那些遇到过的问题

标签: thawte

将Thawte试用证书导入Java密钥库

我正在尝试使用SSL配置Tomcat服务器.因此我生成了一个密钥对:

$ keytool -genkeypair -alias tomcat -keyalg RSA -keystore keys
Run Code Online (Sandbox Code Playgroud)

接下来,我生成证书签名请求:

$ keytool -certreq -keyalg RSA -alias tomcat -keystore keys -file tomcat.csr
Run Code Online (Sandbox Code Playgroud)

然后我将内容复制粘贴tomcat.csr到Thawte网站上的表格中,要求提供试用SSL证书.作为回报,我得到两个分隔的证书-----BEGIN ... -----END,我保存在tomcat.crtthawte.crt.(Thawte将第二个证书称为"Thawte Test CA Root"证书).

当我尝试导入其中任何一个时失败:

$ keytool -importcert -alias tomcat -file tomcat.crt -keystore keys
Enter keystore password:
keytool error: java.lang.Exception: Failed to establish chain from reply

$ keytool -importcert -alias thawte -file thawtetest.crt -keystore keys
Enter keystore password:
keytool error: java.lang.Exception: Input not an X.509 certificate
Run Code Online (Sandbox Code Playgroud)

-trustcacerts …

ssl tomcat pki thawte

lin*_*lof
lucky-day
8
推荐指数
1
解决办法
1万
查看次数

在AWS Elastic Beanstalk上安装通配符SSL证书

我不是最先进的AWS用户,并且遇到了一些障碍.

我有2个Elastic Beanstalk环境,每个环境都有一个Load Balancer,2个EC2实例,它们共享一个RDS实例.一个环境用于开发,另一个环境用于生产.

我从Thawte购买了通配符SSL证书,并希望在开发和生产环境中安装它.我已经完成了关于在AWS中添加SSL证书的其他线程,但管理界面自编写以来已经发生了变化,因此我一直在试图解决这个问题.

另外,我是否在两个Load Balancers上安装相同的SSL证书?或者只是有一个负载均衡器并根据域重定向流量?

谢谢

ssl amazon-ec2 ssl-certificate amazon-web-services thawte

Cha*_*zUK
lucky-day
5
推荐指数
1
解决办法
1869
查看次数

证书过期后,Java Web Start应用程序(无时间戳签名)会发生什么?

我们有一个使用CA(Thawte)证书签名的Java Web Start应用程序.该应用程序分发给数百名客户.他们在服务器上托管它,在客户端计算机上通过互联网或内联网运行.现在它完美无缺.问题是应用程序是在没有时间戳的情况下签名的.证书到期后客户会怎样?他们应该能够启动应用程序吗?如果没有,我们如何帮助他们?将他们的服务器URL添加到例外站点列表是否有帮助?

我们尝试更改本地时间以假装证书过期.然后,由于安全性,应用程序被阻止 将URL添加到例外站点列表没有帮助:

java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Response is unreliable: its validity interval is out-of-date
at com.sun.deploy.security.RevocationChecker.checkOCSP(Unknown Source)
at com.sun.deploy.security.RevocationChecker.check(Unknown Source)
at com.sun.deploy.security.TrustDecider.checkRevocationStatus(Unknown Source)
at com.sun.deploy.security.TrustDecider.getValidationState(Unknown Source)
at com.sun.deploy.security.TrustDecider.validateChain(Unknown Source)
at com.sun.deploy.security.TrustDecider.isAllPermissionGrantedInt(Unknown Source)
at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
at com.sun.javaws.security.AppPolicy.grantUnrestrictedAccess(Unknown Source)
at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResourcesHelper(Unknown Source)
at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResources(Unknown Source)
at com.sun.javaws.Launcher.prepareResources(Unknown Source)
at com.sun.javaws.Launcher.prepareAllResources(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.launch(Unknown Source)
at com.sun.javaws.Main.launchApp(Unknown Source)
at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
at com.sun.javaws.Main.access$000(Unknown Source)
at com.sun.javaws.Main$1.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Suppressed: com.sun.deploy.security.RevocationChecker$StatusUnknownException
    at com.sun.deploy.security.RevocationChecker.checkCRLs(Unknown Source) …
Run Code Online (Sandbox Code Playgroud)

java sign code-signing trusted-timestamp thawte

ste*_*d76
2015 10-09
3
推荐指数
1
解决办法
2071
查看次数

标签 统计

thawte ×3

ssl ×2

amazon-ec2 ×1

amazon-web-services ×1

code-signing ×1

java ×1

pki ×1

sign ×1

ssl-certificate ×1

tomcat ×1

trusted-timestamp ×1