The generated pfx format certificate cannot be used in the tomcat program.
bonbonr opened this issue · comments
func Encode ----
The generated pfx format certificate cannot be used in the tomcat program, which will directly cause the tomcat program to fail to start. I have tried many encoding rules, but the problem cannot be solved?
I suspect that the tomcat program's certificate generation rules on the pfx format certificate are different from the rules for generating certificates on the IIS web service for encoding certificates.
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="xxx.com.pfx" keystorePass="4Y2LOv50" keystoreType="PKCS12" clientAuth="false" sslProtocol="TLS"/>
Could you provide a sample of the code you're using to generate the file? What is the error message from Tomcat?
Could you provide a sample of the code you're using to generate the file? What is the error message from Tomcat?
` pfxBytes, err = pkcs12.Encode(rand.Reader, privateKey, cert, caCerts, password)
if err != nil {
log.Println("pfxBytes", err)
}`
tomcat-6.0.53
tomcat-7.0.99
tomcat-8.5.55
tomcat-9.0.44
I tried to use the certificate in the above tomcat version, but the certificate could not be used. There is no information in the log that allows me to find the error problem.
But I found a message like this:
Caused by: java.lang.IllegalArgumentException: Private key must be accompanied by certificate chain
How do I send the error log file to your email?
I very much hope that the problem will be resolved.
Why can't this project generate a certificate file in jks format?
Googling for that error message, I came across several pages (such as https://bz.apache.org/bugzilla/show_bug.cgi?id=62526) which indicate that the error is caused by an empty password. Are you using an empty password when encoding the file?