使用或不使用OpenSSL将SSL .pem转换为.p12 [英] Convert SSL .pem to .p12 with or without OpenSSL
问题描述
我得到需要转换为.p12
文件的外部.pem
文件-我在此过程中添加了用户名和密码. (我需要这样做以利用第三方API.)
I get external .pem
files that need to be converted to .p12
files - I add a username and password in the process. (I need to do this to utilize a third party API.)
使用openssl
,命令是...
openssl pkcs12 -export -in xxxx.pem -inkey xxxx.pem -out xxx.p12 -passout pas:newpassword -name "newname"
我可以在终端会话中运行它,并且效果很好.
I can run this from a terminal session and it works perfectly.
但是,我将需要经常执行此操作,并编写了一个Java类来处理此问题以及更多(我的应用程序主要是.jsp
,其中使用Tomcat和Apache).当我尝试使用Runtime.exec
从Java运行相同的命令时,出现了可怕的无法写入'随机状态'"错误().
However, I will need to do this often and have written a Java class that handles this and more (my application is mostly .jsp
with Tomcat and Apache). When I try run the same command from Java using Runtime.exec
, I get the dreaded "unable to write 'random state'" error ( Using OpenSSL what does "unable to write 'random state'" mean? ).
我认为区别在于,当我从Java运行时,用户不是"root"用户.
I assume that the difference is that, when I run from Java, the user is not "root".
那么,有没有比使用命令行程序(即openssl)更好的方法,可以使用Java库将pem转换为.p12?
So, is there a better way to convert from pem to .p12 using a Java library rather than executing a command line program (i.e. openssl)?
否则,我想我需要在服务器上进行一些配置.我在服务器上的任何位置都找不到任何.md
文件.唯一的openssl.cnf
文件位于怪异的目录(/etc/pki/tls
)中.我是否需要在其他地方创建一个新的openssl.cnf
文件?
Otherwise, I guess I need to do some configuration on my server. I can not find any .md
file anywhere on the server. The only openssl.cnf
file is in a weird directory (/etc/pki/tls
). Do I need to create a new openssl.cnf
file somewhere else?
推荐答案
这应该做您想要做的(使用上面建议的BouncyCastle PEMReader)-采取PEM编码的私钥+证书,并输出PKCS #12文件.为PKCS12使用与保护私钥相同的密码.
This should do what you want to do (using the BouncyCastle PEMReader as suggested above) -- take a PEM-encoded private key + certificate, and output a PKCS#12 file. Uses the same password for the PKCS12 that was used to protect the private key.
public static byte[] pemToPKCS12(final String keyFile, final String cerFile, final String password) throws Exception {
// Get the private key
FileReader reader = new FileReader(keyFile);
PEMReader pem = new PEMReader(reader, new PasswordFinder() {
@Override public char[] getPassword() {
return password.toCharArray();
}
});
PrivateKey key = ((KeyPair)pem.readObject()).getPrivate();
pem.close();
reader.close();
// Get the certificate
reader = new FileReader(cerFile);
pem = new PEMReader(reader);
X509Certificate cert = (X509Certificate)pem.readObject();
pem.close();
reader.close();
// Put them into a PKCS12 keystore and write it to a byte[]
ByteArrayOutputStream bos = new ByteArrayOutputStream();
KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(null);
ks.setKeyEntry("alias", (Key)key, password.toCharArray(), new java.security.cert.Certificate[]{cert});
ks.store(bos, password.toCharArray());
bos.close();
return bos.toByteArray();
}
这篇关于使用或不使用OpenSSL将SSL .pem转换为.p12的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!