堆栈内存溢出
  简体   繁体   English

如何将 OpenSSL 密钥文件导入 Windows 证书存储

[英]How to import an OpenSSL key file into the Windows Certificate Store

 原文  2013-03-27 23:25:10       windows/ openssl/ x509/ schannel

问题描述

I've got an OpenSSL generated X.509 certificate in PEM format and it's associated key file.我有一个 OpenSSL 生成的 PEM 格式的 X.509 证书,它是关联的密钥文件。 This certificate is required for authentication when connecting to a prototype server.连接到原型服务器时需要此证书进行身份验证。 This works fine on Linux.这在 Linux 上运行良好。 I've been using the Microsoft SChannel API to drive SSL/TLS connections on Windows platforms but I want to use the same test certificate.我一直在使用 Microsoft SChannel API 在 Windows 平台上驱动 SSL/TLS 连接,但我想使用相同的测试证书。 I can right-click on the certificate file and import it into my certificate store but I believe that the private key is not imported with it (even though I've concatenated them into the same file).我可以右键单击证书文件并将其导入到我的证书存储中,但我相信私钥没有随它一起导入(即使我已将它们连接到同一个文件中)。

When I go to run the SChannel code, I get a 'SEC_E_NO_CREDENTIALS' error when I init the security context (via InitializeSecurityContext).当我去运行 SChannel 代码时,当我初始化安全上下文(通过 InitializeSecurityContext)时,我收到一个“SEC_E_NO_CREDENTIALS”错误。 I suspect this means that the private key is missing.我怀疑这意味着缺少私钥。

Does anyone know how to test the presence or absence of a private key in a certificate which is located in the Personal (or 'My') certificate store, accessed via 'certmgr.msc'?.有谁知道如何测试位于个人(或“我的”)证书存储区中的证书中是否存在私钥,可通过“certmgr.msc”访问?。 Is it possible to import a new key file for a certificate in the store?是否可以为商店中的证书导入新的密钥文件?

Any insight or advice would be much appreciated.任何见解或建议将不胜感激。

1 个解决方案

解决方案1
 11 已采纳  2013-03-28 03:51:16

To test if private key is installed for the certificate, double click the certificate icon in certmgr.msc.要测试是否为证书安装了私钥,请双击 certmgr.msc 中的证书图标。 If it has private key, it will show a message in the property page that you have private key, otherwise it will not give any reference the the private key.如果它有私钥,它会在属性页面中显示您有私钥的消息,否则不会给出任何引用私钥。

带有私钥的证书

To import the certificate with its private key, you can do the following:要使用其私钥导入证书,您可以执行以下操作:

  1. Pack the certificate and its private key into a PKCS #12 file or PFX file using openssl pkcs12.使用 openssl pkcs12 将证书及其私钥打包到 PKCS #12 文件或 PFX 文件中。 Here's an example .这是一个例子
  2. Import this PKCS #12 or PFX file into the certificate store.将此 PKCS #12 或 PFX 文件导入证书存储区。

Note that you may see errors when importing the pfx file, such as 'This file is invalid for use as the following: Personal Information Exchange'.请注意,您在导入 pfx 文件时可能会看到错误,例如“此文件无效,无法用作以下内容:个人信息交换”。 This error was caused by the certificate lacking to appropriate X.509 v3 extensions (such as the usage fields (digital signature, etc))此错误是由证书缺少适当的 X.509 v3 扩展(例如使用字段(数字签名等))引起的

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 将 Windows 证书存储 CRL 导入 OpenSSL - Import Windows Certificate Store CRLs into OpenSSL 从 pfx 文件或证书存储中提取私钥,而无需在 Windows 上使用 OpenSSL - Extract private key from pfx file or certificate store WITHOUT using OpenSSL on Windows 使用Windows证书存储区中的证书和私钥与OpenSSL - Using certificate and private key from Windows cert store with OpenSSL 如何将计算机证书导入与Windows服务关联的个人证书存储中? - How to import machine certificate into the Personal certificate store associated with a Windows service? Windows上的OpenSSL可以使用系统证书存储吗? - Can OpenSSL on Windows use the system certificate store? Nodejs-Windows密钥/证书存储 - Nodejs - Windows Key/Certificate store 从证书和私钥导入证书到windows - Import certificates into windows from certificate and private key Windows证书库中的私钥安全性 - Private key security in windows certificate store 我们如何在 windows 存储 + C# 中存储和检索包含私钥的证书 - How can we store and retrieve a certificate containing private key in a windows store + C# 在Windows上使用带有OpenSSL的受信任证书 - Using trusted certificate on Windows with OpenSSL
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM