Keytool错误:无法从回复建立链

问题描述 投票:1回答:2

我从CA导入试用SSL证书时出错。以下是我创建密钥库的步骤。如果我错了,请纠正我。先感谢您!

1.首先,我创建了一个放在服务器中的密钥库。

keytool -keystore server_keystore.jks -genkey -alias server -keyalg rsa -keysize 2048

2.处理CSR。

keytool -keystore server_keystore.jks -certreq -alias server -keyalg rsa -file server.csr
  • 将CSR发送给CA(Thawte)并回复三个试用证书,即CA root,CA intermediate和trial SSL。将其保存为文件扩展名为.cer的文本文件。 (trial_ca_ssl.cer,trial_ca_root.cer,trial_ca_intermediate.cer)

3.Tried导入server_keystore.jks中的trial_ca_ssl.cer,但收到错误。

keytool -import -keystore server_keystore.jks -file trial_ca_ssl.cer -alias server

错误:

keytool error: java.lang.Exception: Failed to establish chain from reply
java authentication ssl x509certificate keytool
2个回答
0
投票

你应该把你的trial_ca_ssl.cer文本放在顶部server.cer之上。这将构成两个这样的证书的层次结构。然后你应该导入它。

----- BEGIN CERTIFICATE ----- MIIDSjCCAjKgAwIBAgIIEvabM2CgLZcwDQYJKoZIhvcNAQEFBQAwMzETMBEGA1UE AxMKV2FsdGVyIENBMTEPMA0GA1UEChMGV2FsdGVyMQswCQYDVQQGEwJTRTAeFw0w MzA5MjkwOTI2MzRaFw0wNDA5MjgwOTM2MzRaMDMxEzARBgNVBAMTCldhbHRlciBD QTExDzANBgNVBAoTBldhbHRlcjELMAkGA1UEBhMCU0UwggEgMA0GCSqGSIb3DQEB AQUAA4IBDQAwggEIAoIBAQC3hXksEud68WwPWWHLJQQkTCuX / K32KHPPn / uPUzab CPC / FnaTmF9yEHmpFdAUr0v5ZPnxVQpcuwrDZc4YfaTLfyUHicQbkftsPAj / 2hE4 UukS2j + nQQcJEnIY0vSZOAOLU3j4bf / RlS6Jl7TPFFfWTxuQF8AruQ + YhaE52JFi SapGGXKQJxhsvKT91rLaWSFWNMTTLSDPaBXYEYFuFhLNclDJWf4whfxHSHHkARB / 3Z0XlT4sFj0fmqEQ6yQb6 / WqMFK + 1XAIBXZO2MXe26IigWkXw1GfkIx1 + fbUPrzu 8EI2jb0TWl21j1 + Mvh3APZtVj5FJNuZN9bgdbrq88hLXAgERo2QwYjAPBgNVHRMB Af8EBTADAQH / MA8GA1UdDwEB / wQFAwMHBgAwHQYDVR0OBBYEFNhHOtAwo8MOE / NI zzg9KFxCYs8YMB8GA1UdIwQYMBaAFNhHOtAwo8MOE / nIzzg9KFxCYs8YMA0GCSqG Sib3DQEBBQUAA4IBAQBHpvicbuJTACtpdwe6cF1nQ57FHnnYr + AAE + ZpH43R6R9d eMps02nFAMSs5o8sbPokrpwAtk2yYwCohEFDkZ5JPzIBkgNlNnVHNNRHQTRJ6v6Q F2MWUEPc1u5kxSjXEVMmZerG9oknMwpYFmkOnKF46vP3Njt / ExOeRAvCEQq2b8 pz 2QGg8 / IK6Omfi7IwxtVYUpgvhdcWekbFIlxkXZiEdlHNBIV1GzzPK1VEzg5kugD / h6jeykrsKASx + 55AkkBPt2kI + ZikVtp3SVhfZQMGY86c5QMQGlPWYNsr4ociyhfX I52Qby + / HNG1ijpx66Z30lUMmXTtWtL4C​​u8s7UvC

-----结束证书-----

----- BEGIN CERTIFICATE ----- MIICxzCCAa + gAwIBAgIIBfqGjbQu14swDQYJKoZIhvcNAQEFBQAwMzETMBEGA1UE AxMKV2FsdGVyIENBMTEPMA0GA1UEChMGV2FsdGVyMQswCQYDVQQGEwJTRTAeFw0w MzA5MjkwOTMzMDFaFw0wNDAxMDcwOTQzMDFaMDQxETAPBgNVBAMTCER1ZGUgQ0Ex MRIwEAYDVQQKEwlEdWRlIEluYy4xCzAJBgNVBAYTAlNFMIGdMA0GCSqGSIb3DQEB AQUAA4GLADCBhwKBgQCM1hR / DYPXfKDa3oVJbppV4OcYtn2XP9W5Kc1d0 + U4qLOm JsqIFHDWR07o1QFiPhc9z0UGtwYeE3CpQ8fG8zeur5e286PYptZIST77B9vOdQdl PA + dFKFIaEwdzcS7H3Lf38WTE4D1OnyRX5jsiUe + YIQRtjv / BMEM + kSR84G9TwIB EaNkMGIwDwYDVR0TAQH / BAUwAwEB / zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1UdDgQW BBTDrXZGYXS9GyIUBOZrglhwNjjcnTAfBgNVHSMEGDAWgBTYRzrQMKPDDhP5yM84 PshcQmLPGDANBgkqhkiG9w0BAQUFAAOCAQEAdmTP1qVUcAKOf + / zvb2lcLKvFwKT 6KqDlO5NofjqCIfNgCjO2mO176cslnFIbEZQqgGIUnJ3AwfHKHj + U3kM3n5T29kF xiLKxIDfjsY6qC03KHeGAgxI92XZyPsO1is6Y6qUnAmiwhIp5HS6E0 + xIP1shmtJ ZvqU8bueKUWSjx3JDzq + UNLX5pFkK0P0R90TCUEkBx1FNWqoWwb8zfAuO5zcNTEj 5E9esLjwxJQnIVPiA2l3FfZN9yomK + q7kTZJkX2kMx7G850lPR8CneXZT6bIOfck Dw3PqQiroMNx2 + gzC / f / wTXsF92aujyG + IZx1FIcNg / MoHXBWG7T8YrjnQ ==

-----结束证书-----

有关详细信息,请阅读EJBCA的用户指南。

-1
投票

一种可能性是您在Mac中使用默认的openssl工具,但是从较新版本的openssl复制\ openssl \ apps \ ca-cert.srl。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.