输入的不是X.509证书即使转换为DER也无法使用 [英] Input not an X.509 certificate Not working even after converting to DER
问题描述
First of all I have already seen the post keytool error: java.lang.Exception: Input not an X.509 certificate. I am unable to apply the same solution in my situation thats why I am posting this thread. When I tried to import my PEM file into keytoo it said that
keytool错误:java.lang.Exception:输入的不是X.509证书
keytool error: java.lang.Exception: Input not an X.509 certificate
当我尝试使用openssl连接到具有-CAfile选项作为此PEM文件的服务器时.它成功连接.
When I tried to use openssl to connect to my server having -CAfile option as this PEM file. it connected suxxessfully.
我按照上述帖子中的建议将PEM文件转换为DER文件,
I converted the PEM file into DER file as suggested in the above post using,
openssl x509 -outform der -in foo.pem -out foo.der
我已将der文件成功导入到keytool中.但是,当我尝试连接到使用openSSL中的PEM文件可连接的服务器时,无法连接.扔
I imported the der file successfully into keytool. But when I try to connect to the server which was connectable using PEM file in openSSL, I am unable to connect. It is throwing
在
javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown Source)
at com.ibm.net.ssl.www.protocol.https.b.b(Unknown Source)
at com.ibm.net.ssl.www.protocol.http.cb.a(Unknown Source)
at com.ibm.net.ssl.www.protocol.http.cb.p(Unknown Source)
我创建了一个新线程来引起大家的即时关注,因为它是如此紧急.请帮助.
I have created a new thread to get immediate attention from you guys as it is so urgent fo rme. Kindly help.
推荐答案
keytool仅支持单个证书PEM文件.它们不能包含 ----- BEGIN CERTIFICATE --------- 和 ----- END CERTIFICATE ----- 括号之外的任何内容.
keytool only supports single certificate PEM files. They can not include anything outside of the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- brackets.
使用多部分PEM文件(例如ca-bundle.crt)时,需要将每个证书提取到单独的文件中.使用keytool导入之前,无需将它们转换为DER
When using multipart PEM files, such as ca-bundle.crt, you will need to extract each certificate into a separate file. It's not necessary to convert them to DER before importing using keytool
您还可以使用我的工具 https://code.google.com/p/java-keyutil/,可以将多部分PEM文件直接导入JKS文件.
You could also use my tool, https://code.google.com/p/java-keyutil/, which can import multipart PEM files straight into JKS files.
这篇关于输入的不是X.509证书即使转换为DER也无法使用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
