3
我一直在使用Bouncy Castle庫生成的證書,我的示例代碼如下,無效的密鑰庫格式 - tomcat的
String domainName ="localhost";
String certPath ="C://testCert.crt";
KeyPairGenerator keyPairGenerator;
try {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(1024);
KeyPair KPair = keyPairGenerator.generateKeyPair();
X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
v3CertGen.setSerialNumber(BigInteger.valueOf(Math.abs(new SecureRandom().nextInt())));
v3CertGen.setIssuerDN(new X509Principal("CN=" + domainName + ", OU=None, O=None L=None, C=None"));
v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30));
v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365*10)));
v3CertGen.setSubjectDN(new X509Principal("CN=" + domainName + ", OU=None, O=None L=None, C=None"));
v3CertGen.setPublicKey(KPair.getPublic());
v3CertGen.setSignatureAlgorithm("MD5WithRSAEncryption");
X509Certificate pkCertificate = v3CertGen.generateX509Certificate(KPair.getPrivate());
KeyStore keystore = KeyStore.getInstance("JKS");
keystore.load(null, null);
keystore.setKeyEntry("test", KPair.getPrivate(), "password".toCharArray(), new X509Certificate[] {pkCertificate});
FileOutputStream fos;
fos = new FileOutputStream(certPath);
fos.write(pkCertificate.getEncoded());
fos.close();
}catch (Exception e1) {
e1.printStackTrace();
}
證書成功生成沒有任何編譯錯誤,但在tomcat的錯誤的啓動產生
「 SEVERE:無法加載密鑰庫類型JKS,路徑爲C:/testCert.crt,原因是密鑰庫格式無效「
server.xml的條目如下,
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false"
disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreAlias="test" keystorePass="password"
keystoreFile="C:/testCert.crt" />
謝謝哥們.. !!! – 2011-04-21 05:14:03