Java 如何将客户端 pkcs12 证书添加到 Postman Chrome, W7 ?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/27501819/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to add a client side pkcs12 certificate to Postman Chrome, W7 ?
提问by Poutrathor
I try to test a 'strange' GET request where I have to provide a BASIC authentication and a client side certificate.
我尝试测试一个“奇怪的”GET 请求,我必须在其中提供 BASIC 身份验证和客户端证书。
I try to check it with Postman Chrome but I did not understand how to link the certificate from chrome personal certificate to my request.
我尝试使用 Postman Chrome 检查它,但我不明白如何将 chrome 个人证书中的证书链接到我的请求。
I saw this discussion : https://github.com/a85/POSTMan-Chrome-Extension/issues/482but it is about MAC keystore and I can't transpose is to W7/Chrome.
我看到了这个讨论:https: //github.com/a85/POSTMan-Chrome-Extension/issues/482但它是关于 MAC 密钥库的,我不能转置到 W7/Chrome。
Here is my java code set up that should do the same job as postman to help you understand what I want postman to do. We use that post to write it
这是我的 java 代码设置,它应该与邮递员做同样的工作,以帮助您了解我想让邮递员做什么。我们用那篇文章来写
InputStream is = context.getResources().getAssets().open("CertificateFile.p12");
KeyStore keyStore = KeyStore.getInstance("PKCS12");
BufferedInputStream bis = new BufferedInputStream(is);
String password ="xxxxx";
keyStore.load(bis, password.toCharArray()); // password is the PKCS#12 password. If there is no password, just pass null
// Init SSL Context
KeyManagerFactory kmf = KeyManagerFactory.getInstance("X509");
kmf.init(keyStore, password.toCharArray());
KeyManager[] keyManagers = kmf.getKeyManagers();
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagers, null, null);
HttpsURLConnection urlConnection = null;
String strURL = "theUrlITryToHit";
url = new URL(strURL);
urlConnection = (HttpsURLConnection) url.openConnection();
if(urlConnection instanceof HttpsURLConnection) {
((HttpsURLConnection)urlConnection)
.setSSLSocketFactory(sslContext.getSocketFactory());
}
urlConnection.setRequestMethod("GET");
String basicAuth = "Basic " + Base64.encodeToString("pseudo:password".getBytes(), Base64.NO_WRAP);
urlConnection.setRequestProperty ("Authorization", basicAuth);
采纳答案by Chris.B
I was having a similar issue and just got it working. My private key and cert were stored in a .pem file, so I first needed to put them in to a format that Windows would use. I did that with the following command:
我遇到了类似的问题并且刚刚开始工作。我的私钥和证书存储在 .pem 文件中,因此我首先需要将它们放入 Windows 将使用的格式。我使用以下命令做到了这一点:
openssl pkcs12 -inkey mycertandkey.pem -in mycert.crt -export -out mycertandkey.pfx
I did this in linux but it should work in Windows as well, if you have openssl installed.
我在 linux 中做了这个,但它也应该在 Windows 中工作,如果你安装了 openssl。
Run certmgr.mscin Windows. Right-click the 'Personal' folder and select 'All tasks' -> 'Import...' and choose the .pfx file. Enter the passphrase and import it in to the 'Personal' folder.
certmgr.msc在 Windows 中运行。右键单击“个人”文件夹并选择“所有任务”->“导入...”并选择 .pfx 文件。输入密码并将其导入到“个人”文件夹中。
Once that's done, you'll need to close your running Chrome windows. Then open Postman in a new window. When you attempt to connect to the URL, this time it should ask to confirm the use of the client cert. Once confirmed, you should be able to make calls to the URL from then on.
完成后,您需要关闭正在运行的 Chrome 窗口。然后在新窗口中打开 Postman。当您尝试连接到 URL 时,这一次它应该要求确认使用客户端证书。确认后,您应该能够从那时起调用该 URL。
回答by mancocapac
I'm using a Mac, but its probably similar for you. If you can use CURL on your PC, see if you can get it to work with CURL first:
我使用的是 Mac,但它对您来说可能类似。如果您可以在 PC 上使用 CURL,请先查看是否可以使用 CURL:
curl --insecure --cert-type P12 --cert /path-to/your-file.p12:the-password https://your-host.com/endpoint
Postman Settings:
邮递员设置:
Postman->preferences->General
SSL certificate verification OFF
Postman Certs:
邮递员证书:
Postman->preferences->Certificates
Client Certificates:
Host yourhost.com
CRT file
Key file
PFX file /path-to-file/CertificateFile.p12
Passphrase your-file-password
