Delhi,C=IN
* NSS error -8156 (SEC_ERROR_CA_CERT_INVALID)
* Issuer certificate is invalid.
* Closing connection 0
curl: (60) Issuer certificate is invalid.
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
请帮忙。