[英]SSL : CSR file created with openSSL and installing with keytool
I have created CSR with the command openSSL and purchased crt
files. 我已经使用命令openSSL创建了CSR,并购买了
crt
文件。
openssl genrsa -out private-key.pem 2048
openssl req -new -key private-key.pem -out csr.pem
Will it be OK to install this by using keystore
command as I have not created CSR file by using keytool (but created using openSSL) ? 是否可以使用
keystore
命令安装此程序,因为我还没有使用keytool创建CSR文件(而是使用openSSL创建)?
Another question is I have got three files from the trusted certificate generation company. 另一个问题是我从受信任的证书生成公司获得了三个文件。 So how to indentify which one is primary, root, intermediate crt files ?
那么如何确定哪个是主,根,中间crt文件呢? File type(root,intermediate) is not mentioned in the filename itself.
文件名本身未提及文件类型(root,intermediate)。 I have to run following commands on the basis of
crt
file type. 我必须根据
crt
文件类型运行以下命令。
keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file [name of the root certificate]
keytool -import -alias intermed -keystore tomcat.keystore -trustcacerts -file [name of the intermediate certificate]
keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file [name of the certificate]
Will it be OK to install this by using keystore command as I have not created CSR file by using keytool (but created using openSSL) ?
是否可以使用keystore命令安装此程序,因为我还没有使用keytool创建CSR文件(而是使用openSSL创建)?
You will have to import the private key into the keystore as well. 您还必须将私钥导入密钥库。 Otherwise the keystore will be useless.
否则,密钥库将无用。
There are two ways to do this: 有两种方法可以做到这一点:
Another question is I have got three files from the trusted certificate generation company.
另一个问题是我从受信任的证书生成公司获得了三个文件。 So how to indentify which one is primary, root, intermediate crt files ?
那么如何确定哪个是主,根,中间crt文件呢?
You have to take a look at the content of the certificates, especially their distinguished names (DNs). 您必须查看证书的内容,尤其是其专有名称(DN)。
The OpenSSL command for printing out the SubjectDN and IssuerDN depends on the format of the certificate file (DER or PEM). 用于输出SubjectDN和IssuerDN的OpenSSL命令取决于证书文件的格式(DER或PEM)。 DER is a binary format, PEM is a ASCII format.
DER是二进制格式,PEM是ASCII格式。 If you are not sure, try both:
如果不确定,请同时尝试以下两种方法:
openssl x509 -noout -subject -issuer -nameopt RFC2253 -inform DER -in <cert-file>
or 要么
openssl x509 -noout -subject -issuer -nameopt RFC2253 -inform PEM -in <cert-file>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.