如何从cer文件创建密钥库？ [英] How to create keystore from cer files?

问题描述

我从cer文件创建密钥库时遇到问题。

I have a problem with the creation of keystore from cer files.

我有三个文件：

1. NameCertyfikat2015.cer


2. NameIntermediateCA.cer


3. NamePrivateKey.txt

我想获取jks密钥库文件。如何使用keytool做到这一点？我需要该文件作为wildfly容器。

And I want to get jks Keystore file. How can I do this using keytool? I need that file for wildfly container.

我的NamePrivateKey.txt开头为：

My NamePrivateKey.txt start with:

-----BEGIN RSA PRIVATE KEY-----

推荐答案

添加4/21：找到重复项：

ADDED 4/21: Found duplicates:

• 创建密钥库，如何从现有证书（abc.crt）和abc创建密钥库.key文件？


• 转换从pem到jks的证书


• 在Java密钥库中导入现有的x509证书和私钥以在ssl中使用

• How can i create keystore from an existing certificate (abc.crt) and abc.key files?
• convert certificate from pem into jks
• importing an existing x509 certificate and private key in Java keystore to use in ssl

keytool 不能直接处理私钥。

keytool does not handle private keys directly.

正常过程为：

1. keytool -genkeypair JKS中的私钥和公钥


2. keytool -certreq 从该密钥对
生成一个CSR

3. 将该CSR（和相关证据）发送给CA以获取证书


4. keytool -importcert 证书，以及任何需要的中间或链式证书，插入 相同 JKS

1. keytool -genkeypair the privatekey and publickey in a JKS
2. keytool -certreq generate a CSR from that keypair
3. send the CSR (and related evidence) to a CA to get a certificate
4. keytool -importcert the certificate, plus any needed intermediate or "chain" certficate(s), into the same JKS

如果您没有包含privateKey的JKS，但是您的PrivateKey.txt文件包含私有密钥采用openssl可用的格式-它是否以 ----- BEGIN 行开头，后接几行base64和匹配的 ----- END 行，如果是的话，以BEGIN命名的类型是什么？ -并且拥有或获得openssl，则可以使用openssl将私钥和相关证书组合到 PKCS＃12 文件中，然后将 keytool 可以像这样将PKCS＃12转换为JKS：

If you don't have the JKS with the privateKey in it, but your PrivateKey.txt file contains the private key in a format usable by openssl -- does it begin with a -----BEGIN line followed by some lines of base64 and a matching -----END line and if so what is the type named after BEGIN? -- and you have or get openssl, you can use openssl to combine the privatekey and the related certs into a PKCS#12 file, and then keytool can convert the PKCS#12 to a JKS like this:

keytool -importkeystore -srckeystore p12file -srcstoretype pkcs12 -destkeystore jksfile 

或者根据 https://issues.jboss.org/browse/WFLY-3686 （足够近了吗？）Wildfly可以原样使用PKCS12密钥库（代替

Or according to https://issues.jboss.org/browse/WFLY-3686 (sufficiently recent?) Wildfly can use a PKCS12 keystore as-is (instead of JKS).

编辑4/21：openssl pkcs12 实用程序的文档在手册页上您的系统（如果安装了Unix且安装了OpenSSL（通常是第1ssl节或类似内容），或者在线访问 https://www.openssl.org/docs/apps/pkcs12.html#FILE-CREATION-OPTIONS ，或上述重复项或als o 将CERT / PEM证书转换为PFX证书

EDIT 4/21: Documentation for the openssl pkcs12 utility is in a man page on your system if Unix-like with OpenSSL installed (typically section 1ssl or similar), or online at https://www.openssl.org/docs/apps/pkcs12.html#FILE-CREATION-OPTIONS, or in the duplicates above, or also Convert a CERT/PEM certificate to a PFX certificate

这篇关于如何从cer文件创建密钥库？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！