创建 .p12 文件 [英] Creating a .p12 file
问题描述
使用openssl
,我创建了一个私钥如下:
Using openssl
, I've created a private key as follows:
openssl genrsa -out myKey.pem
然后,为了生成 CA 要求的 csr
,我执行了以下操作:
Then, to generate the csr
demanded by the CA, I've executed the following:
openssl req -new -key myKey.pem -out cert.csr
CA 用我存储在名为 myCert.cer
The CA responded with a certificate which I stored in a file named myCert.cer
我现在想将必要的组件(私钥、公钥(?)和证书)捆绑到一个 .p12
中.为此,我运行了以下命令:
I'd now like to bundle the necessary components (private key, public key(?) and certificate) into a single .p12
. To do so I've run the following:
openssl pkcs12 -export -out keyStore.p12 -inkey myKey.pem -in myCert.cer
但我收到以下错误消息:
but I'm getting the following error message:
No certificate matches private key
我怎样才能做到这一点?
How can I accomplish this?
推荐答案
openssl
documentation 表示作为 -in
参数提供的文件必须采用 PEM 格式.
The openssl
documentation says that file supplied as the -in
argument must be in PEM format.
事实证明,与 CA 的手册相反,我存储在 myCert.cer
中的 CA 返回的证书不是 PEM 格式,而是 PKCS7.
Turns out that, contrary to the CA's manual, the certificate returned by the CA which I stored in myCert.cer
is not PEM format rather it is PKCS7.
为了创建我的.p12
,我必须先将证书转换为PEM:
In order to create my .p12
, I had to first convert the certificate to PEM:
openssl pkcs7 -in myCert.cer -print_certs -out certs.pem
然后执行
openssl pkcs12 -export -out keyStore.p12 -inkey myKey.pem -in certs.pem
这篇关于创建 .p12 文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!