我公司有自己的ROOT证书。使用他们签署的这个证书intermediate证书。
然后我们发布了CSRserver证书并签署intermediate证书。
正确的导入方式是什么ROOT证书和intermediate在Java cacerts文件中,以便能够与具有的服务器建立SSL连接server证书由intermediate?
我使用 OpenSSL 来测试服务器上的证书链:
openssl s_client -showcerts -connect host:443
CONNECTED(00000003)
depth=0 C = COUNTRYCODE, ST = myCountry, O = myOrganization, CN = myServer, emailAddress = myMail
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = COUNTRYCODE, ST = myCountry, O = myOrganization, CN = myServer, emailAddress = myMail
verify error:num=27:certificate not trusted
verify return:1
depth=0 C = COUNTRYCODE, ST = myCountry, O = myOrganization, CN = myServer, emailAddress = myMail
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C=COUNTRYCODE/ST=myCountry/O=myOrganization/CN=myServer/emailAddress=myMail
i:/CN=INTERMEDIATECERT
-----BEGIN CERTIFICATE-----
MIIFr...
-----END CERTIFICATE-----
---
Server certificate
subject=/C=COUNTRYCODE/ST=myCountry/O=myOrganization/CN=myServer/emailAddress=myMail
issuer=/CN=INTERMEDIATECERT
---
No client certificate CA names sent
---
SSL handshake has read 1601 bytes and written 589 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
您只需导入信任库中的根证书即可。
keytool -import -trustcacerts -keystore path/to/cacerts -storepass changeit -alias aliasName -file path/to/certificate.cer
SSL 服务器在握手期间应提供证书和中间体。您客户端的 TrustManager 将验证证书链,直到找到根
注意:建议使用您自己的信任库,而不是修改cacerts
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)
