Java keyTool - 将主要/辅助中间证书附加到密钥库 [英] Java keyTool - append primary/secondary intermediate certificates to key store
问题描述
我已经创建了一个密钥库(图像中的server.jks),导入了相关的密钥对。
keytool -importkeystore -srckeystore server.p12 -destkeystore server.jks -srcstoretype pkcs12
我需要使用java密钥工具将中间证书附加到它。
使用KeyStore explorer工具,我可以在右键单击上下文菜单后附加证书,就像在附加的图像中一样。
在添加附加证书选项后添加主要/中间证书后,我可以看到
---主中间证书
| ---辅助中间证书
| ---我的服务器证书
我非常想知道如何做,使用(LINUX)命令行上的Java KeyTool。
提前感谢。
解决方案这或多或少是这个问题的问题。您需要准备一个表示证书链的文件,每个证书后面是颁发证书链的CA证书。
---- -BEGIN CERTIFICATE -----
MIICajCCAdOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVSzEa
....
----- END CERTIFICATE -----
----- BEGIN CERTIFICATE-- ---
MIICkjCCAfugAwIBAgIJAKm5bDEMxZd7MA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNV
....
----- END CERTIFICATE -----
您可能需要先从密钥库导出您的EEC(终端实体证书)(
keytool -exportcert ...)。然后,使用您选择的文本编辑器(vi,emacs,gedit,...)或cat按顺序连接您的EEC和中间证书。然后根据包含您的私钥(keytool -importcert -alias ...)的别名将生成的文件导入到您的密钥库中。I have already created a keystore (server.jks in the image) having imported the relevant key-pair.
keytool -importkeystore -srckeystore server.p12 -destkeystore server.jks -srcstoretype pkcs12I need to append intermediate certificates to it using the java keytool.
Using KeyStore explorer tool on windows, I can append certificates following the right click context menu, just like in the attached image.
After adding the primary/intermediate certificates following the Append Certificate option, I can see it on the KeyStore explorer like a tree.
---primary intermediate certificate |---secondary intermediate certificate |---my server certificateI am very much interested in knowing how this can be done, using the 'Java KeyTool' on the (LINUX) command line.
Thank you in advance.
解决方案This is more or less the same problem as in this question. You need to prepare a file representing the certificate chain, each certificate followed by the CA certificate that issued it.
-----BEGIN CERTIFICATE----- MIICajCCAdOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVSzEa .... -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICkjCCAfugAwIBAgIJAKm5bDEMxZd7MA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNV .... -----END CERTIFICATE-----You may need to export your EEC (End Entity Certificate) from your keystore first (
keytool -exportcert ...). Then, use the text editor of your choice (vi, emacs, gedit, ...) orcatto concatenate your EEC and the intermediate certificate(s) in order. Then import the resulting file into your keystore against the alias that contains your private key (keytool -importcert -alias ...).这篇关于Java keyTool - 将主要/辅助中间证书附加到密钥库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
