安装由 openssl 生成的 p12 密钥时,Windows 要求输入 p12 密码
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2452301/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Windows asks for p12 password when installing p12 key generated by openssl
提问by David Thornley
If I generate a p12 certificate with openssl as:
如果我使用 openssl 生成 p12 证书为:
openssl pkcs12 -export -in myprivatecert.pem -nokeys -out mycert.p12
Even though I ask openssl to not export the private key, why does windows still require the private key password when installing the certificate.
即使我要求openssl不导出私钥,为什么windows在安装证书时仍然需要私钥密码。
I figure I am missing something.
我想我错过了一些东西。
回答by Jim Flood
The password is for the PKCS12 file itself, not for the private key. You can specify a blank password by adding "-password pass:" like this:
密码是用于 PKCS12 文件本身,而不是用于私钥。您可以通过添加“-password pass:”来指定一个空白密码,如下所示:
$ openssl pkcs12 -password pass: -export -in myprivatecert.pem -nokeys -out mycert.p12
You will still be prompted by Windows for the password, but you can leave it empty, and the import will work fine.
Windows 仍会提示您输入密码,但您可以将其留空,导入将正常进行。
If all you are importing on Windows is the certificate, without the key, they you can also use the DER format like this:
如果您在 Windows 上导入的只是证书,没有密钥,您也可以使用 DER 格式,如下所示:
$ openssl x509 -in myprivatecert.pem -outform DER -out mycert.der
One benefit of this is that when you double-click this file on Windows, it recognizes the der extension, and you can view the certificate details just before importing. Also, there will be no password prompt.
这样做的一个好处是,当您在 Windows 上双击此文件时,它会识别 der 扩展名,并且您可以在导入前查看证书详细信息。此外,不会有密码提示。
