"%JAVA_HOME%\bin\keytool" -delete -alias tomcat -keypass changeit
"%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keypass changeit -keyalg RSA -validity 365
"%JAVA_HOME%\bin\keytool" -export -alias tomcat -keypass changeit -file server.crt
"%JAVA_HOME%\bin\keytool" -import -alias tomcat -file server.crt -keystore "%JAVA_HOME%\jre\lib\security\cacerts"
拒绝访问
C:\Program Files\Java\jre1.8.0_20\lib\security>keytool -import -keystore cacerts -file C:\Users\who\server.crt
输入密钥库口令:
所有者: CN=who-pc, OU=NMS, O=NMS, L=SHANGHAI, ST=SHANGHAI, C=CN
发布者: CN=who-pc, OU=NMS, O=NMS, L=SHANGHAI, ST=SHANGHAI, C=CN
序列号: 1cfba992
有效期开始日期: Mon Mar 16 21:55:25 CST 2015, 截止日期: Sun Jun 14 21:55:25 CST 2015
证书指纹:
MD5: 5D:1A:FA:F5:78:9E:78:FB:BD:A0:44:83:61:58:29:44
SHA1: DB:E2:92:09:79:A9:C7:64:BE:8F:0D:8A:05:FA:87:A7:F2:65:A9:70
SHA256: 28:C5:52:DE:1B:9B:7A:CE:99:42:C1:63:11:0D:EB:09:D5:5D:D9:57:97:45:9C:7C:B6:C4:55:EC:4C:5E:99:ED
签名算法名称: SHA256withRSA
版本: 3
扩展:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: EC CB FF AB B1 3D 4E F6 0E A6 D6 D3 19 7B 96 86 .....=N.........
0010: EA C9 E6 B5 ....
]
]
是否信任此证书? [否]: y
证书已添加到密钥库中
keytool 错误: java.io.FileNotFoundException: cacerts (拒绝访问。)
C:\Program Files\Java\jre1.8.0_20\lib\security>
WIN7下的C:\Program Files以及C:\Program Files(x86)都是只有管理员权限才能访问的目录,所有写、修改操作都会遭遇”拒绝访问”
找不到有效证书
2015-03-17 19:31:34,057 [tomcat-https--2] DEBUG org.jasig.cas.client.validation.Cas20ServiceTicketValidator - Retrieving response from server.
2015-03-17 19:31:34,193 [tomcat-https--2] ERROR org.jasig.cas.client.util.CommonUtils - sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
... 51 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
... 57 more
出现这个问题是因为CAS Server是用keytool自签发的证书,CAS Client并不信任这个证书。