SSL证书安装错误

来源：互联网发布：web前端页面性能优化编辑：程序博客网时间：2024/04/25 01:01

"%JAVA_HOME%\bin\keytool" -delete -alias tomcat -keypass changeit"%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keypass changeit -keyalg RSA -validity 365"%JAVA_HOME%\bin\keytool" -export -alias tomcat -keypass changeit  -file server.crt"%JAVA_HOME%\bin\keytool" -import -alias tomcat -file server.crt -keystore "%JAVA_HOME%\jre\lib\security\cacerts"

拒绝访问

C:\Program Files\Java\jre1.8.0_20\lib\security>keytool -import -keystore cacerts -file C:\Users\who\server.crt输入密钥库口令:所有者: CN=who-pc, OU=NMS, O=NMS, L=SHANGHAI, ST=SHANGHAI, C=CN发布者: CN=who-pc, OU=NMS, O=NMS, L=SHANGHAI, ST=SHANGHAI, C=CN序列号: 1cfba992有效期开始日期: Mon Mar 16 21:55:25 CST 2015, 截止日期: Sun Jun 14 21:55:25 CST 2015证书指纹:         MD5: 5D:1A:FA:F5:78:9E:78:FB:BD:A0:44:83:61:58:29:44         SHA1: DB:E2:92:09:79:A9:C7:64:BE:8F:0D:8A:05:FA:87:A7:F2:65:A9:70         SHA256: 28:C5:52:DE:1B:9B:7A:CE:99:42:C1:63:11:0D:EB:09:D5:5D:D9:57:97:45:9C:7C:B6:C4:55:EC:4C:5E:99:ED         签名算法名称: SHA256withRSA         版本: 3扩展:#1: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: EC CB FF AB B1 3D 4E F6   0E A6 D6 D3 19 7B 96 86  .....=N.........0010: EA C9 E6 B5                                        ....]]是否信任此证书? [否]:  y证书已添加到密钥库中keytool 错误: java.io.FileNotFoundException: cacerts (拒绝访问。)C:\Program Files\Java\jre1.8.0_20\lib\security>

WIN7下的C:\Program Files以及C:\Program Files(x86)都是只有管理员权限才能访问的目录，所有写、修改操作都会遭遇”拒绝访问”

找不到有效证书

2015-03-17 19:31:34,057 [tomcat-https--2] DEBUG org.jasig.cas.client.validation.Cas20ServiceTicketValidator - Retrieving response from server.2015-03-17 19:31:34,193 [tomcat-https--2] ERROR org.jasig.cas.client.util.CommonUtils - sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetjavax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)    at sun.security.validator.Validator.validate(Validator.java:260)    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)    ... 51 moreCaused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)    ... 57 more

出现这个问题是因为CAS Server是用keytool自签发的证书，CAS Client并不信任这个证书。

0 0