Java 如何仅使用 keytool 导出所有中间证书,包括根证书
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/30091942/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to export the all intermediate certs including root certificates using keytool only
提问by Santhosh Nagulanchi
I am Trying to configure SSL and got the .pfx file from server team. The Certificate chain length: 2
我正在尝试配置 SSL 并从服务器团队获取 .pfx 文件。证书链长度:2
When i am trying to export the certificate chain using keytool, only the first certificate is exported.
当我尝试使用 keytool 导出证书链时,仅导出第一个证书。
Trying to figure out if there is any other parameters i am missing while issuing keytool command.
试图找出在发出 keytool 命令时我是否遗漏了任何其他参数。
the commands I used are:
我使用的命令是:
1) converting to JKS as alias name is not supported with pfx
1) pfx 不支持转换为 JKS 作为别名
keytool -importkeystore -srckeystore "serverauth.pfx" -srcstoretype pkcs12 -destkeystore "serverauth.jks"
2) Tried to Export certificates using the below.
2)尝试使用以下导出证书。
keytool -export -alias 1 -keystore "serverauth.jks" -rfc -file "authclient.cert"
But above command generates only first cert.
但上面的命令只生成第一个证书。
If i remove entire alias option, getting error
如果我删除整个别名选项,则会出错
keytool error: java.lang.Exception: Alias <1> does not exist
Is there any other process.
有没有其他流程。
回答by Zac Thompson
keytool -list -rfc -keystore serverauth.jks
This will output all the certs in a single stream. If you wanted to split them into separate files, you'd have more work to do.
这将在单个流中输出所有证书。如果您想将它们拆分为单独的文件,则需要做更多的工作。
回答by zedix
This works in Java 8 to export the whole certificate chain to a file:
这适用于 Java 8 以将整个证书链导出到文件:
keytool -list -alias yourcert -keystore /path/to/keystore -rfc
Same format as export except it dumps the whole chain. You lose out on the -file option, but you can simply redirect to a file using >
格式与 export 相同,只是它转储整个链。你失去了 -file 选项,但你可以简单地使用重定向到一个文件>
回答by Stephane Desjardins
You could do (exemple with java cacert):
你可以这样做(以java cacert为例):
for cert in `keytool -list -keystore cacerts -storepass changeit | grep trustedCertEntry | grep -Eo "^[^,]*"`;do
`keytool -exportcert -keystore cacerts -alias $cert -file ${cert}.crt <<< $'changeit'`
done
That will export all cert in a separated .crt file
这将在单独的 .crt 文件中导出所有证书
