开发者

Invalid keystore format - tomcat

问答 作者:

i have generated certificate using Bouncy Castle library, my sample code is as below,

String domainName       ="localhost";
    String certPath         ="C://testCert.crt";

    KeyPairGenerator keyPairGenerator;
    try {
        Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider ());

        keyPairGenerator = KeyPairGenerator.getInstance("RSA");

        keyPairGenerator.initialize(1024);
        KeyPair KPair = keyPairGenerator.generateKeyPair();

        X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator(); 


        v3CertGen.setSerialNumber(BigInteger.valueO开发者_高级运维f(Math.abs(new SecureRandom().nextInt())));
        v3CertGen.setIssuerDN(new X509Principal("CN=" + domainName + ", OU=None, O=None L=None, C=None"));
        v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30));
        v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365*10)));
        v3CertGen.setSubjectDN(new X509Principal("CN=" + domainName + ", OU=None, O=None L=None, C=None"));

        v3CertGen.setPublicKey(KPair.getPublic());
        v3CertGen.setSignatureAlgorithm("MD5WithRSAEncryption");

        X509Certificate pkCertificate = v3CertGen.generateX509Certificate(KPair.getPrivate());  

        KeyStore keystore = KeyStore.getInstance("JKS");
        keystore.load(null, null);
        keystore.setKeyEntry("test", KPair.getPrivate(), "password".toCharArray(), new X509Certificate[] {pkCertificate});


        FileOutputStream fos;

        fos = new FileOutputStream(certPath);
        fos.write(pkCertificate.getEncoded());
        fos.close();


    }catch (Exception e1) {
        e1.printStackTrace();
    }

Certificate generated successfully without any compilation error, But on startup of tomcat error generated

"SEVERE: Failed to load keystore type JKS with path C:/testCert.crt due to Invalid keystore format"

Entry for server.xml is as below,

<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" maxHttpHeaderSize="8192"
           maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" 
           disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" 
           clientAuth="false" sslProtocol="TLS" keystoreAlias="test" keystorePass="password" 
           keystoreFile="C:/testCert.crt" />

you dont' need to write the encoded form of the certificate to the file(fos.write(pkCertificate.getEncoded()); is the wrong thing to do), but use keyStore.store(fos,"password".toCharArray); instead.

继续阅读:bouncycastlesecuritytomcat

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9