我们可以加载多个证书&密钥存储中的密钥？ [英] Can we load multiple Certificates & Keys in a Key Store?

问题描述

我们可以加载多个证书，密钥存储中的密钥？

是否总是只需要加载对（即一起证书和密钥）？

存储有多个证书和密钥，当Java SSL尝试建立作为服务器的连接时，将选择一个证书和密钥。

解决方案

取决于KeyStore类型，通常，您可以在单个存储中存储多个私钥和证书。

哪个键和证书组合用于基于Java的服务器取决于应用程序的实现方式。许多应用程序允许您使用别名名称选择给定的证书。 KeyStore 中的键和证书吸收器采用 alias 参数来进行此选择。通常，当配置中没有指定时，应用程序或框架将使用它基于 KeyStore.aliases（）枚举找到的第一个合适的。

例如，Tomcat在 keyAlias 属性tomcat-6.0-doc / config / http.html＃SSL_Support>连接器配置：

keyAlias：为服务器
证书在密钥库中。如果不是
指定，将使用在
密钥库中读取的第一个密钥。

KeyStores（再次，根据类型）可以用于存储 SecretKey s（例如DES），即共享密钥以及公钥/私钥对。 p>

Can we load multiple Certificates & Keys in a Key Store?

Is it always required to load only Pairs (i.e. Certificates & Keys together)?

If a Key Store has multiple Certificates and Keys, which one will get selected when Java SSL tries to establish connection as a Server?

解决方案

Although this depends on the KeyStore type, generally, you can store multiple private keys and certificates in a single store.

Which key and certificate combination is used for a Java-based server will depend on how the application was implemented. A number of applications let you select a given certificate using the alias name. The key and certificate getters in KeyStore take an alias parameter to make this choice. Usually, when this is not specified in the configuration, the application or framework will use the first suitable one it finds based on the KeyStore.aliases() enumeration.

Tomcat, for example, uses the keyAlias attribute in its Connector configuration:

keyAlias: The alias used to for the server certificate in the keystore. If not specified the first key read in the keystore will be used.

Regarding key pairs, some KeyStores (again, depending on the type) can be used to store SecretKeys (e.g. DES), that is shared keys, as well as public-private key pairs.

这篇关于我们可以加载多个证书&密钥存储中的密钥？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！