如何在Java密钥库中导入现有的X.509证书和私钥以在SSL中使用? [英] How to import an existing X.509 certificate and private key in Java keystore to use in SSL?
问题描述
我在ActiveMQ配置中拥有这个:
I have this in an ActiveMQ config:
<sslContext>
<sslContext keyStore="file:/home/alex/work/amq/broker.ks"
keyStorePassword="password" trustStore="file:${activemq.base}/conf/broker.ts"
trustStorePassword="password"/>
</sslContext>
我有一对X.509证书和一个密钥文件.
I have a pair of X.509 cert and a key file.
如何导入这两个文件以便在SSL和SSL + stomp连接器中使用它们?我可以在Google上搜索的所有示例始终都会自己生成密钥,但是我已经有了一个密钥.
How do I import those two in order to use them in SSL and SSL+stomp connectors? All examples I could google always generate the key themselves, but I already have a key.
我尝试过
keytool -import -keystore ./broker.ks -file mycert.crt
但这只会导入证书而不是密钥文件,并导致
but this only imports the certificate and not the key file and results in
2009-05-25 13:16:24,270 [localhost:61612] ERROR TransportConnector - Could not accept connection : No available certificate or key corresponds to the SSL cipher suites which are enabled.
我尝试将证书和密钥连接起来,但是得到了相同的结果.
I have tried concatenating the cert and the key but got the same result.
如何导入密钥?
推荐答案
信不信由你,keytool不提供诸如将私钥导入密钥库之类的基本功能.您可以尝试解决方法,将带有私钥的PKSC12文件合并到密钥库中.
Believe or not, keytool does not provide such basic functionality like importing private key to keystore. You can try this workaround with merging PKSC12 file with private key to a keystore.
或者仅使用更加用户友好的 KeyMan 而不是keytool.exe,用于密钥库处理.
Or just use more user-friendly KeyMan from IBM for keystore handling instead of keytool.exe.
这篇关于如何在Java密钥库中导入现有的X.509证书和私钥以在SSL中使用?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!