Java开发网 Java开发网
注册 | 登录 | 帮助 | 搜索 | 排行榜 | 发帖统计  

您没有登录

» Java开发网 » Java Security  

按打印兼容模式打印这个话题 打印话题    把这个话题寄给朋友 寄给朋友    该主题的所有更新都将Email到你的邮箱 订阅主题
flat modethreaded modego to previous topicgo to next topicgo to back
作者 版主,floater请问keytool能够导入floater签名算法为sha1RSA的服务器证书
bjnetbee





发贴: 2
积分: 0
于 2005-12-05 18:16 user profilesend a private message to usersearch all posts byselect and copy to clipboard. ie only, sorry for netscape users:-)add this post to my favorite list
我在部署一个resin ssl的web服务器。
现在到了把服务器证书导入keystore 阶段。
我的服务器证书是 专门的硬件CA上签名发布的 x509 v3 Base64格式。用keytool导入的时候老说签名算法不匹配。用windows双击后看到 签名算法为sha1RSA

我知道keytool是支持md5WithRSA 不知道是否因为不支持sha1RSA 的原因,所以导不进去? 请教版主,floater,以及各位大人执教解决的办法。


作者 Re:版主,floater请问keytool能够导入floater签名算法为sha1RSA的服务器证书 [Re:bjnetbee]
bjnetbee





发贴: 2
积分: 0
于 2005-12-05 18:33 user profilesend a private message to usersearch all posts byselect and copy to clipboard. ie only, sorry for netscape users:-)add this post to my favorite list
我付上运行信息

rem 把CA签名后的server端证书导入keystore: work\server\ssl-test.net-tomcat.keystore

keytool -import -v -trustcacerts -storepass openssl -keypass openssl -alias s
sl-test.net-tomcat -file new.cer -keystore work\server\ssl-test.net-tomcat.keyst
ore

keytool错误: java.security.cert.CertificateException: Signature algorithm mismatch

-----------------------------------
openssl x509 -in new.cer -text

Certificate:
Data:
Version: 3 (0x2)
Serial Number:
(Negative)15:61:60:f0:f7:1a:90:78:be:1b:75:ea:14:4b:1f:89
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=CN, CN=BJ, O=BJ, ST=Beijing, L=Beijing, OU=BJ/emailAddress=nnn@nn.edu.cn
Validity
Not Before: Dec 3 23:07:28 2005 GMT
Not After : Dec 2 23:07:28 2015 GMT
Subject: C=CN, ST=your_province, L=your_locality, O=ssl-test.net, OU=webApp, CN=ssl-test.net
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:c8:1d:c9:bb:2c:61:81:b8:eb:88:a1:43:c0:58:
b8:3b:0f:99:c1:29:ea:ed:87:a1:04:e5:f0:e5:ec:
3e:ff:c0:af:9e:a7:b5:ea:a1:90:b6:2f:2b:65:61:
51:b5:05:90:f8:9a:47:1d:2e:af:c5:3f:c6:fa:96:
0c:63:7e:a5:35:d3:73:d5:b5:ef:a3:99:ce:1b:eb:
85:e3:0a:30:f0:84:f9:18:f4:6c:46:2c:b8:c7:eb:
8f:db:48:04:1f:b1:96:4e:8e:5e:59:b2:6a:55:79:
ae:25:b9:27:70:32:50:0f:2f:b7:50:55:70:00:cf:
8f:75:ee:d6:b6:81:65:37:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2D:8A:89:75:4F:71:79:6E:5F:18:2B:A6:A8:D5:B4:8A:84:8C:F3:D0
X509v3 Authority Key Identifier:
keyid:4C:2D:E1:99:05:5B:53:92:B5:B4:36:D4:ED:8C:62:A0:EB:D6:37:C3

