无法将.p12证书导入cacerts [英] Unable to import .p12 certificate to cacerts
问题描述
将 .p12 导入 cacerts 我遇到以下问题。第一行说别名已经存在,然后当我尝试覆盖它时说别名找不到。请帮我解决这个问题。
While importing .p12 to cacerts I'm facing the following issue. First line says alias already exists and then when I try to overwrite it says alias not found. Please help me tackle this issue.
/usr/java/default/jre/bin/keytool -importkeystore -deststorepass changeit -destkeystore /usr/java/default/jre/lib/security/cacerts -srckeystore /home/sogadm/MB_copy/MB_client.p12 -srcstoretype pkcs12 -srcstorepass 123456 -alias mb_ca
Existing entry alias mb_ca exists, overwrite? [no]: yes
keytool error: java.lang.Exception: Alias <mb_ca> does not exist
推荐答案
这可能意味着:
- 在
cacerts你 已经拥有 在.p12中使用别名 mb_ca - 的条目不有一个带别名的条目 mb_ca
- in
cacertsyou already have an entry with alias mb_ca - in
.p12you don't have an entry with alias mb_ca
尝试执行以下操作:
-
使用
-list查看.p12的现有条目和他们的别名。适应您的示例,它将是这样的:
keytool -list -keystore /home/sogadm/MB_copy/MB_client.p12 -storepass 123456 -storetype PKCS12 -v
Use
-listto see the existing entries of.p12and their alias. Adapted to your example it will be something like this:keytool -list -keystore /home/sogadm/MB_copy/MB_client.p12 -storepass 123456 -storetype PKCS12 -v
-delete <$ c $中的现有 mb_ca 条目c> cacerts ,如果它是错误的或者你不需要它
-delete the existing mb_ca entry in cacerts, if it is a wrong one or if you don't need it
实际上,如果 cacerts 是受信任的证书存储区,则不应从 .p12中导入私钥条目。首先导出公钥,然后将其导入 cacerts :
Actually, if cacerts is a trusted certificates store you shouldn't import to it the private key entry from your .p12. Export the public key first, then import it to cacerts:
keytool -exportcert -keystore /home/sogadm/MB_copy/MB_client.p12 -storepass 123456 -storetype PKCS12 -alias p12_entry_alias -file /home/sogadm/MB_copy/MB_client.cer
keytool -importcert -keystore /usr/java/default/jre/lib/security/cacerts -storepass changeit -alias mb_client -file /home/sogadm/MB_copy/MB_client.cer
希望有所帮助。
这篇关于无法将.p12证书导入cacerts的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
