Sign in

The SSL certificate chain is incomplete. Extract the complete chain to generate the source keystore password of the new certificate

Schmango edited in Mon, 17 Oct 2022
  • Let's make it clear. The problem found yesterday, the template message sent on the service number, click to open the details page, and the blank page will be displayed. Three Android phones have been tried, and it's like this on the Apple phone. Click in the wechat on the PC side to open the details page. After online search, it's said that it's caused by incomplete certificate chain.
  • The problem is that my certificate was applied for and downloaded from Tencent cloud server, and then imported into Tomcat. It has taken nearly a month (the details page in the template message can be opened). Yesterday, I suddenly found that the details page was blank. I don't think I've touched the server.
  • In[ https://www.myssl.cn/tools/downloadchain.html ]( https://www.myssl.cn/tools/downloadchain.html )The intermediate certificate and root certificate are extracted, and the contents of these two certificates are spliced under the original certificate (downloaded from Tencent cloud server, there will be certificates of different formats used under multiple web containers, and I took the suffix under nginx The CRT file pastes the contents of the extracted intermediate certificate and root certificate to the bottom of this file.)
  • Then use OpenSSL pkcs12 - export - in 1_ www.xdfznh.club_ bundle.crt -inkey 2_ www.xdfznh.club.key -Out to. P12 - name "fulljks" to convert CRT file to p12 file
  • Then use keytool - importkeystore - srckeystore to. P12 - srcstoretype pkcs12 - deststoretype JKS - destkeystore keystore.jks Convert to JKS file (in the certificate downloaded from Tencent cloud, the certificate suffix used for Tomcat is JKS, so it should only be in this format). A source keystore password appears in the conversion process. Is this password an application SSL certificate set by yourself? Now I don't remember the password at all. Where can I find it? Or is it wrong to use the CRT file for Tomcat deployment?
1 Replies
commented on Tue, 18 Oct 2022

It's the same question I asked you https://segmentfault.com/q/10... Is that relevant?

It should have nothing to do with the certificate chain. I have answered this question.

Add the question of password. This password is the CSR private key password when applying for SSL certificate. For security reasons, cloud vendors will not help you store this information. You need to keep it by yourself. If it's lost, it's really lost

lock This question has been locked and the reply function has been disabled.