floater
Java Jedi
总版主
发贴: 3233
积分: 421
|
于 2005-12-06 10:47
bjnetbee wrote: 我付上运行信息
rem 把CA签名后的server端证书导入keystore: work\server\ssl-test.net-tomcat.keystore
keytool -import -v -trustcacerts -storepass openssl -keypass openssl -alias s sl-test.net-tomcat -file new.cer -keystore work\server\ssl-test.net-tomcat.keyst ore
keytool错误: java.security.cert.CertificateException: Signature algorithm mismatch
----------------------------------- openssl x509 -in new.cer -text
Certificate: Data: Version: 3 (0x2) Serial Number: (Negative)15:61:60:f0:f7:1a:90:78:be:1b:75:ea:14:4b:1f:89 Signature Algorithm: sha1WithRSAEncryption Issuer: C=CN, CN=BJ, O=BJ, ST=Beijing, L=Beijing, OU=BJ/emailAddress=nnn@nn.edu.cn Validity Not Before: Dec 3 23:07:28 2005 GMT Not After : Dec 2 23:07:28 2015 GMT Subject: C=CN, ST=your_province, L=your_locality, O=ssl-test.net, OU=webApp, CN=ssl-test.net Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:c8:1d:c9:bb:2c:61:81:b8:eb:88:a1:43:c0:58: b8:3b:0f:99:c1:29:ea:ed:87:a1:04:e5:f0:e5:ec: 3e:ff:c0:af:9e:a7:b5:ea:a1:90:b6:2f:2b:65:61: 51:b5:05:90:f8:9a:47:1d:2e:af:c5:3f:c6:fa:96: 0c:63:7e:a5:35:d3:73:d5:b5:ef:a3:99:ce:1b:eb: 85:e3:0a:30:f0:84:f9:18:f4:6c:46:2c:b8:c7:eb: 8f:db:48:04:1f:b1:96:4e:8e:5e:59:b2:6a:55:79: ae:25:b9:27:70:32:50:0f:2f:b7:50:55:70:00:cf: 8f:75:ee:d6:b6:81:65:37:d5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 2D:8A:89:75:4F:71:79:6E:5F:18:2B:A6:A85:B4:8A:84:8C:F30 X509v3 Authority Key Identifier: keyid:4C:2D:E1:99:05:5B:53:92:B5:B4:364:ED:8C:62:A0:EB6:37:C3
X509v3 CRL Distribution Points: URI:http://x/gmcert/CertCrl.crl
X509v3 Key Usage: critical Digital Signature, Key Encipherment, Data Encipherment, Key Agreement X509v3 Basic Constraints: CA:FALSE Signature Algorithm: md5WithRSAEncryption 28:49:5c:be:2d:34:ab:4d:78:c7:35:a7:d5:31:29:9e:af:2f: 32:07:35:53:f0:a5:a7:04:20:62:c2:c3:1c:fe:a2:55:34:10: 76:e3:b0:13:2c:f8:95:58:38:fc:28:78:79:d5:9b:f1:53:03: 1b:ec:4c:c7:f8:73:a5:67:5e:02:af:ce:de:45:cb:5c:47:02: 5e:3b:f5:ee:ce:ac:e3:bc:25:89:19:89:41:04:6c:af:7e:67: 6d:28:53:eb:13:58:b6:6e:78:30:5d:4a:37:a1:0d:82:c8:df: 2d:d7:d0:c8:cb:0f:af:ba:aa:84:8b:7f:b5:9f:1d:23:37:65: 88:58 -----BEGIN CERTIFICATE----- MIIDKjCCApOgAwIBAgIQ6p6fDwjlbYdB5IoV67TgdzANBgkqhkiG9w0BAQUFADCB jzELMAkGA1UEBhMCQ04xETAPBgNVBAMTCEJKRUVBX0NBMQ4wDAYDVQQKEwVCSkVF QTEQMA4GA1UECBMHQmVpamluZzEQMA4GA1UEBxMHQmVpamluZzEYMBYGA1UECxMP QkpFRUFfQ0hFTkdaSEFPMR8wHQYJKoZIhvcNAQkBExBCSkNaQEJKVVQuRURVLkNO MB4XDTA1MTIwMzIzMDcyOFoXDTE1MTIwMjIzMDcyOFowfDELMAkGA1UEBhMCQ04x FjAUBgNVBAgMDXlvdXJfcHJvdmluY2UxFjAUBgNVBAcMDXlvdXJfbG9jYWxpdHkx FTATBgNVBAoTDHNzbC10ZXN0Lm5ldDEPMA0GA1UECxMGd2ViQXBwMRUwEwYDVQQD Ewxzc2wtdGVzdC5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMgdybss YdG064ihQ8BYuDsPmcEp6u2HoQTl8OXsPv/Ar56nteqhkLYvK2VhUbUFkPiaRx0u r8U/xvqWDGN+pTXTc9W176OZzhvrheMKMPCE+Rj0bEYsuMfrj9tIBB+xlk6OXlmy alV5riW5J3AyUA8vt1BVcADPj3Xu1raBZTfVAgMBAAGjgZgwgZUwHQYDVR0OBBYE FC2KiXVPcXluXxorpqjVtIqEjPPQMB8GA1UdIwQYMBaAFEwt4ZkFW1MCtbQx1O2M HohBBGyvfmdtKFPrE1i2bngwXUo3oQ2CyN8t19DIyw+vuqqEi3+1nx0jN2WIWA== -----END CERTIFICATE-----
check this link: http://java.sun.com/j2se/1.5.0/docs/tooldocs/solaris/keytool.html in the section "Supported Algorithms and Key Sizes"
"Any fool can write code that a computer can understand. Good programmers write code that humans can understand." - Martin Fowler, Refactoring - Improving the Design of Existing Code
|