使用.key,.ca和.cert文件为tomcat创建密钥库 [英] create keystore for tomcat using .key ,.ca and .cert file
问题描述
我有三个文件是verisign提供的sample.cert,sample.CA,sample.key.我需要为tomcat创建密钥库.我搜索时无法直接使用.key文件来创建密钥库.
I have three file sample.cert, sample.CA,sample.key provided by verisign. I need to create keystore for tomcat.As I searched I cannot use .key file directly to create keystore.
命令如下:
pkcs12 -export -in sample.cert -inkey sample.key -CAfile sample.crt -out sample.p12
(我将sample.CA更改为sample.crt ..)
(I changed sample.CA to sample.crt..)
我使用openssl创建sample.p12文件.然后,使用keytool将sample.p12导入sample.jsk.
I use openssl to create sample.p12 file. Then I import sample.p12 to sample.jsk by using keytool.
keytool -importkeystore -srckeystore samp.p12 -destkeystore sample.jks -srcstoretype pkcs12
当我验证证书时,它显示中间证书链接问题.
while I verify certificate it show Intermediate certificate chaining issue.
有什么主意吗?
推荐答案
我认为您可能只是在openssl命令中缺少一个参数.在末尾添加"-chain",以查看是否可以解决问题.请注意,如果openssl无法建立链,则该命令将失败.
I think you may just be missing one paramater in the openssl command. Add "-chain" to the end to see if that fixes things. Note that if openssl can't establish the chain, the command will fail.
示例:
openssl pkcs12 -export -in MYCERT.crt -inkey MYKEY.key -out KEYSTORE.p12 -name "tomcat" -CAfile MY-CA-CERT.crt -caname "myCA" -chain
-name"和"-caname"参数为每个证书赋予一个友好名称",并且是可选的.
The "-name" and "-caname" parameters give a "friendly name" to each certificate, and are optional.
openssl pkcs12及其各种参数的文档位于此处.
The documentation for openssl pkcs12 and its various parameters is here.
这篇关于使用.key,.ca和.cert文件为tomcat创建密钥库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!