2011-04-21 84 views
3

我一直在使用Bouncy Castle库生成的证书,我的示例代码如下,无效的密钥库格式 - tomcat的

String domainName  ="localhost"; 
    String certPath   ="C://testCert.crt"; 

    KeyPairGenerator keyPairGenerator; 
    try { 
     Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); 

     keyPairGenerator = KeyPairGenerator.getInstance("RSA"); 

     keyPairGenerator.initialize(1024); 
     KeyPair KPair = keyPairGenerator.generateKeyPair(); 

     X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator(); 


     v3CertGen.setSerialNumber(BigInteger.valueOf(Math.abs(new SecureRandom().nextInt()))); 
     v3CertGen.setIssuerDN(new X509Principal("CN=" + domainName + ", OU=None, O=None L=None, C=None")); 
     v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30)); 
     v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365*10))); 
     v3CertGen.setSubjectDN(new X509Principal("CN=" + domainName + ", OU=None, O=None L=None, C=None")); 

     v3CertGen.setPublicKey(KPair.getPublic()); 
     v3CertGen.setSignatureAlgorithm("MD5WithRSAEncryption"); 

     X509Certificate pkCertificate = v3CertGen.generateX509Certificate(KPair.getPrivate()); 

     KeyStore keystore = KeyStore.getInstance("JKS"); 
     keystore.load(null, null); 
     keystore.setKeyEntry("test", KPair.getPrivate(), "password".toCharArray(), new X509Certificate[] {pkCertificate}); 


     FileOutputStream fos; 

     fos = new FileOutputStream(certPath); 
     fos.write(pkCertificate.getEncoded()); 
     fos.close(); 


    }catch (Exception e1) { 
     e1.printStackTrace(); 
    } 

证书成功生成没有任何编译错误,但在tomcat的错误的启动产生

“ SEVERE:无法加载密钥库类型JKS,路径为C:/testCert.crt,原因是密钥库格式无效“

server.xml的条目如下,

<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" maxHttpHeaderSize="8192" 
      maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" 
      disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" 
      clientAuth="false" sslProtocol="TLS" keystoreAlias="test" keystorePass="password" 
      keystoreFile="C:/testCert.crt" /> 

回答

3

您不需要将证书的编码格式写入文件(fos.write(pkCertificate.getEncoded());是错误的操作),但使用keyStore.store(fos,"password".toCharArray);代替。

+0

谢谢哥们.. !!! – 2011-04-21 05:14:03

相关问题