如何在 Java 密钥库中导入现有的 X.509 证书和私钥以在 SSL 中使用? [英] How to import an existing X.509 certificate and private key in Java keystore to use in SSL?

查看:40
本文介绍了如何在 Java 密钥库中导入现有的 X.509 证书和私钥以在 SSL 中使用?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我在 ActiveMQ 配置中有这个:

I have this in an ActiveMQ config:

<sslContext>
        <sslContext keyStore="file:/home/alex/work/amq/broker.ks"  
 keyStorePassword="password" trustStore="file:${activemq.base}/conf/broker.ts" 
 trustStorePassword="password"/>
</sslContext>

我有一对 X.509 证书和一个密钥文件.

I have a pair of X.509 cert and a key file.

如何导入这两个以便在 SSL 和 SSL+stomp 连接器中使用它们?我可以用谷歌搜索的所有示例总是自己生成密钥,但我已经有了一个密钥.

How do I import those two in order to use them in SSL and SSL+stomp connectors? All examples I could google always generate the key themselves, but I already have a key.

我试过了

keytool -import  -keystore ./broker.ks -file mycert.crt

但这只会导入证书而不是密钥文件并导致

but this only imports the certificate and not the key file and results in

2009-05-25 13:16:24,270 [localhost:61612] ERROR TransportConnector - Could not accept connection : No available certificate or key corresponds to the SSL cipher suites which are enabled.

我尝试连接证书和密钥,但得到了相同的结果.

I have tried concatenating the cert and the key but got the same result.

如何导入密钥?

推荐答案

信不信由你,keytool 并没有提供像将私钥导入密钥库这样的基本功能.你可以试试这个解决方法 将带有私钥的 PKSC12 文件合并到密钥库:

Believe or not, keytool does not provide such basic functionality like importing private key to keystore. You can try this workaround with merging PKSC12 file with private key to a keystore:

keytool -importkeystore 
  -deststorepass storepassword 
  -destkeypass keypassword 
  -destkeystore my-keystore.jks 
  -srckeystore cert-and-key.p12 
  -srcstoretype PKCS12 
  -srcstorepass p12password 
  -alias 1

或者只是使用更用户友好的 KeyMan 来自 IBM,用于处理密钥库而不是 keytool.

Or just use more user-friendly KeyMan from IBM for keystore handling instead of keytool.

这篇关于如何在 Java 密钥库中导入现有的 X.509 证书和私钥以在 SSL 中使用?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