这个 SSL 证书有什么问题?

这个 SSL 证书有什么问题?

我正在使用 Jetty 运行 Java servlet 应用程序。现在我想让它更加用户友好并要求提供证书。导入后(见上文),浏览器(FF)仍然会回收不安全的自签名证书。

这现在能行吗?还是还需要做其他事情?谢谢。

$ keytool -list -keystore key.ks -v
Enter keystore password:  **************

Keystore type: jks
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: mydomain
Creation date: Aug 16, 2009
Entry type: keyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=mydomain.com, OU=Domain Validated, OU=Thawte SSL123 certificate, OU=Go to https://www.thawte.com/repository/index.html, O=mydomain.com
Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Serial number: 96a433bf5512025b067f68b95427588
Valid from: Wed Aug 12 02:00:00 CEST 2009 until: Fri Aug 13 01:59:59 CEST 2010
Certificate fingerprints:
         MD5:  24:43:CD:2D:38:1C:BF:17:97:8E:01:86:D8:74:C6:E7
         SHA1: AA:54:C0:72:36:2E:AA:03:E7:E4:1F:F8:A0:DA:60:29:EE:FC:E0:2E
Certificate[2]:
Owner: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Serial number: 1
Valid from: Thu Aug 01 02:00:00 CEST 1996 until: Fri Jan 01 00:59:59 CET 2021
Certificate fingerprints:
         MD5:  C5:70:C4:A2:ED:53:78:0C:C8:10:53:81:64:CB:D0:1D
         SHA1: 23:E5:94:94:51:95:F2:41:48:03:B4:D5:64:D2:A3:A3:F5:D8:8B:8C


*******************************************
*******************************************

答案1

您的密钥库中有一个包含两个证书的条目:您的证书和签名该证书的根证书。它抱怨的是自签名的根证书:

Owner: [email protected], 
      CN=Thawte Server CA, OU=Certification Services Division, 
      O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], 
      CN=Thawte Server CA, OU=Certification Services Division, 
      O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA

所有者和颁发者相同。这是意料之中的;根证书是您明确信任的自签名证书。

您需要确保在 Firefox 中可以看到这两个证书。Jetty 应该将这两个证书发送到浏览器,当您查看页面的 SSL 信息时,您应该能够看到层次结构。您还需要确保根证书在 Firefox 信任的证书列表中。我检查了我的证书,它肯定在我的浏览器中。

相关内容