如何将.cer证书导入到java密钥库? [英] How to import a .cer certificate into a java keystore?
问题描述
在Java Webservice客户端的开发过程中遇到了一个问题。 Web服务的身份验证使用客户端证书,用户名和密码。我从webservice后面的公司收到的客户端证书是 .cer 格式。当我使用文本编辑器检查文件时,它有以下内容:
During the development of a Java webservice client I ran into a problem. Authentication for the webservice is using a client certificate, a username and a password. The client certificate I received from the company behind the webservice is in .cer format. When I inspect the file using a text editor, it has the following contents:
-----BEGIN CERTIFICATE-----
[Some base64 encoded data]
-----END CERTIFICATE-----
我可以在Internet Explorer中导入此文件作为证书(无需输入密码!),并使用它来验证Web服务。
I can import this file as a certificate in Internet Explorer (without having to enter a password!) and use it to authenticate with the webservice.
我能够导入这个证书到密钥库中,首先剥离第一行和最后一行,转换为unix换行符并运行base64-decode。生成的文件可以导入到密钥库(使用 keytool 命令)。当我列出密钥库中的条目时,此条目的类型为 trustedCertEntry 。因为此条目类型(?),我不能使用此证书与Web服务进行身份验证。我开始认为提供的证书是用于身份验证的公共证书...
I was able to import this certificate into a keystore by first stripping the first and last line, converting to unix newlines and running a base64-decode. The resulting file can be imported into a keystore (using the keytool command). When I list the entries in the keystore, this entry is of the type trustedCertEntry. Because of this entry type (?) I cannot use this certificate to authenticate with the webservice. I'm beginning to think that the provided certificate is a public certificate which is being used for authentication...
一个解决方法我发现是导入证书在IE并将其导出为 .pfx 文件。此文件可以作为密钥库加载,并可用于与Web服务进行身份验证。但是,我不能指望我的客户端每次收到新证书时都执行这些步骤。所以我想直接加载 .cer 文件到Java。任何想法?
A workaround I have found is to import the certificate in IE and export it as a .pfx file. This file can be loaded as a keystore and can be used to authenticate with the webservice. However I cannot expect my clients to perform these steps every time they receive a new certificate. So I would like to load the .cer file directly into Java. Any thoughts?
附加信息:webservice背后的公司告诉我,应该从PC和要导入的用户请求证书(使用IE和网站)证书后。也许这有助于...
Additional info: the company behind the webservice told me that the certificate should be requested (using IE & the website) from the PC and user that would import the certificate later. Maybe that helps...
提前感谢,
Jan-Pieter
Jan-Pieter
推荐答案
- 如果您想要验证您需要私钥。
- 证书是具有额外属性(如公司名称,国家/地区,...)的公钥,由一些证书颁发机构签署,以确保所附属性true。
- .CER文件是证书,没有私钥。私钥通常提供有.PFX密钥库文件。
如果您真的认证是因为您已经导入了私钥。 -
您通常可以导入.CER证书,而不会出现任何问题
- If you want to authenticate you need the private key. There's no other option.
- A certificate is a public key with extra properties (like company name, country,...) that is signed by some Certificate authority that guarantees that the attached properties are true.
- .CER files are certificates and don't have the private key. The private key is provided with a .PFX keystore file normally. If you really authenticate is because you already had imported the private key.
You normally can import .CER certificates without any problems with
keytool -importcert -file certificate.cer -keystore keystore.jks -alias "Alias"
这篇关于如何将.cer证书导入到java密钥库?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
