堆栈内存溢出
  简体   繁体   English

将SSL证书导入Java

[英]Importing SSL Certificate to Java

 原文  2014-05-20 11:00:07       java/ ssl/ keytool

问题描述

I am trying to invoke an method from a JAR library which calls an web service. 我试图从调用Web服务的JAR库调用一个方法。 When I call the required method, I am getting the below error. 当我调用所需的方法时,我收到以下错误。 

sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.

I have a valid SSL certificate file(ssl_file.pfx) and a password. 我有一个有效的SSL证书文件(ssl_file.pfx)和一个密码。 When I Google, all results were asking to use Keytool to add the certificate to cacert. 当我谷歌时,所有结果都要求使用Keytool将证书添加到cacert。

when I tried the below command, I am getting "Input not an X.509 certificate" message. 当我尝试下面的命令时,我收到“输入不是X.509证书”的消息。 

keytool -import -file ssl_file.pfx -alias somealias -keystore keystore_file -storepass changeit

NOTE: I don't have admin access for the JRE /lib/security/cacerts file/folder. 注意:我没有JRE / lib / security / cacerts文件/文件夹的管理员权限。

How can I resolve this? 我该如何解决这个问题? Is there any other option to do this via program? 有没有其他选择通过程序这样做?

1 个解决方案

解决方案1
 2 已采纳  2014-05-20 11:19:15

PFX files are not certificates (assuming you're using the usual extension correctly), they're PKCS#12 stores, containing both certificates a private keys. PFX文件不是证书(假设你正确使用通常的扩展名),它们是PKCS#12商店,包含两个证书私钥。

keytool can treat such files as PKCS12 keystores, so you can export your certificate (without its private key) using: keytool可以将这些文件视为PKCS12密钥库,因此您可以使用以下方法导出证书(不使用其私钥): 

keytool -exportcert -file cert.crt -keystore ssl_file.pfx -storetype PKCS12 -alias ...

(First use -list instead of -exportcert if you don't know the existing alias name.) (如果您不知道现有的别名,请首先使用-list而不是-exportcert 。)

Then, import that certificate: 然后,导入该证书:

keytool -importcert -file cert.crt -alias somealias -keystore keystore_file ... keytool -importcert -file cert.crt -alias somealias -keystore keystore_file ...

This being said, unless it's a self-signed certificate, you should generally not do any of this, rather import the CA certificate in your truststore. 这就是说,除非它是自签名证书,否则通常不应该执行任何此操作,而是在您的信任库中导入CA证书。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 将 SSL 证书导入 Eclipse - Importing SSL Certificate into Eclipse 通过pfx文件将SSL证书导入Java密钥库 - Importing a SSL certificate into a Java Keystore via a pfx file Java SSL证书 - Java SSL Certificate Java SSL证书导入 - Java SSL certificate import Java 中的 SSL 证书验证 - SSL Certificate Verification in Java java ssl 证书&CA - java ssl certificate & CA Java Applet和SSL /证书 - Java Applet & SSL/Certificate 导入 SSL 证书时出错:不是 X.509 证书 - Error Importing SSL certificate : Not an X.509 Certificate 如何在Java中加载SSL证书 - How to load SSL Certificate in Java Java无法使用有效的SSL证书 - Java unable valid SSL certificate
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM