合并2个.jks信任库文件 [英] Merge 2 .jks truststore files

问题描述

我正在使用已启用SSL的Tomcat，并使用信任库进行客户端身份验证.

I am using a Tomcat that is SSL enabled, using truststores for client authentication.

我有两个.jks trustore文件.

I have two .jks trustore files.

首先，我将其用于PROD环境，将其用于TEST环境客户端证书.

The first, I use it for the PROD environment and the other for the TEST environment client certificates.

我在Tomcat上部署了Web应用程序，直到现在，我还是在配置中设置了上述文件之一(根据环境而定).

I deploy the web application, on a Tomcat and until now i was setting one of the above files in the configuration (according to the environment).

是否可以将这些文件合并到一个将接受PROD和TEST环境的客户端证书的.jks信任库中?

Is it possible i can merge those files into one .jks truststore that will accept client certificates both for PROD and TEST environments?

我需要提及的是，我拥有两个信任库的密码.

I need to mention that i have the passwords for both truststores.

谢谢！

推荐答案

您可以使用keytool的-importkeystore选项将条目从一个密钥库/信任库导入到另一个:

You can use the -importkeystore option of keytool to import an entry from one keystore/truststore to another:

keytool -importkeystore -srckeystore test.jks -destkeystore common.jks -srcalias myRootCA -destalias myRootCA_TEST -srcstorepass **** -deststorepass ****
keytool -importkeystore -srckeystore prod.jks -destkeystore common.jks -srcalias myRootCA -destalias myRootCA_PROD -srcstorepass **** -deststorepass ****

然后common.jks将包含两个CA以验证客户端证书.但是，可能还需要重新配置该应用程序.

The common.jks will then contain both CA to validate the client certificates. However, the application may also need to be reconfigured.

这篇关于合并2个.jks信任库文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！