服务器crt和私钥的Keytool命令行 [英] Keytool command line for server crt and private key

问题描述

我正在使用密钥库资源管理器工具从我的PKCS12密钥库文件中创建服务器crt和私钥文件.这些工具很棒.

是否有相应的keytool命令行等效项?我确实检查了帮助.我不知道.

解决方案

这不是编程问题或问题，可能是为什么它被低票否决了.但是:

否. keytool没有任何操作可以从密钥库中单独写出私钥，也不能单独将私钥中的内容读入密钥库.这就是为什么我们会收到数百个关于后者的问题的原因，主要是在其他主题上的其他堆栈上.对于我最近回答的问题，请参见如何解决:jno_key_entry

对于 PKCS12 密钥库，openssl pkcs12 -in file -nocerts将以PEM格式提取一个或多个私有密钥.默认情况下，它已被加密，并且您必须提供一个(新)密码，但是您可以使用-nodes使其不被加密.如果密钥库中有多个私钥，则可能需要编辑输出以选择所需的一个或多个.

对于其他类型的密钥库，请使用keytool -importkeystore转换为PKCS12，然后按上述继续操作.如果(任何类型的)密钥库具有多个条目，则可以使用keytool -importkeystore和-alias来仅选择所需的条目，因此不需要上面的编辑步骤.

I was using keystore explorer tool to create a server crt and a private key file from my PKCS12 keystore file. The tools is great.

Is there any corresponding keytool commandline equivalent? I did check the help. I could not figure it out.

解决方案

This is not a programming question or problem which is probably why it has been downvoted and close-voted. But:

NO. keytool has no operations either to write out a privatekey alone from a keystore or read in a privatekey alone to a keystore. This is why we get hundreds of questions about the latter, mostly on other Stacks where they are on-topic. For the most recent one I answered, see How to resolve : jno_key_entry

For a PKCS12 keystore, openssl pkcs12 -in file -nocerts will extract the privatekey, or privatekeys, in PEM format. By default it/they is/are encrypted and you must give a (new) password, but you can use -nodes to get it/them unencrypted. If there is more than one privatekey in the keystore, you may need to edit the output to select the desired one (or ones).

For other type keystore, use keytool -importkeystore to convert to PKCS12, then continue as above. If (any type) keystore has multiple entries, you can use keytool -importkeystore with -alias to select only the desired entry, and thus not need the editting step above.

这篇关于服务器crt和私钥的Keytool命令行的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！