如何从cer文件创建密钥库 [英] How to create keystore from cer files

问题描述

我有从cer文件创建密钥库的问题。我有三个文件：

1. NameCertyfikat2015.cer


2. NameIntermediateCA.cer


3. NamePrivateKey.txt

我想要获得jks keystore文件，我该如何使用keytool？
我需要用于wildfly容器的文件

我的NamePrivateKey.txt以
开头----- BEGIN RSA PRIVATE KEY -----

解决方案

ADDED 4/21：找到重复项：

• 如何从现有证书（abc.crt）和abc.key文件创建密钥库？


• 将证书从pem转换为jks


• 在Java密钥库中导入现有x509证书和私钥以在ssl

keytool 不会直接处理私钥。

正常过程是：

1. code> keytool -genkeypair 中的privatekey和publickey


2. keytool -certreq 从
生成CSR

3. 将CSR（和相关证据）发送给CA以获取证书


4. keytool -importcert 将证书加上任何所需的中间或链证书，
$
如果您没有JKS的私钥，但您的PrivateKey.txt文件包含可以由openssl使用的格式的私钥 - 以 ----- BEGIN 行开头，后跟一些base64行和匹配的 ----- END 行，如果是这样，以BEGIN命名的类型是什么？ - 你有或者有openssl，你可以使用openssl将privatekey和相关证书合并到一个 PKCS＃12 文件中，然后 keytool 可以将PKCS＃12转换为JKS，如下所示：

  keytool -importkeystore -srckeystore p12file -srcstoretype pkcs12 -destkeystore jksfile 
  

或根据 https://issues.jboss.org/browse/WFLY-3686 （足够近？）Wildfly可以使用PKCS12密钥库（而不是 的JKS）。





编辑4/21：openssl pkcs12 实用程序的文档位于系统如果安装了OpenSSL（通常为第1ssl或类似部分）为Unix，或者在 https://www.openssl.org/docs/apps/pkcs12.html#FILE-CREATION-OPTIONS ，或在上面的副本中，或也将CERT / PEM证书转换为PFX证书




I have got problem with creation keystore from cer files. I have got three files :

1. NameCertyfikat2015.cer
2. NameIntermediateCA.cer
3. NamePrivateKey.txt

And i wanna to get jks keystore file, how can i do this using keytool ? I need that file for wildfly container

My NamePrivateKey.txt start with -----BEGIN RSA PRIVATE KEY-----

解决方案

ADDED 4/21: Found duplicates:

• How can i create keystore from an existing certificate (abc.crt) and abc.key files?
• convert certificate from pem into jks
• importing an existing x509 certificate and private key in Java keystore to use in ssl

keytool does not handle private keys directly.

The normal process is:

1. keytool -genkeypair the privatekey and publickey in a JKS
2. keytool -certreq generate a CSR from that keypair
3. send the CSR (and related evidence) to a CA to get a certificate
4. keytool -importcert the certificate, plus any needed intermediate or "chain" certficate(s), into the same JKS

If you don't have the JKS with the privateKey in it, but your PrivateKey.txt file contains the private key in a format usable by openssl -- does it begin with a -----BEGIN line followed by some lines of base64 and a matching -----END line and if so what is the type named after BEGIN? -- and you have or get openssl, you can use openssl to combine the privatekey and the related certs into a PKCS#12 file, and then keytool can convert the PKCS#12 to a JKS like this:

keytool -importkeystore -srckeystore p12file -srcstoretype pkcs12 -destkeystore jksfile 

Or according to https://issues.jboss.org/browse/WFLY-3686 (sufficiently recent?) Wildfly can use a PKCS12 keystore as-is (instead of JKS).

EDIT 4/21: Documentation for the openssl pkcs12 utility is in a man page on your system if Unix-like with OpenSSL installed (typically section 1ssl or similar), or online at https://www.openssl.org/docs/apps/pkcs12.html#FILE-CREATION-OPTIONS, or in the duplicates above, or also Convert a CERT/PEM certificate to a PFX certificate

这篇关于如何从cer文件创建密钥库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！