将更新的 PFX 通配符安装到 tomcat 密钥库中 [英] Installing updated PFX wildcard into tomcat keystore

问题描述

所以我有一个客户，他的组织 *.company.com 有一个 pfx 通配符证书.我需要将证书放入我们使用 Tomcat Apache 7 的软件的 tomcat 密钥库中.我是否需要将此 pfx 文件转换为 pem 文件才能执行此操作?

So I have a customer that has a pfx wildcard certificate for his organization *.company.com. I need to get the certificate into the tomcat keystore for our software that uses Tomcat Apache 7. Do I need to convert this pfx file to pem files in order to do this?

这让我更加困惑，因为我已经习惯于仅通过创建密钥库、生成 CSR、提交和安装来执行 SSL，但由于前三个步骤现在已经完成，我只是不想搞砸密钥库(显然会进行备份).

It confuses me more because I'm so used to doing SSL just with creating the keystore, generating the CSR, submitting, and installing but since the first three steps are done now I just don't want to screw up the keystore (obviously will make a backup).

任何帮助都会很棒，尽管我确定我遗漏了重要的细节，但请随时问我更多问题.

Any help would be great, feel free to ask me more questions though as I'm sure I left out important details.

推荐答案

在网上找到了一些文档，有些指出必须从 PFX/PKCS12 格式中提取密钥并转换为 JKS(Java 密钥库).但我也看到一些文档建议只输入密钥库文件作为 pfx 文件.所以我尝试了并且成功了.

Found some documentation around the web and some pointed to having to extract the keys out of the PFX/PKCS12 format and convert to JKS (Java Keystore). But I also saw some documentation that suggests just entering the keystore file as the pfx file. So I tried that and worked.

keystoreFile="certificate.pfx" keystorePass="yourpassword" keystoreType="PKCS12"

将 PKCS12 设置为密钥库类型很重要，因为默认情况下我相信 Tomcat 正在寻找 JKS 格式.

It's important to set PKCS12 as the keystore type as by default I believe Tomcat is looking for JKS formats.

希望这对未来的人有所帮助.

Hope this helps someone out in the future.

这篇关于将更新的 PFX 通配符安装到 tomcat 密钥库中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！