堆栈内存溢出
  简体   繁体   English

使用 keytool 将 p7b 文件导入 Java Keystore

[英]Import p7b file to Java Keystore using keytool

 原文  2019-01-30 16:42:50       java/ keytool

问题描述

I'm trying to import a p7b file from a third party in to a java trust store.我正在尝试将第三方的 p7b 文件导入到 Java 信任存储中。 It looks like the p7b contains a root cert and a public key.看起来 p7b 包含一个根证书和一个公钥。

I'm trying to import it using a command similar to我正在尝试使用类似于

keytool -importcert -file certs.p7b -keystore dave.jks -storetype JCEKS -trustcacerts

When the file was presented to me by the third party, they did not tell me what the alias of the public key is.当文件由第三方提供给我时,他们没有告诉我公钥的别名是什么。

Am I right in thinking that I can't import it without knowing this information?我认为在不知道这些信息的情况下无法导入它是否正确?

1 个解决方案

解决方案1
 1  2020-09-07 07:01:46

It is a quite old question.这是一个很老的问题。 But I just faced the same problem, so I'll post what I did.但我刚刚遇到了同样的问题,所以我会发布我所做的。

We had a .p7b file from a public agency holding a certificate chain that had to be accepted in our system.我们有一个来自公共机构的 .p7b 文件,该文件持有必须在我们的系统中接受的证书链。 As it had a certificate chain, it could not be imported directly to a p12 file, so, first, with openssl I inspected it:因为它有一个证书链,所以不能直接导入到 p12 文件中,所以,首先,我用openssl检查了它:

 openssl pkcs7 -print_certs -inform der -in file.p7b

This command gives a list of aliases and base64-encoded certificates:此命令提供别名和 base64 编码证书的列表:

subject=LONG CERTIFICATE1 COMMONNAME WITH ESCAPE SEQUENCES
issuer=LONG CERTIFICATE1'S ISSUER COMMONNAME
-----BEGIN CERTIFICATE-----
long base64 string
-----END CERTIFICATE-----

subject=LONG CERTIFICATE2 COMMONNAME WITH ESCAPE SEQUENCES
issuer=LONG CERTIFICATE2'S ISSUER COMMONNAME
-----BEGIN CERTIFICATE-----
long base64 string
-----END CERTIFICATE-----

This list was quite long, as the .p7b file holded several certificates.该列表很长,因为 .p7b 文件包含多个证书。

The next step was to copy all fragments between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- and store them in different files with a .pem extension:下一步是复制-----BEGIN CERTIFICATE----------END CERTIFICATE-----之间的所有片段,并将它们存储在扩展名为.pem不同文件中:

certificate1.pem
certificate2.pem
...

And then import them to the keystore, using the long commonname as alias:然后将它们导入密钥库,使用长通用名作为别名:

keytool -alias "LONG CERTIFICATE1 COMMONNAME WITH ESCAPE SEQUENCES" -importcert -trustcacerts -file certificate1.pem -keystore trustcerts.p12 -storetype PKCS12
keytool -alias "LONG CERTIFICATE2 COMMONNAME WITH ESCAPE SEQUENCES" -importcert -trustcacerts -file certificate2.pem -keystore trustcerts.p12 -storetype PKCS12

After this, we had a pkcs12 keystore with all the .p7b certificates.在此之后,我们有了一个包含所有 .p7b 证书的 pkcs12 密钥库。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何将java KeyStore转换为PKCS7 .p7b文件? - How to convert java KeyStore to PKCS7 .p7b file? 如何在 Java 中加载 PKCS7 (.p7b) 文件 - How to load PKCS7 (.p7b) file in java 从java中的.p7b文件中提取单个.cer证书 - Extracting individual .cer certificate from a .p7b file in java 如何在Java中以编程方式读取P7B文件 - How to read a p7b file programmatically in java 用Java中的Bouncycastle生成p7b证书链 - Generate p7b certificate chain with bouncycastle in Java keytool和java keystore.aliases()之间的.pfx文件或.p12文件的别名不匹配 - alias mismatch of .pfx file or .p12 file between keytool and java keystore.aliases() 使用 P7B 证书在 Spring Boot Java 应用程序中启用 HTTPS - Enable HTTPS in a Spring Boot Java application with a P7B certificate 在不使用 keytool 的情况下以编程方式将 CA 信任证书导入现有的密钥库文件 - Programmatically Import CA trust cert into existing keystore file without using keytool 使用keytool更改密码时,从Java Keystore中提取PKCS12文件 - Extract PKCS12 file from Java Keystore while changing the password using keytool keytool error:java.lang.Exception:密钥库文件存在,但为空 - keytool error: java.lang.Exception: Keystore file exists, but is empty
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM