我使用Jetty运行Java servlet应用程序。 现在我想让它更加用户友好,并需要证书。 导入后(见上)浏览器(FF)仍然回收不安全的自签名证书。
如果这个工作现在或有什么更多的事情要做。 谢谢。
$ keytool -list -keystore key.ks -v Enter keystore password: ************** Keystore type: jks Keystore provider: SUN Your keystore contains 1 entry Alias name: mydomain Creation date: Aug 16, 2009 Entry type: keyEntry Certificate chain length: 2 Certificate[1]: Owner: CN=mydomain.com, OU=Domain Validated, OU=Thawte SSL123 certificate, OU=Go to https://www.thawte.com/repository/index.html, O=mydomain.com Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA Serial number: 96a433bf5512025b067f68b95427588 Valid from: Wed Aug 12 02:00:00 CEST 2009 until: Fri Aug 13 01:59:59 CEST 2010 Certificate fingerprints: MD5: 24:43:CD:2D:38:1C:BF:17:97:8E:01:86:D8:74:C6:E7 SHA1: AA:54:C0:72:36:2E:AA:03:E7:E4:1F:F8:A0:DA:60:29:EE:FC:E0:2E Certificate[2]: Owner: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA Serial number: 1 Valid from: Thu Aug 01 02:00:00 CEST 1996 until: Fri Jan 01 00:59:59 CET 2021 Certificate fingerprints: MD5: C5:70:C4:A2:ED:53:78:0C:C8:10:53:81:64:CB:D0:1D SHA1: 23:E5:94:94:51:95:F2:41:48:03:B4:D5:64:D2:A3:A3:F5:D8:8B:8C ******************************************* ******************************************* 您有两个证书在您的密钥库中有一个条目; 您的证书和签名的根证书。 它抱怨的是自签名的根证书:
Owner: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
所有者和发行人是一样的。 这是可以预料的; 根证书是您明确信任的自签名证书。
您需要确保在Firefox中看到这两个证书。 Jetty应该将两个证书发送到浏览器,并且当您查看页面的SSL信息时,您应该能够看到层次结构。 您还需要确保根证书位于Firefox信任的证书列表中。 我检查了我的,这绝对是在我的浏览器。