keytool和java keystore.aliases()之间的.pfx文件或.p12文件的别名不匹配
[英]alias mismatch of .pfx file or .p12 file between keytool and java keystore.aliases()
问题描述
I am trying to get aliases from pfx/p12 file using 
我正在尝试使用以下方法从pfx / p12文件中获取别名
keytool -v -list -storetype pkcs12 -keystore servercert.p12 -storepass 1234
which gives me 这给了我
Keystore type: PKCS12
Keystore provider: SunJSSE
Your keystore contains 1 entry
Alias name: 1
Creation date: Jul 4, 2017
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=CSIT CA, O="CSIT CA,Ltd.", L=Dhaka, ST=Dhaka, C=BD
Issuer: EMAILADDRESS=csit@csit.com, CN=CSIT CA, OU=Software Department, O=CSIT CA, L=Dhaka, ST=Dhaka, C=BD
Serial number: 1
Valid from: Tue Jul 04 15:41:40 BDT 2017 until: Mon Mar 30 15:41:40 BDT 2020
Certificate fingerprints:
MD5: 5C:CC:77:17:6C:91:FC:81:58:5A:D4:B0:FE:D8:B9:A8
SHA1: 9A:34:32:64:29:BF:0B:7E:4F:63:1B:27:99:54:41:0F:9D:55:CF:C8
SHA256: 27:01:BE:9D:F6:0E:38:35:AE:9C:07:B9:64:AB:76:50:06:D3:5D:8E:25:C4:59:87:D0:E9:A1:5A:96:41:D7:70
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
0000: 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 72 61 ..OpenSSL Genera
0010: 74 65 64 20 43 65 72 74 69 66 69 63 61 74 65 ted Certificate
#2: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 32 0F 04 D5 F6 1B 84 E5 87 EB 64 70 C7 D8 F2 5F 2.........dp..._
0010: FA 92 4D 57 ..MW
]
]
#3: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
#4: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
]
#5: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: example.com
DNSName: www.example.com
DNSName: mail.example.com
DNSName: ftp.example.com
]
#6: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 1C 59 74 4B 59 3B 1D 76 99 C2 10 4D 09 12 94 BB .YtKY;.v...M....
0010: 20 95 2C 21 .,!
]
]
*******************************************
*******************************************
The alias is "1" here. 此处的别名为“ 1” 。
However, I also try using java 但是,我也尝试使用Java
KeyStore keystore = KeyStore.getInstance("PKCS12", "BC");
InputStream input = PdfSigner.class.getResourceAsStream(KEYSTORE_LOCATION);
keystore.load(input, PASSWORD.toCharArray());
System.out.println(keystore.size());
Enumeration<String> s=keystore.aliases();
while(s.hasMoreElements()){
System.out.println("alias:"+s.nextElement());
}
which gives me 这给了我
1
alias:326bbd5c3d1ad4c6013ee70938d2c76b3c7a29d0
Which shows mismatch in alias. 显示别名不匹配。
Note: I generate my certificate using this 注意:我使用此生成证书
Q1: Why there is mismatch? Q1:为什么不匹配?
Q2: if there is mismatch, how can my client provide me with pfx/p12 file, alias and pass,which will be used to sign pdf on the fly? 问题2:如果不匹配,我的客户如何为我提供pfx / p12文件,别名和密码,该密码将用于动态签名pdf?
1 个解决方案
解决方案1
1 已采纳 2017-07-04 13:10:08
Alias is a friendly name but it is optional. 别名是一个友好的名称,但它是可选的。 May be each tool is using a different way to calculate it if it is not set. 如果未设置,则可能是每个工具都使用不同的方法进行计算。 When you exported .p12 file, check the "name" that you set to alias. 导出.p12文件时,检查设置为别名的“名称”。
For example using 例如使用
openssl pkcs12 -export -in my-cert.crt -inkey my-priv-key.key -certfile my-ca-bundle -out my-pfx.pfx -name "alias"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.