我有证书链的文件 - certificate.cer:
subject=/C...
issuer=/C=US/O=VeriSign, Inc...
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
subject=/C=US/O=VeriSign, Inc...
issuer=/C=US/O=VeriSign, Inc...
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
subject=/C=US/O=VeriSign, Inc...
issuer=/C=US/O=VeriSign, Inc...
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
我需要将这个证书链添加到密钥库.
我所做的:
openssl x509 -outform der -in certificate.cer -out cert.der
keytool -v -importcert -alias mykey -file cert.der -keypass <passwd> -keystore keystore -storepass <passwd> -alias <myalias>
结果我在密钥库中只有1个证书.
但应该有3.
什么可能是错的?
解决方案:
CA向我发送了PKCS#7格式的证书.
我将它们存储在certificate.p7b文件中,然后通过以下命令成功将它们添加到密钥库:
keytool -import -trustcacerts -file certificate.p7b -keystore keystore -storepass <mypasswd> -alias "myalias"
我正在尝试与我MySQL database的Java使用MySQL Connector/J(版本5.1.45)和此AWS RDS证书建立SSL连接:https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem
但我得到以下内容Exception:
java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
我可以将此异常追溯到MySQL Connector/J课堂ExportControlled.java上line 297:
CertPathValidatorResult result = this.validator.validate(certPath, this.validatorParams);
然后我不能再往下走,因为这会进入JRE安全类,比如CertPathValidator.
由于我正在使用MySQL Connector/J整个SSL魔法,我的双手被束缚,我不知道发生了什么或如何解决这个问题.该证书工作正常的MySQL Workbench和Intelli J IDEA Database,所以我不知道为什么它现在正在拒绝.
我该如何解决?