spring-boot - 在 Spring Boot 中使用 GoDaddy SSL 证书

Question

我知道这可能看起来很熟悉，但我向所有人保证，我已经检查并重新运行了所有答案，但我仍然无法使用有效的 GoDaddy SSL 证书。
以下是我在 Spring Boot 应用程序中创建和使用 keystore 的步骤。
感谢您对这篇文章的任何建议或评论。

我已经从我的 GoDaddy 帐户下载了与 tomcat 选项相关的证书包(尚未生成和提交 CSR，只是使用了 GoDaddy 预先生成的证书包)。
该软件包包含以下文件集。

gd_bundle-g2-g1.crt(中级证书)

[Random_Hex].crt(根证书)

gdig2.crt.pem(公钥)

使用上述文件和 keytool，我生成了一个运行以下命令的 keystore

keytool -import -trustcacerts -alias intermediate -file gd_bundle-g2-g1.crt -keystore mydomain.jks

keytool -import -trustcacerts -alias mydomain.com -file <randomhex>.crt -keystore mydomain.jks

keytool -importkeystore -srckeystore mydomain.jks -destkeystore mydomain.p12 -srcstoretype JKS -deststoretype PKCS12 -deststorepass Password -srcalias mydomain.com -destalias mydomain

将上一步生成的 .p12 文件放入我的 Spring Boot 项目的“资源”路径并更新 application.properties 文件，如下所示，我希望项目能够在 HTTPS 上运行并公开我的 Web 应用程序。

server.ssl.enabled=true
server.ssl.key-store-type=PKCS12
server.ssl.key-store=classpath:mydomain.p12
server.ssl.key-store-password=Password
server.ssl.key-password=Password
server.ssl.key-alias=mydomain.com

但无论我使用哪个配置或重新创建 keystore 多少次，我都面临以下错误。

org.apache.catalina.LifecycleException: Protocol handler start failed at org.apache.catalina.connector.Connector.startInternal(Connector.java:1008) ~[tomcat-embed-core-9.0.22.jar:9.0.22] at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) ~[tomcat-embed-core-9.0.22.jar:9.0.22] at org.apache.catalina.core.StandardService.addConnector(StandardService.java:227) ~[tomcat-embed-core-9.0.22.jar:9.0.22] at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.addPreviouslyRemovedConnectors(TomcatWebServer.java:263) ~[spring-boot-2.1.7.RELEASE.jar:2.1.7.RELEASE] at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:195) ~[spring-boot-2.1.7.RELEASE.jar:2.1.7.RELEASE] at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.startWebServer(ServletWebServerApplicationContext.java:297) ~[spring-boot-2.1.7.RELEASE.jar:2.1.7.RELEASE] at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.finishRefresh(ServletWebServerApplicationContext.java:163) ~[spring-boot-2.1.7.RELEASE.jar:2.1.7.RELEASE] at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:552) ~[spring-context-5.1.9.RELEASE.jar:5.1.9.RELEASE] at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:141) ~[spring-boot-2.1.7.RELEASE.jar:2.1.7.RELEASE] at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:743) ~[spring-boot-2.1.7.RELEASE.jar:2.1.7.RELEASE] at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:390) ~[spring-boot-2.1.7.RELEASE.jar:2.1.7.RELEASE] at org.springframework.boot.SpringApplication.run(SpringApplication.java:312) ~[spring-boot-2.1.7.RELEASE.jar:2.1.7.RELEASE] at org.springframework.boot.SpringApplication.run(SpringApplication.java:1214) ~[spring-boot-2.1.7.RELEASE.jar:2.1.7.RELEASE] at org.springframework.boot.SpringApplication.run(SpringApplication.java:1203) ~[spring-boot-2.1.7.RELEASE.jar:2.1.7.RELEASE] at com.pincha.patient.MyApp.main(MyApp.java:10) ~[classes/:na] Caused by: java.lang.IllegalArgumentException: jsse.alias_no_key_entry at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99) ~[tomcat-embed-core-9.0.22.jar:9.0.22] at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71) ~[tomcat-embed-core-9.0.22.jar:9.0.22] at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:218) ~[tomcat-embed-core-9.0.22.jar:9.0.22] at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1124) ~[tomcat-embed-core-9.0.22.jar:9.0.22] at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1210) ~[tomcat-embed-core-9.0.22.jar:9.0.22] at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:585) ~[tomcat-embed-core-9.0.22.jar:9.0.22] at org.apache.catalina.connector.Connector.startInternal(Connector.java:1005) ~[tomcat-embed-core-9.0.22.jar:9.0.22] ... 14 common frames omitted Caused by: java.io.IOException: jsse.alias_no_key_entry at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:325) ~[tomcat-embed-core-9.0.22.jar:9.0.22] at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247) ~[tomcat-embed-core-9.0.22.jar:9.0.22] at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97) ~[tomcat-embed-core-9.0.22.jar:9.0.22] ... 20 common frames omitted

Answer 1

@鲍里斯蜘蛛:

This is not a keystore it is a truststore. There is no private material, this is just a chain the trust back to the GoDaddy root CA. In order for it to the a keystore there must be a key pair which includes a private key that only you have and a public key which containers your server’s domain name(s) signed by a GoDaddyCA. This is what the CSR is - you generate this key pair and then ask GoDaddy to sign it. TL;DR: you need a key pair.