Java的密钥工具 - 追加小学/中学中级证书密钥存储 [英] Java keyTool - append primary/secondary intermediate certificates to key store
问题描述
我已经创建了一个密钥库(在图像中server.jks),具有进口相关的密钥对。
I have already created a keystore (server.jks in the image) having imported the relevant key-pair.
keytool -importkeystore -srckeystore server.p12 -destkeystore server.jks -srcstoretype pkcs12
我需要使用Java keytool到中间证书追加到它。
I need to append intermediate certificates to it using the java keytool.
在Windows上使用密钥库资源管理器工具,我可以追加证书以下右键快捷菜单,就像连接形象。
Using KeyStore explorer tool on windows, I can append certificates following the right click context menu, just like in the attached image.
添加以下追加证书选项初级/中级证书后,我可以看到它在密钥库探险家就像一棵树。
After adding the primary/intermediate certificates following the Append Certificate option, I can see it on the KeyStore explorer like a tree.
---primary intermediate certificate
|---secondary intermediate certificate
|---my server certificate
我在知道如何可以做到这一点,使用Java的密钥工具'的(LINUX)命令行上非常有兴趣。
I am very much interested in knowing how this can be done, using the 'Java KeyTool' on the (LINUX) command line.
感谢您提前。
推荐答案
这是更多的还是同样的问题少如这个问题。您需要prepare文件重新presenting证书链,每个证书后发出它的CA证书。
This is more or less the same problem as in this question. You need to prepare a file representing the certificate chain, each certificate followed by the CA certificate that issued it.
-----BEGIN CERTIFICATE-----
MIICajCCAdOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVSzEa
....
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICkjCCAfugAwIBAgIJAKm5bDEMxZd7MA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNV
....
-----END CERTIFICATE-----
您可能需要将EEC(最终实体证书)从你的密钥存储第一出口(密钥工具-exportcert ... )。然后,使用您选择的文本编辑器(六,Emacs的,gedit的,...)或猫来连接你的EEC和以中间证书(S)。然后将生成的文件导入到你对包含您的私钥的别名密钥库(密钥工具-importcert -alias ... )。
You may need to export your EEC (End Entity Certificate) from your keystore first (keytool -exportcert ...). Then, use the text editor of your choice (vi, emacs, gedit, ...) or cat to concatenate your EEC and the intermediate certificate(s) in order. Then import the resulting file into your keystore against the alias that contains your private key (keytool -importcert -alias ...).
这篇关于Java的密钥工具 - 追加小学/中学中级证书密钥存储的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
