将.key和.pem文件导入jks文件并在Java / Spring中使用 [英] Import .key and .pem file to jks file and use in Java/Spring
问题描述
我从服务团队获得了以下密钥/证书,通过SSL调用他们的API,我通过curl命令验证了这一点。
I have been given the following key/cert from a service team to call their API over SSL, which I verfied thru curl command.
1. QA.test.key
2. QA.test.pem
CURL命令:
curl --key QA.test.key --cert ./QA.test.pem -X POST --header "Content-Type: application/json" --header "Accept: application/json" -d '{"pan":"1234567890123456", "client": " Application Name "}' https://test-qa.abc.com/tokenize
现在,要通过https在Java中调用API,我是否需要执行以下操作?
Now, to call the API in Java over https, do I need to do the following?
- 创建自签名的jks文件
- 导入.key和.pem到新的test.jks文件?
-
执行以下操作
- Create a self signed jks file
- import the .key and .pem to new test.jks file?
Do the following
public class TestApp {
final static String KEYSTORE_PASSWORD = "testing";
static
{
System.setProperty("javax.net.ssl.trustStore", "src/main/resources/test.jks");
System.setProperty("javax.net.ssl.trustStorePassword", KEYSTORE_PASSWORD);
System.setProperty("javax.net.ssl.keyStore", "src/main/resources/test.jks");
System.setProperty("javax.net.ssl.keyStorePassword", KEYSTORE_PASSWORD);
}
public static void main(String[] args) {
SpringApplication.run(TestApp.class, args);
}
}
使用jks文件时出现无效证书错误,创建jks文件并导入.key和.pem文件以使其正常工作的最佳方法是什么?
I am getting Invalid Certificate error while using the jks file, what would be the best way to create a jks file and import .key and .pem file for it to work properly?
推荐答案
使用OpenSSL实用程序创建PKCS#12文件。然后,您可以使用系统属性将其指定为密钥存储区。
Create a PKCS #12 file using OpenSSL utilities. Then you can specify this as your key store using the system properties.
openssl pkcs12 -export -in QA.test.pem -inkey QA.test.key -out test.pkcs12
此命令将提示输入密码以加密新的PKCS#12文件。它还可能会提示输入用于加密 QA.test.key 的密码(如果有)。
This command will prompt for a password to encrypt the new PKCS #12 file. It may also prompt for the password that was used to encrypt QA.test.key, if any.
javax.net.ssl.keyStore=test.pkcs12
javax.net.ssl.keyStorePassword=<whatever you entered when creating PKCS #12>
javax.net.ssl.keyStoreType=PKCS12
trustStore 属性是分开的;它们会影响如何验证服务器。如果服务器使用由真实CA颁发的证书,则必须在Java运行时中存在必要的证书。否则,您将不得不创建一个额外的密钥库,可以使用Java的 keytool 命令来完成。
The trustStore properties are separate; they affect how to authenticate the server. If the server uses a certificate issued by a "real" CA, the necessary certificates should be present in the Java runtime already. Otherwise, you'll have to create an additional key store, which can be done using Java's keytool command.
请注意, Java 9将使用PKCS#12文件作为默认的密钥库类型。
这篇关于将.key和.pem文件导入jks文件并在Java / Spring中使用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
