如何添加证书链到密钥库？ [英] How to add certificate chain to keystore?

问题描述

我有证书链的文件 - certificate.cer：

I have file with chain of certificates - certificate.cer:

subject=/C...
issuer=/C=US/O=VeriSign, Inc...
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

subject=/C=US/O=VeriSign, Inc...
issuer=/C=US/O=VeriSign, Inc...
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

subject=/C=US/O=VeriSign, Inc...
issuer=/C=US/O=VeriSign, Inc...
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

我所做的：

I need to add this chain of certificates to keystore.
What I do:

openssl x509 -outform der -in certificate.cer -out cert.der
keytool -v -importcert -alias mykey -file cert.der -keypass <passwd> -keystore keystore -storepass <passwd> -alias <myalias>

结果我在密钥库中只有一个证书。

但应该有3 。

可能是错误的？

In result I have only 1 certificate in keystore.
But should have 3.
What could be wrong?

解决方案：

CA向我发送PKCS证书＃7格式。

我将其存储在certificate.p7b文件中，然后通过以下命令成功将其添加到密钥库：

SOLUTION:
CA sent me certificates in PKCS#7 format.
I stored them in certificate.p7b file and then successfully added them to keystore by following command:

keytool -import -trustcacerts -file certificate.p7b -keystore keystore -storepass <mypasswd> -alias "myalias"

推荐答案

导入证书链，如果输入以PKCS＃7格式给出，否则只导入单个证书。
您应该能够使用openssl将证书转换为PKCS＃7格式，通过openssl crl2pkcs7命令。

From the keytool man - it imports certificate chain, if input is given in PKCS#7 format, otherwise only the single certificate is imported. You should be able to convert certificates to PKCS#7 format with openssl, via openssl crl2pkcs7 command.

这篇关于如何添加证书链到密钥库？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！