我需要将ssl证书导入Java本地密钥库(cacerts),以便访问远程ldaps服务器。我已经运行以下命令:
keytool -keystore C:\Program Files\Java\jdk1.8.0_211\jre\lib\security\cacerts -import -alias myalias -file <PATH_TO_CERTIFICATE>/certificate.cer
证书已成功添加到密钥库:
keytool -list -alias myalias -keystore C:\Program Files\Java\jdk1.8.0_211\jre\lib\security\cacerts
Enter keystore password:
myalias, 24.10.2019, trustedCertEntry
我的应用程序属性:
ssl:
key-alias: myalias
key-store-password: changeit
key-store: C:\Program Files\Java\jdk1.8.0_211\jre\lib\security\cacerts
当我运行该应用程序时,我有以下例外:
Caused by: java.lang.IllegalArgumentException: jsse.alias_no_key_entry
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:218)
at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1124)
at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1210)
at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:586)
at org.apache.catalina.connector.Connector.startInternal(Connector.java:1005)
... 14 more
Caused by: java.io.IOException: jsse.alias_no_key_entry
at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:328)
at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97)
... 20 more
我正在使用Spring Boot 2.2.0
谁知道是什么问题?
您在application.properties中所做的是,您正在保护springboot应用程序。这与您尝试执行的操作不同(调用ldaps服务器)。
将ldap服务器证书添加到cacert中后,您无需执行其他任何操作。您可以拨打电话。
如果在进行呼叫时收到PKIX异常,则还需要确保ldap服务器证书的CA和SubCA也受信任。