openssl无法生成带有有效别名的pfx [英] openssl fails to produce a pfx with a valid alias

问题描述

我试图生成一个pfx文件，用作一些JAR文件的签名机制，如这条指示。

要创建pfx文件，我使用以下命令：

  openssl pkcs12 -export -in my-cert.crt -inkey my-priv-key.key -certfile my-ca-bundle -out my-pfx.pfx 
  

此命令成功地生成了一个pfx文件，但是当我尝试使用以下命令查找别名时

  keytool -list -storetype pkcs12 -keystore my-pfx.pfx -v | grep别名
  

我得到以下响应

 别名：2 
  

和我做过的其他研究）返回的Alias应该看起来像这样

  le-d491f28f-ee7b-40e2-b1a7-2b7c3a71979a 
  

如果我尝试使用别名值我得到（例如2）使用以下命令

  jarsigner -keystore my-pfx.pfx -storetype PKCS12 jacob.jar 2 
  pre> 
 
 
这会导致以下错误消息
  jarsigner：链找不到：2. 2必须引用包含私钥和对应的公钥证书链的有效KeyStore密钥条目。 
  
我完全无法理解为什么我没有得到一个正确的别名..任何有用的建议？ / p> 
 
 
感谢
解决方案
尝试使用用命令 openssl pkcs12 命名alias
 
 
 
看起来像（其余的选项是从你的问题）：
  openssl pkcs12 -export -in my-cert.crt  - inkey my-priv-key.key -certfile my-ca-bundle -out my-pfx.pfx -namealias
  
 
I am trying to generate a pfx file to use as a signing mechanism for some JAR files as per these instructions. 

To create the pfx file I am using the following command
openssl pkcs12 -export -in my-cert.crt -inkey my-priv-key.key -certfile my-ca-bundle -out my-pfx.pfx
This command successfully generates me a pfx file, however, when I try to find the alias using the following command
keytool -list -storetype pkcs12 -keystore my-pfx.pfx -v | grep Alias
I get the following response
Alias name: 2
According to the note linked above (and other research I have done) the Alias returned should look something like this
le-d491f28f-ee7b-40e2-b1a7-2b7c3a71979a
If I try to use the Alias value I am getting (e.g. 2) using the following command
jarsigner -keystore my-pfx.pfx -storetype PKCS12 jacob.jar 2
which results in the following error message
jarsigner: Certificate chain not found for: 2.  2 must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.
I am totally stumped as to why I am not getting a correct alias.. Any helpful suggestions ?

Thanks
解决方案
Try using option -name "alias" with command openssl pkcs12.

So, the full command may look like (the rest of options were taken from your question):
openssl pkcs12 -export -in my-cert.crt -inkey my-priv-key.key -certfile my-ca-bundle -out my-pfx.pfx -name "alias"


                        
这篇关于openssl无法生成带有有效别名的pfx的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！