[英]Java Keytool CSR error even when keystore exists
I would like to securely exchange data between my own servers and these will not leave the internal domain. 我想在自己的服务器之间安全地交换数据,并且这些服务器不会离开内部域。 For this, I would like to:
为此,我想:
Generate keys for keystore. 为密钥库生成密钥。
Generate a CSR using Keytool, specify the key above. 使用Keytool生成CSR,在上方指定密钥。
Import the response into my default cacerts
file so that I can refer to that as my truststore. 将响应导入到我的默认
cacerts
文件中,以便可以将其称为我的信任库。
So: 所以:
keytool -genkeypair -alias mykeys -keystore mykeystore.jks -keypass changeit -storepass changeit -keysize 1024 -noprompt
keytool -certreq -alias myinternalcert -keystore mykeystore.jks -storepass changeit -file myinternalcert.csr
It throws the following error: 它引发以下错误:
keytool error: java.lang.Exception: Alias <myinternalcert> does not exist
I tried to seek examples in Oracle's blog and looks like this is the way to correctly generate a CSR - but for my case it's all errors :) 我试图在Oracle博客中查找示例,看起来这是正确生成CSR的方法-但就我而言,这全是错误:)
The only thing i understand about the SSL so far is: 到目前为止,我对SSL唯一了解的是:
Keystore - I want to authenticate myself to another server/client and my private key is in my keystore. 密钥库-我想向另一台服务器/客户端进行身份验证,并且我的私钥在密钥库中。 I will also use this to sign my certificates.
我还将使用它来签署我的证书。
Trust store - this is to determine whether the information the information I am receiving is from a legit source ie do I trust them. 信任库-这用于确定我接收的信息是否来自合法来源,即我是否信任它们。 I store certificates here.
我在这里存储证书。
Okay - My own fault. 好-我的错
Actually the alias
is the same alias created for keystore
. 实际上,
alias
与为keystore
创建的alias
相同。 thanks to this post on Digital Ocean 感谢数字海洋上的这篇文章
The keytool -certreq -help
doesn't really print out clear information: keytool -certreq -help
不会真正打印出清晰的信息:
Options: 选项:
-alias <alias> alias name of the entry to process (should have been "Alias of the keystore entry being used")
-sigalg <sigalg> signature algorithm name
-file <filename> output file name
-keypass <arg> key password
-keystore <keystore> keystore name
-dname <dname> distinguished name
-storepass <arg> keystore password
-storetype <storetype> keystore type
-providername <providername> provider name
-providerclass <providerclass> provider class name
-providerarg <arg> provider argument
-providerpath <pathlist> provider classpath
-v verbose output
-protected password through protected mechanism
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.