Java 将 PFX 文件导入现有 JKS 文件(不从 .pfx 转换为 .jks)
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/26808193/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Import PFX file into Existing JKS file (NOT converting from .pfx to .jks)
提问by Himalay Majumdar
I have Java web service and have implemented X.509 using jks files created by Java Keytool.
我有 Java Web 服务并使用 Java Keytool 创建的 jks 文件实现了 X.509。
keytool -genkey -keyalg RSA -sigalg SHA1withRSA -validity 730 -alias myservicekey -keypass skpass -storepass sspass -keystore serviceKeystore.jks -dname "cn=localhost"
keytool -genkey -keyalg RSA -sigalg SHA1withRSA -validity 730 -alias myclientkey -keypass ckpass -storepass cspass -keystore clientKeystore.jks -dname "cn=clientuser"
To establish trust between client and server I import the server certs to client and client certs to server.
为了在客户端和服务器之间建立信任,我将服务器证书导入客户端,将客户端证书导入服务器。
Import server public key (certs) to client.
将服务器公钥(证书)导入客户端。
keytool -export -rfc -keystore clientKeystore.jks -storepass cspass -alias myclientkey -file MyClient.cer
keytool -import -trustcacerts -keystore serviceKeystore.jks -storepass sspass -alias myclientkey -file MyClient.cer -noprompt
Import client public key(certs) to server
将客户端公钥(证书)导入服务器
keytool -export -rfc -keystore serviceKeystore.jks -storepass sspass -alias myservicekey -file MyService.cer
keytool -import -trustcacerts -keystore clientKeystore.jks -storepass cspass -alias myservicekey -file MyService.cer -noprompt
Both Service and Client are written in Java and are working fine. Now I have a .NET client and my understanding is that if I give the same jave client certificates to the .NET client i.e clientKeystore.jks it should work, but the .net client is having issues.
Service 和 Client 都是用 Java 编写的,并且运行良好。现在我有一个 .NET 客户端,我的理解是,如果我将相同的 java 客户端证书提供给 .NET 客户端,即 clientKeystore.jks 它应该可以工作,但是 .net 客户端有问题。
The .NET client developer has insisted me to use a .pfx certificate that he generated, how can I import a .pfx certificate into an existing .jks file.
.NET 客户端开发人员坚持要我使用他生成的 .pfx 证书,如何将 .pfx 证书导入现有的 .jks 文件。
The examples I have seen online require me to create a new .jks file.
我在网上看到的例子要求我创建一个新的 .jks 文件。
Thank you.
谢谢你。
采纳答案by KyleM
You can treat the file as a Java PKCS12 Keystore. You can use all of the same keytool commands, except you additionally need to specify -storetype PKCS12since the default is JKS. Example that works in JDK 1.6 and higher:
您可以将该文件视为 Java PKCS12 密钥库。您可以使用所有相同的 keytool 命令,除非您另外需要指定,-storetype PKCS12因为默认值为 JKS。适用于 JDK 1.6 及更高版本的示例:
keytool -importkeystore -srckeystore mypfxfile.pfx -srcstoretype pkcs12
-destkeystore clientcert.jks -deststoretype JKS
Also see thisthread. I think that answers your question, but if you don't mind a suggestion, I would simply output your existing JKS file as a P12 file, then give the P12 file to the .NET client. That would solve your issue if it is truly a format issue. You can do that by following the steps outlined here. If you still have issues, you should post the .NET client's Exception otherwise we cannot help you.
另请参阅此线程。我认为这可以回答您的问题,但如果您不介意建议,我会将您现有的 JKS 文件输出为 P12 文件,然后将 P12 文件提供给 .NET 客户端。如果它确实是格式问题,那将解决您的问题。您可以按照此处概述的步骤进行操作。如果您仍然有问题,您应该发布 .NET 客户端的异常,否则我们无法帮助您。
