如何导入Java密钥库中的现有x509证书和私钥以在SSL中使用？ [英] How to import an existing x509 certificate and private key in Java keystore to use in SSL?

问题描述

我在activemq配置中有这个

I have this in activemq config

<sslContext>
        <sslContext keyStore="file:/home/alex/work/amq/broker.ks"  
 keyStorePassword="password" trustStore="file:${activemq.base}/conf/broker.ts" 
 trustStorePassword="password"/>
</sslContext>

我有一对x509证书和密钥文件

I have a pair of x509 cert and a key file

如何导入这两个用于ssl和ssl + stomp连接器？我可以谷歌的所有例子总是自己生成密钥，但我已经有了密钥。

How do I import those two to be used in ssl and ssl+stomp connectors? All examples i could google always generate the key themselves, but I already have a key.

我试过了

keytool -import  -keystore ./broker.ks -file mycert.crt

但这仅导入证书而不是密钥文件并导致

but this only imports the certificate and not the key file and results in

2009-05-25 13：16：24,270 [ localhost：61612]错误TransportConnector - 无法接受连接：没有可用的证书或密钥对应于已启用的SSL密码套件。

I尝试连接证书和密钥但得到相同的结果

I have tried concatenating the cert and the key but got the same result

如何导入密钥？

推荐答案

相信与否，keytool不提供将私钥导入密钥库等基本功能。您可以通过将PKSC12文件与私钥合并到密钥库来尝试此解决方法。

Believe or not, keytool does not provide such basic functionality like importing private key to keystore. You can try this workaround with merging PKSC12 file with private key to a keystore.

或者只是使用更友好的用户 KeyMan 用于密钥库处理而不是keytool.exe。

Or just use more user-friendly KeyMan from IBM for keystore handling instead of keytool.exe.

这篇关于如何导入Java密钥库中的现有x509证书和私钥以在SSL中使用？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！