更新时间:2021-12-31 08:22:20
我有同样的问题,而在www.tpsynergy.com更新我们的服务器的证书。导入新的服务器证书并重新启动Tomcat的之后,我们得到的错误是ERR_SSL_VERSION_OR_CIPHER_MISMATCH。大量的调查研究后,我用这个链接https://www.sslshopper.com/certificate-key-matcher.html比较CSR(证书签名请求实际证书)。他们俩不匹配。所以,我创建了一个新的CSR并获得新证书,并安装相同的。它的工作。
I had the same issue while renewing the certificate for our server at www.tpsynergy.com . After importing the new server certificate and restarting the tomcat, the error we were getting was ERR_SSL_VERSION_OR_CIPHER_MISMATCH. After lot of research, I used this link https://www.sslshopper.com/certificate-key-matcher.html to compare the csr (certificate signing request to the actual certificate). They both did not match. So I created a new csr and obtained a new certificate and installed the same. It worked.
因此,对于该过程的全部步骤
So the full steps for the process are
密钥工具-keysize 2048 -genkey -alias tomcat的-keyalg RSA -keystore tpsynergy.keystore
(根据需要更改域名)
keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore tpsynergy.keystore (change the domain name as needed)
在创建这个,它会要求名和姓。不要给你的名字,但使用的域名。比如我把它作为www.tpsynergy.com
While creating this, it will ask for first name and last name. Do not give your name, but use the domain name. For example I gave it as www.tpsynergy.com
2.keytool -certreq -keyalg RSA -alias tomcat的-file csr.csr -keystore tpsynergy.keystore
2.keytool -certreq -keyalg RSA -alias tomcat -file csr.csr -keystore tpsynergy.keystore
这将创造在同一文件夹中的文件csr.csr。这个内容复制到GoDaddy的网站,并创建新的证书。
This will create a csr.csr file in the same folder. copy the contents of this to the godaddy site and create the new certificate.
下载的证书zip文件将有三个文件
gd_bundle-G2-g1.crt
gdig2.crt
youractualcert.crt
The downloaded certificate zip file will have three files gd_bundle-g2-g1.crt gdig2.crt youractualcert.crt
您将需要下载从GoDaddy的存储库中的根证书gdroot-g2.crt。
You will need to download the root cert gdroot-g2.crt from godaddy repository.
所有这些文件复制到从创建CSR文件,并在同一目录中的密钥存储文件的位置。
Copy all these files to the same directory from where you created the CSR file and where the keystore file is located.
现在运行下面的命令一个接一个的证书导入到密钥库
Now run the below commands one by one to import the certs into the keystore
的keytool -import -alias -trustcacerts根-file gd_bundle-G2-g1.crt -keystore tpsynergy.keystore
keytool -import -trustcacerts -alias root -file gd_bundle-g2-g1.crt -keystore tpsynergy.keystore
的keytool -import -alias -trustcacerts -file root2 gdroot-g2.crt -keystore tpsynergy.keystore
keytool -import -trustcacerts -alias root2 -file gdroot-g2.crt -keystore tpsynergy.keystore
的keytool -import -alias -trustcacerts中间-file gdig2.crt -keystore tpsynergy.keystore
keytool -import -trustcacerts -alias intermediate -file gdig2.crt -keystore tpsynergy.keystore
的keytool -import -alias -trustcacerts tomcat的-file yourdomainfile.crt -keystore tpsynergy.keystore
keytool -import -trustcacerts -alias tomcat -file yourdomainfile.crt -keystore tpsynergy.keystore
在确保conf文件夹的server.xml文件具有此项
Ensure that server.xml file in conf folder has this entry
重新启动Tomcat
Restart the tomcat