openssl无法生成带有有效别名的pfx [英] openssl fails to produce a pfx with a valid alias
问题描述
我试图生成一个pfx文件,用作一些JAR文件的签名机制,如这条指示。
要创建pfx文件,我使用以下命令:
openssl pkcs12 -export -in my-cert.crt -inkey my-priv-key.key -certfile my-ca-bundle -out my-pfx.pfx
此命令成功地生成了一个pfx文件,但是当我尝试使用以下命令查找别名时
keytool -list -storetype pkcs12 -keystore my-pfx.pfx -v | grep别名
我得到以下响应
别名:2
和我做过的其他研究)返回的Alias应该看起来像这样
le-d491f28f-ee7b-40e2-b1a7-2b7c3a71979a
如果我尝试使用别名值我得到(例如2)使用以下命令
jarsigner -keystore my-pfx.pfx -storetype PKCS12 jacob.jar 2
pre>
这会导致以下错误消息
jarsigner:链找不到:2. 2必须引用包含私钥和对应的公钥证书链的有效KeyStore密钥条目。
我完全无法理解为什么我没有得到一个正确的别名..任何有用的建议? / p>
感谢
解决方案尝试使用
用命令
openssl pkcs12
命名alias
看起来像(其余的选项是从你的问题):
openssl pkcs12 -export -in my-cert.crt - inkey my-priv-key.key -certfile my-ca-bundle -out my-pfx.pfx -namealias
I am trying to generate a pfx file to use as a signing mechanism for some JAR files as per these instructions.
To create the pfx file I am using the following command
openssl pkcs12 -export -in my-cert.crt -inkey my-priv-key.key -certfile my-ca-bundle -out my-pfx.pfx
This command successfully generates me a pfx file, however, when I try to find the alias using the following command
keytool -list -storetype pkcs12 -keystore my-pfx.pfx -v | grep Alias
I get the following response
Alias name: 2
According to the note linked above (and other research I have done) the Alias returned should look something like this
le-d491f28f-ee7b-40e2-b1a7-2b7c3a71979a
If I try to use the Alias value I am getting (e.g. 2) using the following command
jarsigner -keystore my-pfx.pfx -storetype PKCS12 jacob.jar 2
which results in the following error message
jarsigner: Certificate chain not found for: 2. 2 must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.
I am totally stumped as to why I am not getting a correct alias.. Any helpful suggestions ?
Thanks
解决方案Try using option
-name "alias"
with commandopenssl pkcs12
.So, the full command may look like (the rest of options were taken from your question):
openssl pkcs12 -export -in my-cert.crt -inkey my-priv-key.key -certfile my-ca-bundle -out my-pfx.pfx -name "alias"
这篇关于openssl无法生成带有有效别名的pfx的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!