keytool错误:java.lang.Exception:答复和密钥库中的公共密钥不匹配 [英] keytool error: java.lang.Exception: Public keys in reply and keystore don't match

问题描述

将认证文件导入密钥库时遇到此问题:

I have this problem when I import a certification file into keystore:

keytool错误:java.lang.Exception:答复和密钥库中的公共密钥不匹配

keytool error: java.lang.Exception: Public keys in reply and keystore don't match

我执行此操作:

1)在服务器上创建我的密钥库:

1) create my keystore on the server :

keytool -genkey -keystore C:\keystore\keystore -alias jboss -keyalg RSA

2)我有domain.pfx并将其转换为以下命令:

2) I have domain.pfx and convert it whit this command:

• openssl pkcs12 -in domain.pfx -clcerts -nokeys -out domain.cer

• openssl pkcs12 -in domain.pfx -clcerts -nokeys -out domain.cer

openssl pkcs12 -in domain.pfx -nocerts -nodes -out domain_encrypted.key

openssl pkcs12 -in domain.pfx -nocerts -nodes -out domain_encrypted.key

openssl rsa -in domain_encrypted.key -out domain.key

openssl rsa -in domain_encrypted.key -out domain.key

现在我有3个新文件:

• domain.cer
• domain_encrypted.key
• domain.key

3)最后，将domain.cer导入到jboss别名中的C:\ keystore \ keystore中:

3) In the end, Import the domain.cer into C:\keystore\keystore in the jboss alias:

keytool -import -alias jboss -keystore C:\keystore\keystore -file C:\cert\domain.cer

但是我有这个错误:

keytool错误:java.lang.Exception:答复和密钥库中的公共密钥不匹配

keytool error: java.lang.Exception: Public keys in reply and keystore don't match

出什么问题了?

推荐答案

密钥库包含两种条目类型:

A keystore comprises of two entries types:

1. 私有密钥条目(它将存储在密钥库中的私钥与在密钥库中导入的证书绑定在一起.)在这里，别名必须保持与创建密钥库文件时使用的别名相同.

1. Private Key Entry (which binds the private key stored in the keystore with the certificate imported in the keystore.) Here, the alias must remain the same which was used when the keystore file was created.

受信任的条目:-此条目包括所有受信任的证书条目，包括根证书和中间证书.

Trusted Entry :- This entry comprises of all the trusted certificate entries including the root and intermediate certificates.

如果密钥库绑定到tomcat的server.xml文件中的域，则它必须包含私钥项.

If a keystore is binded to a domain in the server.xml file of tomcat, then it must contain the private key entry.

现在，按照执行的步骤，首先创建一个密钥库(在其中生成了一个私钥)，然后尝试将证书导入到密钥库中.但是在命令中，您没有使用通过openssl转换的私钥.您使用了在生成密钥库时新生成的私钥.

Now, as per your performed steps, you created a keystore first (a private key got generated in it) and then you tried to import the certificate in keystore. But in the command you didn't use the private key which you converted using openssl; you used the private key which freshly got generated when you generated the keystore.

当您随身携带domain.pfx时，您可以使用以下keytool命令立即将其转换:

As you have the domain.pfx with you, yo can straight away convert it using the below keytool command:

keytool -importkeystore -srckeystore domain.pfx -srcstoretype pkcs12 -destkeystore name_of_the_keystore_file.jks -deststoretype jks

注意:确保密钥库密码和密钥密码保持相同.

Note: Make sure the keystore password and the key password remains the same.

这篇关于keytool错误:java.lang.Exception:答复和密钥库中的公共密钥不匹配的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！