使用我们的适当证书启动节点时出错。 “别名cordaclienttls下没有证书链”

时间:2018-09-13 04:59:53

标签: corda

我正在尝试使用适当的证书创建一个非开发节点。 Java Keytool提供了我的create certificate命令:

keytool -genkeypair -keyalg EC -keysize 256 -sigalg SHA256withECDSA -keystore root.jks -dname "O=Bank A,L=London,C=GB" -storepass password -keypass password -alias root -ext bc:c

keytool -keystore root.jks -storepass password -alias root -exportcert -rfc > root.pem

keytool -importkeystore -srckeystore root.jks -destkeystore truststore.jks -srcstorepass password -deststorepass password -srcalias root -destalias cordarootca

keytool -genkeypair -keyalg EC -keysize 256 -sigalg SHA256withECDSA -keystore intermediate.jks -dname "keytool -genkeypair -keyalg RSA -keystore root.jks -dname "O=Bank A,L=London,C=GB" -storepass password -keypass password -alias root -ext bc:c" -storepass password -keypass password -alias intermediate -ext bc:c

keytool -keystore intermediate.jks -storepass password -alias intermediate -certreq | keytool -keystore root.jks -storepass password -alias root -gencert -ext bc:c -rfc > intermediate.pem

type root.pem intermediate.pem > intermediatecachain.pem

keytool -keystore intermediate.jks -storepass password -alias intermediate -        importcert -file intermediatecachain.pem -noprompt

keytool -keystore intermediate.jks -storepass password -alias intermediate -exportcert -rfc > intermediate.pem

keytool -genkeypair -keyalg EC -keysize 256 -sigalg SHA256withECDSA -keystore nodekeystore.jks -dname "keytool -genkeypair -keyalg RSA -keystore root.jks -dname "O=Bank A,L=London,C=GB" -storepass password -keypass password -alias root -ext bc:c" -alias cordaclientca -storepass password -keypass password -ext bc:c

keytool -keystore nodekeystore.jks -storepass password -alias cordaclientca -certreq | keytool -keystore intermediate.jks -storepass password -alias     intermediate -gencert -ext bc:c -rfc > cordaclientca.pem

type intermediate.pem cordaclientca.pem > cordaclientcachain.pem

keytool -keystore nodekeystore.jks -storepass password -alias cordaclientca -importcert -file cordaclientcachain.pem -noprompt

keytool -genkeypair -keyalg EC -keysize 256 -sigalg SHA256withECDSA -keystore sslkeystore.jks -dname "keytool -genkeypair -keyalg RSA -keystore root.jks -dname "O=Bank A,L=London,C=GB" -storepass password -keypass password -alias root -ext bc:c" -alias cordaclientttls -storepass password -keypass password

keytool -keystore sslkeystore.jks -storepass password -alias cordaclienttls -certreq | keytool -keystore intermediate.jks -storepass password -alias intermediate -gencert -ext bc:0 -rfc > cordaclienttls.pem

type intermediate.pem cordaclienttls.pem > cordaclienttlschain.pem

keytool -keystore sslkeystore.jks -storepass password -alias cordaclienttls -importcert -file cordaclienttlschain.pem -noprompt

完成后,我收到错误消息:

  

[main] internal.Node.run-节点启动期间异常    java.lang.IllegalArgumentException:别名cordaclienttls下没有证书链           在net.corda.nodeapi.internal.crypto.X509KeyStore.getCertificateChain(X509KeyStore.kt:52)〜[corda-node-api-3.1.jar :?]           在net.corda.node.internal.AbstractNode.validateKeystore(AbstractNode.kt:824)〜[corda-node-3.1.jar :?]           在net.corda.node.internal.AbstractNode.initCertificate(AbstractNode.kt:240)〜[corda-node-3.1.jar :?]           在net.corda.node.internal.AbstractNode.start(AbstractNode.kt:282)〜[corda-node-3.1.jar :?]           在net.corda.node.internal.Node.start(Node.kt:387)〜[corda-node-3.1.jar :?]           在net.corda.node.internal.EnterpriseNode.start(EnterpriseNode.kt:181)〜[corda-node-3.1.jar :?]           在net.corda.node.internal.NodeStartup.startNode(NodeStartup.kt:270)〜[corda-node-3.1.jar :?]           在net.corda.node.internal.NodeStartup.run(NodeStartup.kt:160)处[corda-node-3.1.jar :?]           在net.corda.node.Corda.main(Corda.kt:25)[corda-node-3.1.jar:?]

