[英]Importing SSL Certificate to Java
I am trying to invoke an method from a JAR library which calls an web service. 我试图从调用Web服务的JAR库调用一个方法。 When I call the required method, I am getting the below error.
当我调用所需的方法时,我收到以下错误。
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
I have a valid SSL certificate file(ssl_file.pfx) and a password. 我有一个有效的SSL证书文件(ssl_file.pfx)和一个密码。 When I Google, all results were asking to use Keytool to add the certificate to cacert.
当我谷歌时,所有结果都要求使用Keytool将证书添加到cacert。
when I tried the below command, I am getting "Input not an X.509 certificate" message. 当我尝试下面的命令时,我收到“输入不是X.509证书”的消息。
keytool -import -file ssl_file.pfx -alias somealias -keystore keystore_file -storepass changeit
NOTE: I don't have admin access for the JRE /lib/security/cacerts file/folder. 注意:我没有JRE / lib / security / cacerts文件/文件夹的管理员权限。
How can I resolve this? 我该如何解决这个问题? Is there any other option to do this via program?
有没有其他选择通过程序这样做?
PFX files are not certificates (assuming you're using the usual extension correctly), they're PKCS#12 stores, containing both certificates a private keys. PFX文件不是证书(假设你正确使用通常的扩展名),它们是PKCS#12商店,包含两个证书私钥。
keytool
can treat such files as PKCS12
keystores, so you can export your certificate (without its private key) using: keytool
可以将这些文件视为PKCS12
密钥库,因此您可以使用以下方法导出证书(不使用其私钥):
keytool -exportcert -file cert.crt -keystore ssl_file.pfx -storetype PKCS12 -alias ...
(First use -list
instead of -exportcert
if you don't know the existing alias name.) (如果您不知道现有的别名,请首先使用
-list
而不是-exportcert
。)
Then, import that certificate: 然后,导入该证书:
keytool -importcert -file cert.crt -alias somealias -keystore keystore_file ... keytool -importcert -file cert.crt -alias somealias -keystore keystore_file ...
This being said, unless it's a self-signed certificate, you should generally not do any of this, rather import the CA certificate in your truststore. 这就是说,除非它是自签名证书,否则通常不应该执行任何此操作,而是在您的信任库中导入CA证书。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.