问题

我开发了一个应用程序，并将其上传到我的域。主机为我提供了一个通配符证书供我使用，因此我尝试将其添加到我的应用程序中。我不知道我是否在执行正确的步骤或者怎么做。

所以，这是我做的事情：

• 我下载了证书（last.cer）

• 我从该证书创建了一个密钥库：

  ![在这里输入图片描述][1]

• 这创建了 last.p12，我将其放入了 resources/keystore/ 中

这是我的配置：

![在这里输入图片描述][2]

密钥密码是我在主机提供商处放置的，以便下载证书。

我还添加了 ServletWebServerFactory。

当我启动应用程序时，我得到了这个错误：

Caused by: org.apache.catalina.LifecycleException: Protocol handler start failed
    at org.apache.catalina.connector.Connector.startInternal(Connector.java:1038) ~[tomcat-embed-core-9.0.31.jar:9.0.31]
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) ~[tomcat-embed-core-9.0.31.jar:9.0.31]
    at org.apache.catalina.core.StandardService.addConnector(StandardService.java:227) ~[tomcat-embed-core-9.0.31.jar:9.0.31]
    ... 17 common frames omitted
Caused by: java.lang.IllegalArgumentException: jsse.alias_no_key_entry

但是在两个地方别名都是“carlos”。

  [1]: https://i.stack.imgur.com/HtW5z.png
  [2]: https://i.stack.imgur.com/EpOdc.png

<details>
<summary>英文:</summary>

I developed an application and I uploaded to my domain. The host provides me a wildcard certificate to use, so I tried to add it into my application. I don&#39;t know if I am doing the right steps or what.

So, this is what I did:

 - I downloaded the certificate (`last.cer`)
 - I created a keystore from that certificate:

[![enter image description here][1]][1]

 - That created `last.p12`, which I put into `resources/keystore/`

This is my configuration:

[![enter image description here][2]][2]

The key-password is the one I put in the host provider in order to download the certificate.

I also added the `ServletWebServerFactory`.

When I start up the application, I get this:

    Caused by: org.apache.catalina.LifecycleException: Protocol handler start failed
    	at org.apache.catalina.connector.Connector.startInternal(Connector.java:1038) ~[tomcat-embed-core-9.0.31.jar:9.0.31]
    	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) ~[tomcat-embed-core-9.0.31.jar:9.0.31]
    	at org.apache.catalina.core.StandardService.addConnector(StandardService.java:227) ~[tomcat-embed-core-9.0.31.jar:9.0.31]
    	... 17 common frames omitted
    Caused by: java.lang.IllegalArgumentException: jsse.alias_no_key_entry

But the alias is &quot;carlos&quot; in both places.

  [1]: https://i.stack.imgur.com/HtW5z.png
  [2]: https://i.stack.imgur.com/EpOdc.png

</details>


# 答案1
**得分**: 2

**你需要私钥。**（但不是饼干：）

大部分重复的内容在 https://stackoverflow.com/questions/63695175/how-to-resolve-jno-key-entry 和 https://stackoverflow.com/questions/56151272/how-to-resolve-java-io-ioexception-jsse-alias-no-key-entry，除了你不承认 _拥有_ 私钥。

如果主机在响应您的请求中“提供”了证书 - 尤其是如果您创建了证书签名请求（CSR） - 那么您必须拥有私钥；使用它。如果“主机”，或者可能是CA，或者其他人为您创建了此身份，请从他们那里获取私钥。根据您拥有或获取的形式，使用它的方法可能会有所不同。

-----
另外，在 Windows 的 `Program Files (x86)` 目录下编写/修改文件是一个不好的想法。这些更改可能会彻底失败或消失。自 1990 年代以来，Microsoft 就正式声明不应修改 %PROGRAMFILES*% 目录下的文件，数据应存放在适用的 %PROGRAMDATA% %USERPROFILE% 或 %ALLUSERSPROFILE% 目录下。病毒和恶意软件通常通过非法修改 %PROGRAMFILES*% 来进行操作，因此较新版本的 Windows - 至少是 8 和 10 以及 Server 版本，我不确定 7 - 以及防病毒和其他安全产品在禁止或丢弃尝试更改这些文件时变得更加严格。由于您实际上希望将此文件放在其他地方 - 在服务器应用程序目录（或 jar？您没有明确说明） - 所以最好从一开始就将其写在那里。

<details>
<summary>英文:</summary>

**You need the private key.** (but not a biscuit :)

Mostly dupe https://stackoverflow.com/questions/63695175/how-to-resolve-jno-key-entry and https://stackoverflow.com/questions/56151272/how-to-resolve-java-io-ioexception-jsse-alias-no-key-entry except you don&#39;t admit to _having_ the privatekey.

If the host &#39;provides&#39; the cert in response to your request -- especially if you created the Certificate Signing Request (CSR) -- then you must have the privatekey; use it. If the &#39;host&#39;, or possibly the CA, or somebody else created this identity for you, get the privatekey from them. Depending on the form you have or get, the method to use it may vary some.

-----
Also, writing/modifying files under `Program Files (x86)` on Windows is a bad idea. These changes may fail outright or disappear. Microsoft has officially stated since the 1990s that files in the %PROGRAMFILES*% directory(ies) should not be modified and data should go under (the places now known as) %PROGRAMDATA% %USERPROFILE% or %ALLUSERSPROFILE% as applicable. Viruses and malware often work by illegitimately modifying %PROGRAMFILES*%, so recentish versions of Windows -- at least 8 and 10 and the Server versions, I don&#39;t recall about 7 for sure -- as well as antivirus and other security products have gotten more aggressive about prohibiting or discarding attempts to change these files. Since you actually want this file elsewhere anyway -- in your server application directory (or jar? you&#39;re not clear) -- just write it there to start with.

</details>