如何将OpenSSL密钥文件导入Windows证书存储 [英] How to import an OpenSSL key file into the Windows Certificate Store
问题描述
我有一个PEM格式的OpenSSL生成的X.509证书及其关联的密钥文件.连接到原型服务器时,此证书对于身份验证是必需的.在Linux上可以正常工作.我一直在使用Microsoft SChannel API在Windows平台上驱动SSL/TLS连接,但是我想使用相同的测试证书.我可以右键单击证书文件并将其导入到我的证书存储中,但是我相信私钥不会随证书一起导入(即使我已将它们串联到同一文件中).
I've got an OpenSSL generated X.509 certificate in PEM format and it's associated key file. This certificate is required for authentication when connecting to a prototype server. This works fine on Linux. I've been using the Microsoft SChannel API to drive SSL/TLS connections on Windows platforms but I want to use the same test certificate. I can right-click on the certificate file and import it into my certificate store but I believe that the private key is not imported with it (even though I've concatenated them into the same file).
当我运行SChannel代码时,在初始化安全上下文(通过InitializeSecurityContext)时收到"SEC_E_NO_CREDENTIALS"错误.我怀疑这意味着私钥丢失了.
When I go to run the SChannel code, I get a 'SEC_E_NO_CREDENTIALS' error when I init the security context (via InitializeSecurityContext). I suspect this means that the private key is missing.
是否有人知道如何测试通过"certmgr.msc"访问的个人(或我")证书存储中的证书中是否存在私钥?可以在商店中为证书导入新的密钥文件吗?
Does anyone know how to test the presence or absence of a private key in a certificate which is located in the Personal (or 'My') certificate store, accessed via 'certmgr.msc'?. Is it possible to import a new key file for a certificate in the store?
任何见解或建议将不胜感激.
Any insight or advice would be much appreciated.
推荐答案
要测试是否为证书安装了私钥,请双击certmgr.msc中的证书图标.如果它具有私钥,它将在属性页中显示一条消息,提示您具有私钥,否则将不提供对该私钥的任何引用.
To test if private key is installed for the certificate, double click the certificate icon in certmgr.msc. If it has private key, it will show a message in the property page that you have private key, otherwise it will not give any reference the the private key.
要使用私钥导入证书,可以执行以下操作:
To import the certificate with its private key, you can do the following:
- 使用openssl pkcs12将证书及其私钥打包到PKCS#12文件或PFX文件中.这是一个示例.
- 将此PKCS#12或PFX文件导入证书存储.
请注意,导入pfx文件时可能会出现错误,例如此文件无效,不能用于以下用途:个人信息交换".此错误是由于证书缺少适当的X.509 v3扩展名(例如使用字段(数字签名等))引起的
Note that you may see errors when importing the pfx file, such as 'This file is invalid for use as the following: Personal Information Exchange'. This error was caused by the certificate lacking to appropriate X.509 v3 extensions (such as the usage fields (digital signature, etc))
这篇关于如何将OpenSSL密钥文件导入Windows证书存储的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!