如何将 OpenSSL 密钥文件导入 Windows 证书存储
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/15671476/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to import an OpenSSL key file into the Windows Certificate Store
提问by Gearoid Murphy
I've got an OpenSSL generated X.509 certificate in PEM format and it's associated key file. This certificate is required for authentication when connecting to a prototype server. This works fine on Linux. I've been using the Microsoft SChannel API to drive SSL/TLS connections on Windows platforms but I want to use the same test certificate. I can right-click on the certificate file and import it into my certificate store but I believe that the private key is not imported with it (even though I've concatenated them into the same file).
我有一个 OpenSSL 生成的 PEM 格式的 X.509 证书,它是关联的密钥文件。连接到原型服务器时需要此证书进行身份验证。这在 Linux 上运行良好。我一直在使用 Microsoft SChannel API 在 Windows 平台上驱动 SSL/TLS 连接,但我想使用相同的测试证书。我可以右键单击证书文件并将其导入到我的证书存储中,但我相信私钥没有随它一起导入(即使我已将它们连接到同一个文件中)。
When I go to run the SChannel code, I get a 'SEC_E_NO_CREDENTIALS' error when I init the security context (via InitializeSecurityContext). I suspect this means that the private key is missing.
当我去运行 SChannel 代码时,当我初始化安全上下文(通过 InitializeSecurityContext)时,我收到一个“SEC_E_NO_CREDENTIALS”错误。我怀疑这意味着缺少私钥。
Does anyone know how to test the presence or absence of a private key in a certificate which is located in the Personal (or 'My') certificate store, accessed via 'certmgr.msc'?. Is it possible to import a new key file for a certificate in the store?
有谁知道如何测试位于个人(或“我的”)证书存储区中的证书中是否存在私钥,可通过“certmgr.msc”访问?。是否可以为商店中的证书导入新的密钥文件?
Any insight or advice would be much appreciated.
任何见解或建议将不胜感激。
回答by doptimusprime
To test if private key is installed for the certificate, double click the certificate icon in certmgr.msc. If it has private key, it will show a message in the property page that you have private key, otherwise it will not give any reference the the private key.
要测试是否为证书安装了私钥,请双击 certmgr.msc 中的证书图标。如果它有私钥,它会在属性页面中显示您有私钥的消息,否则不会给出任何引用私钥。
To import the certificate with its private key, you can do the following:
要使用其私钥导入证书,您可以执行以下操作:
- Pack the certificate and its private key into a PKCS #12 file or PFX file using openssl pkcs12. Here's an example.
- Import this PKCS #12 or PFX file into the certificate store.
- 使用 openssl pkcs12 将证书及其私钥打包到 PKCS #12 文件或 PFX 文件中。这是一个例子。
- 将此 PKCS #12 或 PFX 文件导入证书存储区。
Note that you may see errors when importing the pfx file, such as 'This file is invalid for use as the following: Personal Information Exchange'. This error was caused by the certificate lacking to appropriate X.509 v3 extensions (such as the usage fields (digital signature, etc))
请注意,您在导入 pfx 文件时可能会看到错误,例如“此文件无效,无法用作以下内容:个人信息交换”。此错误是由证书缺少适当的 X.509 v3 扩展(例如使用字段(数字签名等))引起的
