CAS gradle 覆盖非自签名证书
CAS gradle overlay with non self signed certificate
我正在使用 gradle 叠加方法使用 CAS。我可以将它与自签名证书一起使用。但是,当我尝试使用来自 FreeIPA 证书颁发机构的证书时,我收到以下错误消息:
2018-02-03 13:39:54,298 ERROR [org.apache.catalina.core.StandardService] - <Failed to start connector [Connector[HTTP/1.1-8443]]>
org.apache.catalina.LifecycleException: Failed to start component [Connector[HTTP/1.1-8443]]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167) ~[tomcat-embed-core-8.5.24.jar!/:8.5.24]
...
Caused by: java.lang.IllegalArgumentException: java.io.IOException: Alias name [null] does not identify a key entry
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:116) ~[tomcat-embed-core-8.5.24.jar!/:8.5.24]
我已将 FreeIPA CA 证书添加到 /usr/java/jdk1.8.0_152/jre/lib/security/cacerts
然后,将证书放入/etc/cas/thekeystore
这是解决方案:
openssl req -nodes -newkey rsa:2048 -sha256 -keyout cas.key -out cas.csr
[将 CSR 发送给证书颁发机构]
[下载 CA 证书 PEM 文件]
[下载 CAS 证书 PEM 文件]
cp cas.key /etc/pki/tls/private/.
cp cas.crt /etc/pki/tls/certs/.
cp freeipa_ca.crt /etc/pki/tls/certs/.
cat cas.pem freeipa_ca.pem > cas_all.pem
openssl pkcs12 -export -inkey /etc/pki/tls/private/cas.key -in cas_all.pem -name cas -out cas.p12
keytool -delete -alias cas -keystore /etc/cas/thekeystore
keytool -list -keystore /etc/cas/thekeystore -v
keytool -importkeystore -srckeystore cas.p12 -srcstoretype pkcs12 -destkeystore /etc/cas/thekeystore
我正在使用 gradle 叠加方法使用 CAS。我可以将它与自签名证书一起使用。但是,当我尝试使用来自 FreeIPA 证书颁发机构的证书时,我收到以下错误消息:
2018-02-03 13:39:54,298 ERROR [org.apache.catalina.core.StandardService] - <Failed to start connector [Connector[HTTP/1.1-8443]]>
org.apache.catalina.LifecycleException: Failed to start component [Connector[HTTP/1.1-8443]]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167) ~[tomcat-embed-core-8.5.24.jar!/:8.5.24]
...
Caused by: java.lang.IllegalArgumentException: java.io.IOException: Alias name [null] does not identify a key entry
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:116) ~[tomcat-embed-core-8.5.24.jar!/:8.5.24]
我已将 FreeIPA CA 证书添加到 /usr/java/jdk1.8.0_152/jre/lib/security/cacerts
然后,将证书放入/etc/cas/thekeystore
这是解决方案:
openssl req -nodes -newkey rsa:2048 -sha256 -keyout cas.key -out cas.csr
[将 CSR 发送给证书颁发机构]
[下载 CA 证书 PEM 文件]
[下载 CAS 证书 PEM 文件]
cp cas.key /etc/pki/tls/private/.
cp cas.crt /etc/pki/tls/certs/.
cp freeipa_ca.crt /etc/pki/tls/certs/.
cat cas.pem freeipa_ca.pem > cas_all.pem
openssl pkcs12 -export -inkey /etc/pki/tls/private/cas.key -in cas_all.pem -name cas -out cas.p12
keytool -delete -alias cas -keystore /etc/cas/thekeystore
keytool -list -keystore /etc/cas/thekeystore -v
keytool -importkeystore -srckeystore cas.p12 -srcstoretype pkcs12 -destkeystore /etc/cas/thekeystore