需要帮助将P12证书转换为JKS [英] Need help converting P12 certificate into JKS

问题描述

我需要一些帮助，以将我的.P12证书文件转换为JKS密钥库.我已经使用Java的keytool实用程序遵循了标准命令.但是，当我尝试使用生成的JKS文件通过SOAPUI访问WS端点时，出现403.7错误-禁止:需要SSL证书.在同一个端点上将P12文件与SOAPUI一起使用会产生成功的响应. 这是用于将P12密钥库导入到JKS密钥库中的标准命令-

I need some help converting my .P12 certificate file into a JKS keystore. I've followed the standard commands using Java's keytool utility. However, when I try and use the resulting JKS file to access the WS endpoint via SOAPUI, I get a 403.7 error - Forbidden: SSL certificate is required. Using the P12 file with SOAPUI against the same endpoint produces a successful response. Here is the standard command for importing a P12 keystore into a JKS keystore -

keytool -importkeystore -srckeystore src.p12 -srcstoretype PKCS12 -deststoretype JKS -destkeystore target.jks

我还尝试使用openssl转换P12-> PEM-> DER-> JKS:

I also tried using openssl to convert the P12 -> PEM -> DER -> JKS:

openssl pkcs12 -in src.p12 -out src.pem -clcerts

(将src.pem编辑为两个名为src.key和src.cer的复合部分)

(Edit src.pem into its two composite parts called src.key and src.cer)

openssl pkcs8 -topk8 -nocrypt -in src.key -out key.der -inform PEM -outform DER
openssl x509 -in src.cer -inform PEM -out cert.der -outform DER

(我运行了一个实用程序，将两个密钥组合到keystore.ImportKey中)

(I ran a utility to combine the two keys into keystore.ImportKey )

keytool -importkeystore -srckeystore keystore.ImportKey -destkeystore target.JKS

并且没有骰子.

有什么我想念的吗?

推荐答案

如果您确实拥有Keytool应用程序和PKCS#12文件，请启动单行命令:

If you do have Keytool application and your PKCS#12 file, launch the one-line command:

keytool -importkeystore -srckeystore [MY_FILE.p12] -srcstoretype pkcs12
 -srcalias [ALIAS_SRC] -destkeystore [MY_KEYSTORE.jks]
 -deststoretype jks -deststorepass [PASSWORD_JKS] -destalias [ALIAS_DEST]

您需要修改以下参数:

• MY_FILE.p12:指示要转换的PKCS#12文件(扩展名为.p12或.pfx)的路径.
• MY_KEYSTORE.jks:要在其中存储证书的密钥库的路径.如果不存在，它将自动创建.
• PASSWORD_JKS:将在密钥库打开时要求输入密码.
• ALIAS_SRC:与PKCS#12文件中的证书条目匹配的名称，例如"tomcat".

• MY_FILE.p12: indicate the path to the PKCS#12 file (.p12 or .pfx extension) to be converted.
• MY_KEYSTORE.jks: path to the keystore in which you want to store your certificate. If it does not exist it will be created automatically.
• PASSWORD_JKS: password that will be requested at the keystore opening.
• ALIAS_SRC: name matching your certificate entry in the PKCS#12 file, "tomcat" for example.

如果要从生成.PFX文件的Windows服务器导出证书，则必须检索Windows创建的别名"名称.为此，您可以执行以下命令:

In case you would export your certificate from a Windows server generating a .PFX file, you'll have to retrieve the "alias" name created by Windows. To do so, you can execute the following command:

keytool -v -list -storetype pkcs12 -keystore FILE_PFX

别名"字段表示您需要在命令行中使用的证书的存储名称.

There, the "alias name" field indicates the storage name of your certificate you need to use in the command line.

• ALIAS_DEST:与JKS密钥库中的证书条目匹配的名称，例如"tomcat".

• ALIAS_DEST: name that will match your certificate entry in the JKS keystore, "tomcat" for example.

这篇关于需要帮助将P12证书转换为JKS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！