生成self-signed certificate时犯的一个错误

Category: /blog /website
Tags: website

今天生成 self-signed certificate, 结果偷懒没把所有选项填全, 结果在Apache没事, 但用svn时出了没见过的错. 记在这里.

Server certificate was missing commonName attribute in subject name

具体生成步骤在knowledge. 下回要记着把事情做全了.

Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:C2       
Email Address []:

在Java JVM里如果调用https, 会产生SSLHandshakeException.

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
    ... 

这时要告诉Java JVM你的security sertificate在哪里. 下面是我在Ubuntu下面的处理情况. 

sudo keytool -import -keystore /etc/java-6-sun/security/cacerts -file /etc/apache2/ssl/server.crt

[sudo] password for c2: 
Enter keystore password:

第一个password是我的用户密码, 第二个密码是缺省的java keystore密码. 可是我的certificate 已经是去掉密码了的啊. 

Enter keystore password:  
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect

我试了又试也不成, 最后终于发现原来这是要JVM的密码. 缺省值是’changeit’. 我呸! 不带这么玩儿的. 写下来省下别人抓耳挠腮的时间吧. 

讨论

提示

  • 如果看不到讨论部分, 请暂时关掉adblock in Firefox/Chrome
  • 本网站使用Javascript实现评论功能, 此处外链对提高您的网站PR没有帮助. (潜台词: 请不要灌水, 谢谢)