最近公司项目中有个JKS文件中的priviateEnty 过期了,导致不能和server端通讯,产生异常Issue。
解决思路:
- 导出JKS 文件中所有的公钥证书,CA根证书
- 合并证书到一个文件中
- 生成新的JKS文件,其中里面包含已更新的证书
- 在JKS中把步骤2合并的公钥证书重新导入到JKS JKS文件证书替换完毕。
This isn’t really a programming or development question, even though you use the result on tomcat, and may get closed.
You need to create a file containing the whole chain – end-entity, intermediate and root certs, in that order, in PEM. If you don’t already have the EE cert in PEM you can extract it with keytool -export[cert] -keystore ksfile -alias tomcat -rfc -file eecert. Obviously you have the new intermedate cert that you just got, and if you don’t have the root already (and it didn’t change) export that also. You can combine the files with cat a b c >d on Unix or COPY a+b+c d on Windows, or use any text editor you like. Then import it to the privatekey entry like keytool -import[cert] -keystore ksfile -alias tomcat -file chainfile.
本段摘录自一下博客,感谢博主的分享。
https://blog.csdn.net/jamex/article/details/109226515
还木有评论哦,快来抢沙发吧~