SSL证书安装错误

"%JAVA_HOME%\bin\keytool" -delete -alias tomcat -keypass changeit
"%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keypass changeit -keyalg RSA -validity 365
"%JAVA_HOME%\bin\keytool" -export -alias tomcat -keypass changeit  -file server.crt
"%JAVA_HOME%\bin\keytool" -import -alias tomcat -file server.crt -keystore "%JAVA_HOME%\jre\lib\security\cacerts"

拒绝访问

C:\Program Files\Java\jre1.8.0_20\lib\security>keytool -import -keystore cacerts -file C:\Users\who\server.crt
输入密钥库口令:
所有者: CN=who-pc, OU=NMS, O=NMS, L=SHANGHAI, ST=SHANGHAI, C=CN
发布者: CN=who-pc, OU=NMS, O=NMS, L=SHANGHAI, ST=SHANGHAI, C=CN
序列号: 1cfba992
有效期开始日期: Mon Mar 16 21:55:25 CST 2015, 截止日期: Sun Jun 14 21:55:25 CST 2015
证书指纹:
         MD5: 5D:1A:FA:F5:78:9E:78:FB:BD:A0:44:83:61:58:29:44
         SHA1: DB:E2:92:09:79:A9:C7:64:BE:8F:0D:8A:05:FA:87:A7:F2:65:A9:70
         SHA256: 28:C5:52:DE:1B:9B:7A:CE:99:42:C1:63:11:0D:EB:09:D5:5D:D9:57:97:45:9C:7C:B6:C4:55:EC:4C:5E:99:ED
         签名算法名称: SHA256withRSA
         版本: 3

扩展:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: EC CB FF AB B1 3D 4E F6   0E A6 D6 D3 19 7B 96 86  .....=N.........
0010: EA C9 E6 B5                                        ....
]
]

是否信任此证书? [否]:  y
证书已添加到密钥库中
keytool 错误: java.io.FileNotFoundException: cacerts (拒绝访问。)

C:\Program Files\Java\jre1.8.0_20\lib\security>

WIN7下的C:\Program Files以及C:\Program Files(x86)都是只有管理员权限才能访问的目录,所有写、修改操作都会遭遇”拒绝访问”

找不到有效证书

2015-03-17 19:31:34,057 [tomcat-https--2] DEBUG org.jasig.cas.client.validation.Cas20ServiceTicketValidator - Retrieving response from server.
2015-03-17 19:31:34,193 [tomcat-https--2] ERROR org.jasig.cas.client.util.CommonUtils - sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
    at sun.security.validator.Validator.validate(Validator.java:260)
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
    ... 51 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
    ... 57 more

出现这个问题是因为CAS Server是用keytool自签发的证书,CAS Client并不信任这个证书。

你可能感兴趣的:(keytool)