接下来,我使用以下代码:

keytool -genkeypair -keyalg EC -keysize 256 -sigalg SHA256withECDSA -keystore root.jks -dname "O=Bank A,L=London,C=GB" -storepass password -keypass password -alias root -ext bc:c

keytool -keystore root.jks -storepass password -alias root -exportcert -rfc > root.pem

keytool -importkeystore -srckeystore root.jks -destkeystore truststore.jks -srcstorepass password -deststorepass password -srcalias root -destalias cordarootca

keytool -genkeypair -keyalg EC -keysize 256 -sigalg SHA256withECDSA -keystore intermediate.jks -dname "O=Bank A,L=London,C=GB" -storepass password -keypass password -alias intermediate -ext bc:c

keytool -keystore intermediate.jks -storepass password -alias intermediate -certreq | keytool -keystore root.jks -storepass password -alias root -gencert -ext bc:c -rfc > intermediate.pem

type root.pem intermediate.pem > intermediatecachain.pem

keytool -keystore intermediate.jks -storepass password -alias intermediate -importcert -file 

intermediatecachain.pem -noprompt

keytool -keystore intermediate.jks -storepass password -alias intermediate -exportcert -rfc > intermediate.pem

keytool -genkeypair -keyalg EC -keysize 256 -sigalg SHA256withECDSA -keystore nodekeystore.jks -dname "O=Bank A,L=London,C=GB" -alias cordaclientca -storepass password -keypass password -ext bc:c

keytool -keystore nodekeystore.jks -storepass password -alias cordaclientca -certreq | keytool -keystore intermediate.jks -storepass password -alias intermediate -gencert -ext bc:c -rfc > cordaclientca.pem

type intermediate.pem cordaclientca.pem > cordaclientcachain.pem

keytool -keystore nodekeystore.jks -storepass password -alias cordaclientca -importcert -file cordaclientcachain.pem -noprompt

keytool -genkeypair -keyalg EC -keysize 256 -sigalg SHA256withECDSA -keystore sslkeystore.jks -dname "O=Bank A,L=London,C=GB" -alias cordaclienttls -storepass password -keypass password

keytool -keystore sslkeystore.jks -storepass password -alias cordaclienttls -certreq | keytool -keystore intermediate.jks -storepass password -alias intermediate -gencert -ext bc:0 -rfc > cordaclienttls.pem

type intermediate.pem cordaclienttls.pem > cordaclienttlschain.pem

keytool -keystore sslkeystore.jks -storepass password -alias cordaclienttls -importcert -file cordaclienttlschain.pem -noprompt

并得到此错误:

  

[main] internal.Node.run-节点启动期间异常    java.lang.IllegalArgumentException:TLS证书必须链接到受信任的根。           在net.corda.node.internal.AbstractNode.validateKeystore(AbstractNode.kt:828)〜[corda-node-3.1.jar :?]           在net.corda.node.internal.AbstractNode.initCertificate(AbstractNode.kt:240)〜[corda-node-3.1.jar :?]           在net.corda.node.internal.AbstractNode.start(AbstractNode.kt:282)〜[corda-node-3.1.jar :?]           在net.corda.node.internal.Node.start(Node.kt:387)〜[corda-node-3.1.jar :?]           在net.corda.node.internal.EnterpriseNode.start(EnterpriseNode.kt:181)〜[corda-node-3.1.jar :?]           在net.corda.node.internal.NodeStartup.startNode(NodeStartup.kt:270)〜[corda-node-3.1.jar :?]           在net.corda.node.internal.NodeStartup.run(NodeStartup.kt:160)处[corda-node-3.1.jar :?]           在net.corda.node.Corda.main(Corda.kt:25)[corda-node-3.1.jar:?]

任何人都可以告诉我如何解决此问题吗?

谢谢。

1 个答案:

答案 0 :(得分:0)

因此请注意,Corda开源并没有做很多您可能想开始使用的PKI工作,您可能需要在Corda企业工作。

如果您使用的是Corda Enterprise,则支持团队非常有资格为您提供帮助,因为它非常具体。

您将需要认真研究CENM。 (Corda网络管理器)。

如果您仍在尝试自己解决问题,请查看以下内容的corda文档:https://docs.corda.net/docs/cenm/1.3/pki-tool.html#public-key-infrastructure-pki-tool

相关问题
最新问题