3
我一直在使用Bouncy Castle库生成的证书,我的示例代码如下,无效的密钥库格式 - tomcat的
String domainName ="localhost";
String certPath ="C://testCert.crt";
KeyPairGenerator keyPairGenerator;
try {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(1024);
KeyPair KPair = keyPairGenerator.generateKeyPair();
X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
v3CertGen.setSerialNumber(BigInteger.valueOf(Math.abs(new SecureRandom().nextInt())));
v3CertGen.setIssuerDN(new X509Principal("CN=" + domainName + ", OU=None, O=None L=None, C=None"));
v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30));
v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365*10)));
v3CertGen.setSubjectDN(new X509Principal("CN=" + domainName + ", OU=None, O=None L=None, C=None"));
v3CertGen.setPublicKey(KPair.getPublic());
v3CertGen.setSignatureAlgorithm("MD5WithRSAEncryption");
X509Certificate pkCertificate = v3CertGen.generateX509Certificate(KPair.getPrivate());
KeyStore keystore = KeyStore.getInstance("JKS");
keystore.load(null, null);
keystore.setKeyEntry("test", KPair.getPrivate(), "password".toCharArray(), new X509Certificate[] {pkCertificate});
FileOutputStream fos;
fos = new FileOutputStream(certPath);
fos.write(pkCertificate.getEncoded());
fos.close();
}catch (Exception e1) {
e1.printStackTrace();
}
证书成功生成没有任何编译错误,但在tomcat的错误的启动产生
“ SEVERE:无法加载密钥库类型JKS,路径为C:/testCert.crt,原因是密钥库格式无效“
server.xml的条目如下,
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false"
disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreAlias="test" keystorePass="password"
keystoreFile="C:/testCert.crt" />
谢谢哥们.. !!! – 2011-04-21 05:14:03