Keytool-使用现有私钥生成X.509格式的公钥 [英] Keytool - Generate Public key in X.509 format using existing private key
问题描述
我正在尝试生成X.509格式的私钥/公钥对以及需要用于SAML应用程序的自签名证书.
I am trying to generate a private/public key pair in X.509 format along with a self signed cert which I need to use for my SAML application.
这是我所做的:
- 从此处生成自签名证书和私钥并保存
它们以
.pem格式. - 使用私钥并生成公钥
使用命令
openssl rsa -in key.pem -pubout -out pubkey.pem
- Generate Self Signed Cert and Private Key from here and save
them in
.pemformat. - Use the private key and generate a public key
with the command
openssl rsa -in key.pem -pubout -out pubkey.pem
当我将这些密钥提供给我的SAML应用程序时,它会错误显示在第2步中生成的公共密钥,并显示以下消息:
When I give these keys to my SAML application, it errors out on the public key generated on step 2 with the following message:
java.io.IOException: Short read of DER length
我在这里做错了什么?
What's that I am doing wrong here?
推荐答案
问题:
我正在尝试生成X.509格式的私钥/公钥对以及需要用于SAML应用程序的自签名证书.
I am trying to generate a private/public key pair in X.509 format along with a self signed cert which I need to use for my SAML application.
答案:
(1)在Ubuntu 16.04上,我运行以下本机openssl命令以成功为Shibboleth SAML SP应用程序生成X.509格式的私钥/公钥对.
(1) On Ubuntu 16.04, I run the following native openssl command to generate a private/public key pair in X.509 format for a Shibboleth SAML SP application successfully.
openssl genrsa -out key.pem 2048 -days 365
openssl req -new -key key.pem -out certreq.csr
openssl x509 -req -in certreq.csr -signkey key.pem -out cert.pem
(2)我将Shibboleth SAML SP应用程序生成的公共证书/密钥(即cert.pem)上传到Shibboleth SAML IdP.
(2) I upload the generated public cert/key (i.e., cert.pem) of the Shibboleth SAML SP application to a Shibboleth SAML IdP.
(3)我通过Shibboleth SAML IdP和OpenLDAP提供的身份验证成功登录到Shibboleth SAML SP应用程序.
(3) I log in to the Shibboleth SAML SP application successfully through the authentication provided by Shibboleth SAML IdP and OpenLDAP.
备注:
(I)请确保IdP或SP数据库为用于存储公共证书/密钥或私钥的Type定义足够的长度,例如varchar(2500).
(I) Please ensure that the IdP or SP database defines sufficient length for Type which is used to store public cert/key or private key, e.g., varchar(2500).
(II)如果在Windows环境下运行openssl命令,请检查我的答案是否有另一个StackOverflow问题
(II) If you run the openssl command under Windows environment, please check my answer for another StackOverflow question Git status ignore line endings / identical files / windows & linux environment / dropbox / mled to remove "premature EOF" from the end of private key and public cert/key.
(III)如何使用Docker构建和运行Shibboleth SAML IdP和SP GitHub存储库上的容器提供了有关如何构建和运行Shibboleth SAML IdP和SAML SP测试平台以测试您的SAML SP应用程序的说明.
(III) How to build and run Shibboleth SAML IdP and SP using Docker container at GitHub repository provide an instruction on how to build and run a Shibboleth SAML IdP and SAML SP testbed to test your SAML SP application.
独立的Shibboleth SAML IdP测试平台可让您检查日志以调试证书问题.
The standalone Shibboleth SAML IdP testbed allows you to check the log to debug your certificate issue.
这篇关于Keytool-使用现有私钥生成X.509格式的公钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
