我正在使用 Jetty 运行 Java servlet 应用程序。现在我想让它更加用户友好并需要证书。导入(见上文)后,浏览器 (FF) 仍会回收不安全的自签名证书。
现在应该这项工作还是有更多的事情要做。谢谢你。
$ keytool -list -keystore key.ks -v
Enter keystore password: **************
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: mydomain
Creation date: Aug 16, 2009
Entry type: keyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=mydomain.com, OU=Domain Validated, OU=Thawte SSL123 certificate, OU=Go to https://www.thawte.com/repository/index.html, O=mydomain.com
Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Serial number: 96a433bf5512025b067f68b95427588
Valid from: Wed Aug 12 02:00:00 CEST 2009 until: Fri Aug 13 01:59:59 CEST 2010
Certificate fingerprints:
MD5: 24:43:CD:2D:38:1C:BF:17:97:8E:01:86:D8:74:C6:E7
SHA1: AA:54:C0:72:36:2E:AA:03:E7:E4:1F:F8:A0:DA:60:29:EE:FC:E0:2E
Certificate[2]:
Owner: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Serial number: 1
Valid from: Thu Aug 01 02:00:00 CEST 1996 until: Fri Jan 01 00:59:59 CET 2021
Certificate fingerprints:
MD5: C5:70:C4:A2:ED:53:78:0C:C8:10:53:81:64:CB:D0:1D
SHA1: 23:E5:94:94:51:95:F2:41:48:03:B4:D5:64:D2:A3:A3:F5:D8:8B:8C
*******************************************
*******************************************
您的密钥库中有一个带有两个证书的条目;您的证书和签署它的根证书。它抱怨根证书是自签名的:
所有者和发行人是相同的。这是可以预料的;根证书是您明确信任的自签名证书。
您需要确保在 Firefox 中您可以看到这两个证书。Jetty 应该将两个证书都发送到浏览器,当您查看页面的 SSL 信息时,您应该能够看到层次结构。您还需要确保根证书在 Firefox 信任的证书列表中。我检查了我的,它肯定在我的浏览器中。