带有非自签名证书的CAS gradle overlay

时间:2018-02-03 20:34:45

标签: ssl ssl-certificate cas jasig

我使用gradle overlay方法使用CAS。我可以使用自签名证书。但是,当我尝试使用FreeIPA证书颁发机构的证书时,我收到以下错误消息:

2018-02-03 13:39:54,298 ERROR [org.apache.catalina.core.StandardService] - <Failed to start connector [Connector[HTTP/1.1-8443]]>
org.apache.catalina.LifecycleException: Failed to start component [Connector[HTTP/1.1-8443]]
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167) ~[tomcat-embed-core-8.5.24.jar!/:8.5.24]

...

Caused by: java.lang.IllegalArgumentException: java.io.IOException: Alias name [null] does not identify a key entry
    at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:116) ~[tomcat-embed-core-8.5.24.jar!/:8.5.24]

我已将FreeIPA CA证书添加到/usr/java/jdk1.8.0_152/jre/lib/security/cacerts

并将证书放入/ etc / cas / thekeystore

1 个答案:

答案 0 :(得分:0)

这是解决方案:

openssl req -nodes -newkey rsa:2048 -sha256 -keyout cas.key -out cas.csr

[将CSR发送给证书颁发机构]

[下载CA证书PEM文件]

[下载CAS证书PEM文件]

cp cas.key /etc/pki/tls/private/.
cp cas.crt /etc/pki/tls/certs/.
cp freeipa_ca.crt  /etc/pki/tls/certs/.
cat cas.pem freeipa_ca.pem > cas_all.pem
openssl pkcs12 -export -inkey /etc/pki/tls/private/cas.key -in cas_all.pem  -name cas -out cas.p12
keytool -delete -alias cas -keystore /etc/cas/thekeystore
keytool -list  -keystore /etc/cas/thekeystore -v
keytool -importkeystore -srckeystore cas.p12 -srcstoretype pkcs12 -destkeystore /etc/cas/thekeystore