创建一个.p12文件 [英] Creating a .p12 file

问题描述

使用openssl，我创建了如下私钥:

openssl genrsa -out myKey.pem

然后，要生成CA要求的csr，我执行了以下操作:

openssl req -new -key myKey.pem -out cert.csr

CA回应了我存储在名为myCert.cer

的文件中的证书

我现在想将必要的组件(私钥，公钥(?)和证书)捆绑到一个.p12中.为此，我运行了以下命令:

openssl pkcs12 -export -out keyStore.p12 -inkey myKey.pem -in myCert.cer

但是我收到以下错误消息:

No certificate matches private key

我该怎么做?

解决方案

openssl 文档表示作为-in参数提供的文件必须采用 PEM 格式.

事实证明，与CA手册相反，我以myCert.cer存储的CA返回的证书不是 PEM 格式，而是 PKCS7 . /p>

为了创建我的.p12，我必须首先将证书转换为 PEM :

openssl pkcs7 -in myCert.cer -print_certs -out certs.pem

然后执行

openssl pkcs12 -export -out keyStore.p12 -inkey myKey.pem -in certs.pem

Using openssl, I've created a private key as follows:

openssl genrsa -out myKey.pem

Then, to generate the csr demanded by the CA, I've executed the following:

openssl req -new -key myKey.pem -out cert.csr

The CA responded with a certificate which I stored in a file named myCert.cer

I'd now like to bundle the necessary components (private key, public key(?) and certificate) into a single .p12. To do so I've run the following:

openssl pkcs12 -export -out keyStore.p12 -inkey myKey.pem -in myCert.cer

but I'm getting the following error message:

No certificate matches private key

How can I accomplish this?

解决方案

The openssl documentation says that file supplied as the -in argument must be in PEM format.

Turns out that, contrary to the CA's manual, the certificate returned by the CA which I stored in myCert.cer is not PEM format rather it is PKCS7.

In order to create my .p12, I had to first convert the certificate to PEM:

openssl pkcs7 -in myCert.cer -print_certs -out certs.pem

and then execute

openssl pkcs12 -export -out keyStore.p12 -inkey myKey.pem -in certs.pem

这篇关于创建一个.p12文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！