创建一个.p12文件 [英] Creating a .p12 file
问题描述
使用openssl
,我创建了如下私钥:
openssl genrsa -out myKey.pem
然后,要生成CA要求的csr
,我执行了以下操作:
openssl req -new -key myKey.pem -out cert.csr
CA回应了我存储在名为myCert.cer
我现在想将必要的组件(私钥,公钥(?)和证书)捆绑到一个.p12
中.为此,我运行了以下命令:
openssl pkcs12 -export -out keyStore.p12 -inkey myKey.pem -in myCert.cer
但是我收到以下错误消息:
No certificate matches private key
我该怎么做?
openssl
文档表示作为-in
参数提供的文件必须采用 PEM 格式.
事实证明,与CA手册相反,我以myCert.cer
存储的CA返回的证书不是 PEM 格式,而是 PKCS7 . /p>
为了创建我的.p12
,我必须首先将证书转换为 PEM :
openssl pkcs7 -in myCert.cer -print_certs -out certs.pem
然后执行
openssl pkcs12 -export -out keyStore.p12 -inkey myKey.pem -in certs.pem
Using openssl
, I've created a private key as follows:
openssl genrsa -out myKey.pem
Then, to generate the csr
demanded by the CA, I've executed the following:
openssl req -new -key myKey.pem -out cert.csr
The CA responded with a certificate which I stored in a file named myCert.cer
I'd now like to bundle the necessary components (private key, public key(?) and certificate) into a single .p12
. To do so I've run the following:
openssl pkcs12 -export -out keyStore.p12 -inkey myKey.pem -in myCert.cer
but I'm getting the following error message:
No certificate matches private key
How can I accomplish this?
The openssl
documentation says that file supplied as the -in
argument must be in PEM format.
Turns out that, contrary to the CA's manual, the certificate returned by the CA which I stored in myCert.cer
is not PEM format rather it is PKCS7.
In order to create my .p12
, I had to first convert the certificate to PEM:
openssl pkcs7 -in myCert.cer -print_certs -out certs.pem
and then execute
openssl pkcs12 -export -out keyStore.p12 -inkey myKey.pem -in certs.pem
这篇关于创建一个.p12文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!