X509v3 CRL Distribution Points:
URI:http://x/gmcert/CertCrl.crl

X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Data Encipherment, Key Agreement
X509v3 Basic Constraints:
CA:FALSE
Signature Algorithm: md5WithRSAEncryption
28:49:5c:be:2d:34:ab:4d:78:c7:35:a7:d5:31:29:9e:af:2f:
32:07:35:53:f0:a5:a7:04:20:62:c2:c3:1c:fe:a2:55:34:10:
76:e3:b0:13:2c:f8:95:58:38:fc:28:78:79:d5:9b:f1:53:03:
1b:ec:4c:c7:f8:73:a5:67:5e:02:af:ce:de:45:cb:5c:47:02:
5e:3b:f5:ee:ce:ac:e3:bc:25:89:19:89:41:04:6c:af:7e:67:
6d:28:53:eb:13:58:b6:6e:78:30:5d:4a:37:a1:0d:82:c8:df:
2d:d7:d0:c8:cb:0f:af:ba:aa:84:8b:7f:b5:9f:1d:23:37:65:
88:58
-----BEGIN CERTIFICATE-----
MIIDKjCCApOgAwIBAgIQ6p6fDwjlbYdB5IoV67TgdzANBgkqhkiG9w0BAQUFADCB
jzELMAkGA1UEBhMCQ04xETAPBgNVBAMTCEJKRUVBX0NBMQ4wDAYDVQQKEwVCSkVF
QTEQMA4GA1UECBMHQmVpamluZzEQMA4GA1UEBxMHQmVpamluZzEYMBYGA1UECxMP
QkpFRUFfQ0hFTkdaSEFPMR8wHQYJKoZIhvcNAQkBExBCSkNaQEJKVVQuRURVLkNO
MB4XDTA1MTIwMzIzMDcyOFoXDTE1MTIwMjIzMDcyOFowfDELMAkGA1UEBhMCQ04x
FjAUBgNVBAgMDXlvdXJfcHJvdmluY2UxFjAUBgNVBAcMDXlvdXJfbG9jYWxpdHkx
FTATBgNVBAoTDHNzbC10ZXN0Lm5ldDEPMA0GA1UECxMGd2ViQXBwMRUwEwYDVQQD
Ewxzc2wtdGVzdC5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMgdybss
YdG064ihQ8BYuDsPmcEp6u2HoQTl8OXsPv/Ar56nteqhkLYvK2VhUbUFkPiaRx0u
r8U/xvqWDGN+pTXTc9W176OZzhvrheMKMPCE+Rj0bEYsuMfrj9tIBB+xlk6OXlmy
alV5riW5J3AyUA8vt1BVcADPj3Xu1raBZTfVAgMBAAGjgZgwgZUwHQYDVR0OBBYE
FC2KiXVPcXluXxorpqjVtIqEjPPQMB8GA1UdIwQYMBaAFEwt4ZkFW1MCtbQx1O2M
HohBBGyvfmdtKFPrE1i2bngwXUo3oQ2CyN8t19DIyw+vuqqEi3+1nx0jN2WIWA==
-----END CERTIFICATE-----


作者 Re:版主,floater请问keytool能够导入floater签名算法为sha1RSA的服务器证书 [Re:bjnetbee]
floater

Java Jedi

总版主


发贴: 3233
积分: 421
于 2005-12-06 10:47 user profilesend a private message to usersearch all posts byselect and copy to clipboard. ie only, sorry for netscape users:-)add this post to my favorite list
bjnetbee wrote:
我付上运行信息

rem 把CA签名后的server端证书导入keystore: work\server\ssl-test.net-tomcat.keystore

keytool -import -v -trustcacerts -storepass openssl -keypass openssl -alias s
sl-test.net-tomcat -file new.cer -keystore work\server\ssl-test.net-tomcat.keyst
ore

keytool错误: java.security.cert.CertificateException: Signature algorithm mismatch

-----------------------------------
openssl x509 -in new.cer -text

Certificate:
Data:
Version: 3 (0x2)
Serial Number:
(Negative)15:61:60:f0:f7:1a:90:78:be:1b:75:ea:14:4b:1f:89
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=CN, CN=BJ, O=BJ, ST=Beijing, L=Beijing, OU=BJ/emailAddress=nnn@nn.edu.cn
Validity
Not Before: Dec 3 23:07:28 2005 GMT
Not After : Dec 2 23:07:28 2015 GMT
Subject: C=CN, ST=your_province, L=your_locality, O=ssl-test.net, OU=webApp, CN=ssl-test.net
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:c8:1d:c9:bb:2c:61:81:b8:eb:88:a1:43:c0:58:
b8:3b:0f:99:c1:29:ea:ed:87:a1:04:e5:f0:e5:ec:
3e:ff:c0:af:9e:a7:b5:ea:a1:90:b6:2f:2b:65:61:
51:b5:05:90:f8:9a:47:1d:2e:af:c5:3f:c6:fa:96:
0c:63:7e:a5:35:d3:73:d5:b5:ef:a3:99:ce:1b:eb:
85:e3:0a:30:f0:84:f9:18:f4:6c:46:2c:b8:c7:eb:
8f:db:48:04:1f:b1:96:4e:8e:5e:59:b2:6a:55:79:
ae:25:b9:27:70:32:50:0f:2f:b7:50:55:70:00:cf:
8f:75:ee:d6:b6:81:65:37:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2D:8A:89:75:4F:71:79:6E:5F:18:2B:A6:A8Big Smile5:B4:8A:84:8C:F3Big Smile0
X509v3 Authority Key Identifier:
keyid:4C:2D:E1:99:05:5B:53:92:B5:B4:36Big Smile4:ED:8C:62:A0:EBBig Smile6:37:C3

