我使用gradle overlay方法使用CAS。我可以使用自签名证书。但是,当我尝试使用FreeIPA证书颁发机构的证书时,我收到以下错误消息:
2018-02-03 13:39:54,298 ERROR [org.apache.catalina.core.StandardService] - <Failed to start connector [Connector[HTTP/1.1-8443]]>
org.apache.catalina.LifecycleException: Failed to start component [Connector[HTTP/1.1-8443]]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167) ~[tomcat-embed-core-8.5.24.jar!/:8.5.24]
...
Caused by: java.lang.IllegalArgumentException: java.io.IOException: Alias name [null] does not identify a key entry
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:116) ~[tomcat-embed-core-8.5.24.jar!/:8.5.24]
我已将FreeIPA CA证书添加到/usr/java/jdk1.8.0_152/jre/lib/security/cacerts
并将证书放入/ etc / cas / thekeystore
答案 0 :(得分:0)
这是解决方案:
openssl req -nodes -newkey rsa:2048 -sha256 -keyout cas.key -out cas.csr
[将CSR发送给证书颁发机构]
[下载CA证书PEM文件]
[下载CAS证书PEM文件]
cp cas.key /etc/pki/tls/private/.
cp cas.crt /etc/pki/tls/certs/.
cp freeipa_ca.crt /etc/pki/tls/certs/.
cat cas.pem freeipa_ca.pem > cas_all.pem
openssl pkcs12 -export -inkey /etc/pki/tls/private/cas.key -in cas_all.pem -name cas -out cas.p12
keytool -delete -alias cas -keystore /etc/cas/thekeystore
keytool -list -keystore /etc/cas/thekeystore -v
keytool -importkeystore -srckeystore cas.p12 -srcstoretype pkcs12 -destkeystore /etc/cas/thekeystore