使用.key，.ca和.cert文件为tomcat创建密钥库 [英] create keystore for tomcat using .key ,.ca and .cert file

问题描述

我有三个文件是verisign提供的sample.cert，sample.CA，sample.key.我需要为tomcat创建密钥库.我搜索时无法直接使用.key文件来创建密钥库.

I have three file sample.cert, sample.CA,sample.key provided by verisign. I need to create keystore for tomcat.As I searched I cannot use .key file directly to create keystore.

命令如下:

 pkcs12 -export -in sample.cert -inkey sample.key  -CAfile sample.crt -out sample.p12

(我将sample.CA更改为sample.crt ..)

(I changed sample.CA to sample.crt..)

我使用openssl创建sample.p12文件.然后，使用keytool将sample.p12导入sample.jsk.

I use openssl to create sample.p12 file. Then I import sample.p12 to sample.jsk by using keytool.

    keytool -importkeystore -srckeystore samp.p12 -destkeystore sample.jks -srcstoretype pkcs12     

当我验证证书时，它显示中间证书链接问题.

while I verify certificate it show Intermediate certificate chaining issue.

有什么主意吗?

推荐答案

我认为您可能只是在openssl命令中缺少一个参数.在末尾添加"-chain"，以查看是否可以解决问题.请注意，如果openssl无法建立链，则该命令将失败.

I think you may just be missing one paramater in the openssl command. Add "-chain" to the end to see if that fixes things. Note that if openssl can't establish the chain, the command will fail.

示例:

openssl pkcs12 -export -in MYCERT.crt -inkey MYKEY.key -out KEYSTORE.p12 -name "tomcat" -CAfile MY-CA-CERT.crt -caname "myCA" -chain

-name"和"-caname"参数为每个证书赋予一个友好名称"，并且是可选的.

The "-name" and "-caname" parameters give a "friendly name" to each certificate, and are optional.

openssl pkcs12及其各种参数的文档位于此处.

The documentation for openssl pkcs12 and its various parameters is here.

这篇关于使用.key，.ca和.cert文件为tomcat创建密钥库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！