用瀏覽器
下產生的,我是能夠使用密鑰工具導入證書:
- 等級:sb1.geolearning.com
- 文件類型:DER編碼二進制,單一證書
對於後人,這裏是用來導入命令:
sudo keytool -import -keystore /opt/jrun4/jre/lib/security/cacerts -alias "sb1.geolearning.com (Thawte SSL CA)" -storepass changeit -noprompt -trustcacerts -file ~/Downloads/sb1.geolearning.com
沒有瀏覽器
下面是我在做什麼,這些天(在流浪供應方)。在這個腳本中,密鑰庫是硬編碼的,因爲我現在只用於Lucee;然而,密鑰庫的路徑可以很容易地被參數化。此外,runfile
相關的代碼就是這樣,Vagrant不會多次運行該腳本;如果你不使用代碼作爲流浪者配置器,那麼這些代碼就是多餘的。
真正與上述解決方案區別的唯一一件事是,它通過openssl s_client
(並通過sed
清除它)通過瀏覽器手動獲取證書。
#!/usr/bin/env bash
set -e
description="Add cert to Lucee's keystore."
while :
do
case $1 in
--provisioned-dir=*)
provisioned_dir=${1#*=} # Delete everything up till "="
shift
;;
--runfile-name=*)
runfile_name=${1#*=} # Delete everything up till "="
shift
;;
--site-host-name=*)
site_host_name=${1#*=} # Delete everything up till "="
shift
;;
-*)
echo "WARN: Unknown option (ignored): $1" >&2
shift
;;
*) # no more options. Stop while loop
break
;;
esac
done
runfile="${provisioned_dir}/${runfile_name}"
if [ -f "${runfile}" ]; then
echo "${description}: Already run."
exit 0
fi
echo "add cert to keystore"
echo -n | \
openssl s_client -connect ${site_host_name}:443 \
| sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' \
> /tmp/${site_host_name}.cert
/opt/lucee/jdk/jre/bin/keytool \
-import \
-keystore /opt/lucee/lib/lucee-server/context/security/cacerts \
-alias "${site_host_name} (self-signed)" \
-storepass changeit \
-file /tmp/${site_host_name}.cert \
-noprompt \
|| true
touch "${runfile}"