X509v3 CRL Distribution Points:
URI:http://x/gmcert/CertCrl.crl

X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Data Encipherment, Key Agreement
X509v3 Basic Constraints:
CA:FALSE
Signature Algorithm: md5WithRSAEncryption
28:49:5c:be:2d:34:ab:4d:78:c7:35:a7:d5:31:29:9e:af:2f:
32:07:35:53:f0:a5:a7:04:20:62:c2:c3:1c:fe:a2:55:34:10:
76:e3:b0:13:2c:f8:95:58:38:fc:28:78:79:d5:9b:f1:53:03:
1b:ec:4c:c7:f8:73:a5:67:5e:02:af:ce:de:45:cb:5c:47:02:
5e:3b:f5:ee:ce:ac:e3:bc:25:89:19:89:41:04:6c:af:7e:67:
6d:28:53:eb:13:58:b6:6e:78:30:5d:4a:37:a1:0d:82:c8:df:
2d:d7:d0:c8:cb:0f:af:ba:aa:84:8b:7f:b5:9f:1d:23:37:65:
88:58
-----BEGIN CERTIFICATE-----
MIIDKjCCApOgAwIBAgIQ6p6fDwjlbYdB5IoV67TgdzANBgkqhkiG9w0BAQUFADCB
jzELMAkGA1UEBhMCQ04xETAPBgNVBAMTCEJKRUVBX0NBMQ4wDAYDVQQKEwVCSkVF
QTEQMA4GA1UECBMHQmVpamluZzEQMA4GA1UEBxMHQmVpamluZzEYMBYGA1UECxMP
QkpFRUFfQ0hFTkdaSEFPMR8wHQYJKoZIhvcNAQkBExBCSkNaQEJKVVQuRURVLkNO
MB4XDTA1MTIwMzIzMDcyOFoXDTE1MTIwMjIzMDcyOFowfDELMAkGA1UEBhMCQ04x
FjAUBgNVBAgMDXlvdXJfcHJvdmluY2UxFjAUBgNVBAcMDXlvdXJfbG9jYWxpdHkx
FTATBgNVBAoTDHNzbC10ZXN0Lm5ldDEPMA0GA1UECxMGd2ViQXBwMRUwEwYDVQQD
Ewxzc2wtdGVzdC5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMgdybss
YdG064ihQ8BYuDsPmcEp6u2HoQTl8OXsPv/Ar56nteqhkLYvK2VhUbUFkPiaRx0u
r8U/xvqWDGN+pTXTc9W176OZzhvrheMKMPCE+Rj0bEYsuMfrj9tIBB+xlk6OXlmy
alV5riW5J3AyUA8vt1BVcADPj3Xu1raBZTfVAgMBAAGjgZgwgZUwHQYDVR0OBBYE
FC2KiXVPcXluXxorpqjVtIqEjPPQMB8GA1UdIwQYMBaAFEwt4ZkFW1MCtbQx1O2M
HohBBGyvfmdtKFPrE1i2bngwXUo3oQ2CyN8t19DIyw+vuqqEi3+1nx0jN2WIWA==
-----END CERTIFICATE-----

check this link:
http://java.sun.com/j2se/1.5.0/docs/tooldocs/solaris/keytool.html
in the section "Supported Algorithms and Key Sizes"

"Any fool can write code that a computer can understand. Good programmers write code that humans can understand."
- Martin Fowler, Refactoring - Improving the Design of Existing Code

flat modethreaded modego to previous topicgo to next topicgo to back
  已读帖子
  新的帖子
  被删除的帖子
Jump to the top of page

   Powered by Jute Powerful Forum® Version Jute 1.5.6 Ent
Copyright © 2002-2021 Cjsdn Team. All Righits Reserved. 闽ICP备05005120号-1
客服电话 18559299278    客服信箱 714923@qq.com    客服QQ 714923