需要帮助将P12证书转换为JKS [英] Need help converting P12 certificate into JKS
问题描述
我需要一些帮助,以将我的.P12证书文件转换为JKS密钥库.我已经使用Java的keytool实用程序遵循了标准命令.但是,当我尝试使用生成的JKS文件通过SOAPUI访问WS端点时,出现403.7错误-禁止:需要SSL证书.在同一个端点上将P12文件与SOAPUI一起使用会产生成功的响应. 这是用于将P12密钥库导入到JKS密钥库中的标准命令-
I need some help converting my .P12 certificate file into a JKS keystore. I've followed the standard commands using Java's keytool utility. However, when I try and use the resulting JKS file to access the WS endpoint via SOAPUI, I get a 403.7 error - Forbidden: SSL certificate is required. Using the P12 file with SOAPUI against the same endpoint produces a successful response. Here is the standard command for importing a P12 keystore into a JKS keystore -
keytool -importkeystore -srckeystore src.p12 -srcstoretype PKCS12 -deststoretype JKS -destkeystore target.jks
我还尝试使用openssl转换P12-> PEM-> DER-> JKS:
I also tried using openssl to convert the P12 -> PEM -> DER -> JKS:
openssl pkcs12 -in src.p12 -out src.pem -clcerts
(将src.pem编辑为两个名为src.key和src.cer的复合部分)
(Edit src.pem into its two composite parts called src.key and src.cer)
openssl pkcs8 -topk8 -nocrypt -in src.key -out key.der -inform PEM -outform DER
openssl x509 -in src.cer -inform PEM -out cert.der -outform DER
(我运行了一个实用程序,将两个密钥组合到keystore.ImportKey中)
(I ran a utility to combine the two keys into keystore.ImportKey )
keytool -importkeystore -srckeystore keystore.ImportKey -destkeystore target.JKS
并且没有骰子.
有什么我想念的吗?
推荐答案
如果您确实拥有Keytool应用程序和PKCS#12文件,请启动单行命令:
If you do have Keytool application and your PKCS#12 file, launch the one-line command:
keytool -importkeystore -srckeystore [MY_FILE.p12] -srcstoretype pkcs12
-srcalias [ALIAS_SRC] -destkeystore [MY_KEYSTORE.jks]
-deststoretype jks -deststorepass [PASSWORD_JKS] -destalias [ALIAS_DEST]
您需要修改以下参数:
-
MY_FILE.p12
:指示要转换的PKCS#12文件(扩展名为.p12或.pfx)的路径. -
MY_KEYSTORE.jks
:要在其中存储证书的密钥库的路径.如果不存在,它将自动创建. -
PASSWORD_JKS
:将在密钥库打开时要求输入密码. -
ALIAS_SRC
:与PKCS#12文件中的证书条目匹配的名称,例如"tomcat".
MY_FILE.p12
: indicate the path to the PKCS#12 file (.p12 or .pfx extension) to be converted.MY_KEYSTORE.jks
: path to the keystore in which you want to store your certificate. If it does not exist it will be created automatically.PASSWORD_JKS
: password that will be requested at the keystore opening.ALIAS_SRC
: name matching your certificate entry in the PKCS#12 file, "tomcat" for example.
如果要从生成.PFX
文件的Windows服务器导出证书,则必须检索Windows创建的别名"名称.为此,您可以执行以下命令:
In case you would export your certificate from a Windows server generating a .PFX
file, you'll have to retrieve the "alias" name created by Windows. To do so, you can execute the following command:
keytool -v -list -storetype pkcs12 -keystore FILE_PFX
别名"字段表示您需要在命令行中使用的证书的存储名称.
There, the "alias name" field indicates the storage name of your certificate you need to use in the command line.
-
ALIAS_DEST
:与JKS密钥库中的证书条目匹配的名称,例如"tomcat".
ALIAS_DEST
: name that will match your certificate entry in the JKS keystore, "tomcat" for example.
这篇关于需要帮助将P12证书转换为JKS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!