创建 .p12 文件 [英] Creating a .p12 file

问题描述

使用openssl，我创建了一个私钥如下:

Using openssl, I've created a private key as follows:

openssl genrsa -out myKey.pem

然后，为了生成 CA 要求的 csr，我执行了以下操作:

Then, to generate the csr demanded by the CA, I've executed the following:

openssl req -new -key myKey.pem -out cert.csr

CA 用我存储在名为 myCert.cer

The CA responded with a certificate which I stored in a file named myCert.cer

我现在想将必要的组件(私钥、公钥(?)和证书)捆绑到一个 .p12 中.为此，我运行了以下命令:

I'd now like to bundle the necessary components (private key, public key(?) and certificate) into a single .p12. To do so I've run the following:

openssl pkcs12 -export -out keyStore.p12 -inkey myKey.pem -in myCert.cer

但我收到以下错误消息:

but I'm getting the following error message:

No certificate matches private key

我怎样才能做到这一点?

How can I accomplish this?

推荐答案

openssl documentation 表示作为 -in 参数提供的文件必须采用 PEM 格式.

The openssl documentation says that file supplied as the -in argument must be in PEM format.

事实证明，与 CA 的手册相反，我存储在 myCert.cer 中的 CA 返回的证书不是 PEM 格式，而是 PKCS7.

Turns out that, contrary to the CA's manual, the certificate returned by the CA which I stored in myCert.cer is not PEM format rather it is PKCS7.

为了创建我的.p12，我必须先将证书转换为PEM:

In order to create my .p12, I had to first convert the certificate to PEM:

openssl pkcs7 -in myCert.cer -print_certs -out certs.pem

然后执行

openssl pkcs12 -export -out keyStore.p12 -inkey myKey.pem -in certs.pem

这篇关于创建 .p12 文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！