将PFX文件导入现有的JKS文件(不从.pfx转换为.jks) [英] Import PFX file into Existing JKS file (NOT converting from .pfx to .jks)

问题描述

我拥有Java Web服务，并已使用Java Keytool创建的jks文件实现了X.509.

I have Java web service and have implemented X.509 using jks files created by Java Keytool.

keytool -genkey -keyalg RSA -sigalg SHA1withRSA -validity 730 -alias myservicekey -keypass skpass -storepass sspass -keystore serviceKeystore.jks -dname "cn=localhost"

keytool -genkey -keyalg RSA -sigalg SHA1withRSA -validity 730 -alias myclientkey  -keypass ckpass -storepass cspass -keystore clientKeystore.jks -dname "cn=clientuser"

要在客户端和服务器之间建立信任，我将服务器证书导入到客户端，并将客户端证书导入到服务器.

To establish trust between client and server I import the server certs to client and client certs to server.

将服务器公钥(证书)导入客户端.

keytool -export -rfc -keystore clientKeystore.jks -storepass cspass -alias myclientkey -file MyClient.cer
keytool -import -trustcacerts -keystore serviceKeystore.jks -storepass sspass -alias myclientkey -file MyClient.cer -noprompt

将客户端公钥(证书)导入服务器

keytool -export -rfc -keystore serviceKeystore.jks -storepass sspass -alias myservicekey -file MyService.cer
keytool -import -trustcacerts -keystore clientKeystore.jks -storepass cspass -alias myservicekey -file MyService.cer -noprompt

Service和Client都是用Java编写的，并且运行良好.现在我有了一个.NET客户端，我的理解是，如果我向.NET客户端提供相同的jave客户端证书，即clientKeystore.jks，它应该可以工作，但是.net客户端有问题.

Both Service and Client are written in Java and are working fine. Now I have a .NET client and my understanding is that if I give the same jave client certificates to the .NET client i.e clientKeystore.jks it should work, but the .net client is having issues.

.NET客户端开发人员要求我使用他生成的.pfx证书，如何将.pfx证书导入到现有的.jks文件中.

The .NET client developer has insisted me to use a .pfx certificate that he generated, how can I import a .pfx certificate into an existing .jks file.

我在网上看到的示例要求我创建一个新的.jks文件.

The examples I have seen online require me to create a new .jks file.

谢谢.

推荐答案

您可以将该文件视为Java PKCS12密钥库.您可以使用所有相同的keytool命令，除了您还需要指定-storetype PKCS12以外，因为默认值为JKS.在JDK 1.6及更高版本中可用的示例:

You can treat the file as a Java PKCS12 Keystore. You can use all of the same keytool commands, except you additionally need to specify -storetype PKCS12 since the default is JKS. Example that works in JDK 1.6 and higher:

keytool -importkeystore -srckeystore mypfxfile.pfx -srcstoretype pkcs12 
-destkeystore clientcert.jks -deststoretype JKS

另请参见此线程.我认为这可以回答您的问题，但是如果您不介意任何建议，我只会将现有的JKS文件输出为P12文件，然后将P12文件提供给.NET客户端.如果这确实是格式问题，那将解决您的问题.您可以按照此处中概述的步骤进行操作.如果仍然有问题，则应发布.NET客户端的Exception，否则我们将无法为您提供帮助.

Also see this thread. I think that answers your question, but if you don't mind a suggestion, I would simply output your existing JKS file as a P12 file, then give the P12 file to the .NET client. That would solve your issue if it is truly a format issue. You can do that by following the steps outlined here. If you still have issues, you should post the .NET client's Exception otherwise we cannot help you.

这篇关于将PFX文件导入现有的JKS文件(不从.pfx转换为.jks)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！