我正在尝试创建一个应用程序,在该应用程序中我需要使用其证书对客户端进行身份验证。 要生成证书,我遵循了this教程
我用客户端和服务器的公钥生成了Java KeyStore。
我将它们放在Spring启动项目的类路径中,并将属性设置为
server:
port: 8443 # Define a custom port (instead of the default 8080)
ssl:
# The format used for the keystore
key-store-type: jks
key-store: classpath:MyServer.jks # The path to the keystore containing the certificate
key-password: password # The password used to generate the certificate
key-store-password: password
trust-store: classpath:MyServer.jks # Trust store that holds SSL certificates.
trust-store-password: password # Password used to access the trust store.
trust-store-type: JKS # Type of the trust store.
client-auth: need # Whether client authentication is wanted ("want") or needed ("need").
在浏览器中打开URL时,出现错误
NET::ERR_CERT_COMMON_NAME_INVALID
This server could not prove that it is localhost; its security certificate does not specify Subject Alternative Names. This may be caused by a misconfiguration or an attacker intercepting your connection.
但是,当我更改属性
client-auth: want
它将打开URL。似乎无法验证客户端证书。我在这里想念什么?