Java keyTool - 将主要/次要中间证书附加到密钥库 [英] Java keyTool - append primary/secondary intermediate certificates to key store
问题描述
我已经创建了一个导入相关密钥对的密钥库(图像中的 server.jks).
I have already created a keystore (server.jks in the image) having imported the relevant key-pair.
keytool -importkeystore -srckeystore server.p12 -destkeystore server.jks -srcstoretype pkcs12
我需要使用 java keytool 将中间证书附加到它.
I need to append intermediate certificates to it using the java keytool.
在 Windows 上使用 KeyStore 资源管理器工具,我可以在右键单击上下文菜单后附加证书,就像在附加图像中一样.
Using KeyStore explorer tool on windows, I can append certificates following the right click context menu, just like in the attached image.
在 Append Certificate 选项后添加主/中间证书后,我可以在 KeyStore 资源管理器中看到它就像一棵树.
After adding the primary/intermediate certificates following the Append Certificate option, I can see it on the KeyStore explorer like a tree.
---primary intermediate certificate
|---secondary intermediate certificate
|---my server certificate
我非常想知道如何使用 (LINUX) 命令行上的Java KeyTool"来完成此操作.
I am very much interested in knowing how this can be done, using the 'Java KeyTool' on the (LINUX) command line.
提前致谢.
推荐答案
这或多或少与这个问题中的问题相同.您需要准备一个表示证书链的文件,每个证书后跟颁发它的 CA 证书.
This is more or less the same problem as in this question. You need to prepare a file representing the certificate chain, each certificate followed by the CA certificate that issued it.
-----BEGIN CERTIFICATE-----
MIICajCCAdOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVSzEa
....
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICkjCCAfugAwIBAgIJAKm5bDEMxZd7MA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNV
....
-----END CERTIFICATE-----
您可能需要先从您的密钥库中导出您的 EEC(最终实体证书)(keytool -exportcert ...).然后,使用您选择的文本编辑器(vi、emacs、gedit、...)或 cat 按顺序连接您的 EEC 和中间证书.然后根据包含您的私钥的别名 (keytool -importcert -alias ...) 将生成的文件导入您的密钥库.
You may need to export your EEC (End Entity Certificate) from your keystore first (keytool -exportcert ...). Then, use the text editor of your choice (vi, emacs, gedit, ...) or cat to concatenate your EEC and the intermediate certificate(s) in order. Then import the resulting file into your keystore against the alias that contains your private key (keytool -importcert -alias ...).
这篇关于Java keyTool - 将主要/次要中间证书附加到密钥库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
