java 延长密钥库中 trustCertEntry 的到期日期
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/26916750/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Extending expiration date of trustedCertEntry within a keystore
提问by McLovin
Using keytool, I am trying to extend the expiration date of a trustedCertEntry within a keystore that I have. The keystore has the contents below
使用 keytool,我试图延长我拥有的密钥库中的 trustCertEntry 的到期日期。密钥库包含以下内容
$ keytool -list -keystore certs/authTruststore.jks
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 3 entries
sts, Nov 11, 2013, trustedCertEntry,
Certificate fingerprint (SHA1): 8D:33:B7:69:DE:75:8F:22:E2:95:2C:EB:93:65:41:31:42:A6:E3:A7
__
localhost, Nov 11, 2013, PrivateKeyEntry,
Certificate fingerprint (SHA1): F4:A9:84:1E:7F:BF:5D:71:58:74:E4:C6:00:49:37:49:38:3E:31:BE
__
security_localhost, Nov 11, 2013, trustedCertEntry,
Certificate fingerprint (SHA1): 6B:F8:E1:36:EB:36:D4:A5:6E:A0:5C:7A:E4:B9:A4:5B:63:BF:97:5D
I can successfully modify the expiration date of the second entry, localhost of type PrivateKeyEntry but when attempting to modify the expirations of the other two with the same command I get the following error:
我可以成功修改第二个条目的到期日期,类型为 PrivateKeyEntry 的 localhost 但是当尝试使用相同的命令修改其他两个条目的到期日期时,我收到以下错误:
$ keytool -selfcert -v -alias security_localhost -validity 3650 -keystore certs/authTruststore.jks -storepass ****
keytool error: java.lang.Exception: Alias <localhost> has no key
java.lang.Exception: Alias <localhost> has no key
at sun.security.tools.KeyTool.recoverKey(KeyTool.java:3095)
at sun.security.tools.KeyTool.doSelfCert(KeyTool.java:2442)
at sun.security.tools.KeyTool.doCommands(KeyTool.java:1071)
at sun.security.tools.KeyTool.run(KeyTool.java:340)
at sun.security.tools.KeyTool.main(KeyTool.java:333)
How can I go about extending these expiration dates?
我怎样才能延长这些到期日期?
采纳答案by always_a_rookie_to_learn
Take a look at this link. It says,
看看这个链接。它说,
Generates an X.509 v1 self-signed certificate, using keystore information including
the private key and public key associated with alias
So you can update a certificate using -selfcertthat are associated with a key. Your firstand thirdare trusted certificate entries, where as your secondentry is a PrivateKeyEntry. The certificate for this entry is associated with its PrivateKey. Where as the other 2 are not.
因此,您可以使用与密钥关联的-selfcert更新证书。您first和third是受信任的证书条目,其中您的second条目是 PrivateKeyEntry。此条目的证书与其PrivateKey. 至于其他 2 则不是。
If those 2 certificates are expired you can only update them with the latest in the same way you added them to the keystore in the first place. By doing -importcert.
如果这两个证书已过期,您只能使用最新的方式更新它们,就像您首先将它们添加到密钥库中一样。通过执行-importcert。
Note: -selfcertis now obsolete. You can read more about it here.
注意:-selfcert现在已经过时了。您可以在此处阅读更多相关信息。
