将证书从pem转换为jks [英] convert certificate from pem into jks
问题描述
我必须将pem格式的证书转换为java密钥存储。
要在Windows服务器上使用这个包含tomcat的证书
我有这些文件:
-
cert_request.csr
----- BEGIN证书请求-----
...
----- END CERTIFICATE REQUEST- ----
-
cert_public_key.pem
----- BEGIN CERTIFICATE -----
...
----- END CERTIFICATE -----
-
cert_private_key.pem
----- BEGIN ENCRYPTED PRIVATE KEY -----
...
----- END ENCRYPTED PRIVATE KEY -----
-
cert.txt
code>包含16位数字键
我尝试合并pem文件(通过将两个文件链接在一起),并将其与openssl转换为
- .der文件
- 直接导入密钥库
< >
我也尝试更改
----- BEGIN ENCRYPTED PRIVATE KEY -----
...
----- END ENCRYPTED PRIVATE KEY -----
到
----- BEGIN RSA私人密钥-----
...
----- END RSA PRIVATE KEY -----
尝试上述3种方式
我需要做什么才能取得工作证书? > EDIT:
我将cert_public_key.pem和cert_private_key.pem合并到cert_comb.pem
----- BEGIN CERTIFICATE -----
...
----- END CERTIFICATE -----
---- -
...
----- END ENCRYPTED PRIVATE KEY -----
您不清楚您合并哪些文件,但它应该工作到
使用openssl组合cert和PKCS#12的私钥:
cat cert_public_key.pem cert_private_key.pem | openssl pkcs12 -export -out cert.p12
如果您的证书需要任何链证书 - 当你提交
的CSR时,CA应该告诉你,他们发出了证书 - 现在最容易包括它们。
然后(1)某些 Java程序实际上可以直接使用pkcs12作为密钥库
,但是如果您需要或更喜欢JKS使用keytool:
keytool -importkeystore -srckeystore cert.p12 -srcstoretype pkcs12 -destkeystore cert.jks
如果你关心的JKS中的别名,转换后最容易修复它。
此外:只是更改加密PEM中的标签不会解密它,也不会将
标签从通用PKCS#8更改为RSA数据匹配(和他们不同,
虽然只有一点)。如果你想要一个单独的PEM文件与解密的私钥:
openssl pkcs8 -in encryptedpk8 -out clearpk8.pem
openssl rsa -in encryptedpk8 -out clearrsa.pem
I have to convert a certificate in pem format into an java key store.
To use this one with tomcat at a windows server
I've got those files:
cert_request.csr
-----BEGIN CERTIFICATE REQUEST----- ... -----END CERTIFICATE REQUEST-----cert_public_key.pem
-----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----cert_private_key.pem
-----BEGIN ENCRYPTED PRIVATE KEY----- ... -----END ENCRYPTED PRIVATE KEY-----cert.txt
contains an 16 digit key
I tryed to combine the pem files (by combining the two files were chain together) and converted this with openssl into an
- .der file and import that with keytool into an new keystore
- same with .p12
- directly imported to keystore
I also tryed to change the
-----BEGIN ENCRYPTED PRIVATE KEY-----
...
-----END ENCRYPTED PRIVATE KEY-----
into
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
and tryed the 3 ways above
what have I to do that I get an working certificate?
EDIT:
I combinied the cert_public_key.pem and the cert_private_key.pem to cert_comb.pem
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN ENCRYPTED PRIVATE KEY-----
...
-----END ENCRYPTED PRIVATE KEY-----
You aren't clear which files you combined, but it should work to use openssl to combine the cert and private key to a PKCS#12:
cat cert_public_key.pem cert_private_key.pem | openssl pkcs12 -export -out cert.p12
If your cert needs any chain cert(s) -- the CA should have told you this when you submitted the CSR and they issued the cert -- it's easiest to also include it(them) now.
Then (1) some Java programs can actually use a pkcs12 directly as a keystore, but (2) if you need or prefer a JKS use keytool:
keytool -importkeystore -srckeystore cert.p12 -srcstoretype pkcs12 -destkeystore cert.jks
If you care about the alias in the resulting JKS, easiest to fix it after converting.
Also: just changing the labels in an encrypted PEM doesn't unencrypt it, nor does changing the label from generic PKCS#8 to RSA actually change the data to match (and they are different, though only a little). If you do want a separate PEM file with the decrypted private key:
openssl pkcs8 -in encryptedpk8 -out clearpk8.pem
openssl rsa -in encryptedpk8 -out clearrsa.pem
这篇关于将证书从pem转换为jks的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
