[英]Import p7b file to Java Keystore using keytool
I'm trying to import a p7b file from a third party in to a java trust store.我正在尝试将第三方的 p7b 文件导入到 Java 信任存储中。 It looks like the p7b contains a root cert and a public key.
看起来 p7b 包含一个根证书和一个公钥。
I'm trying to import it using a command similar to我正在尝试使用类似于
keytool -importcert -file certs.p7b -keystore dave.jks -storetype JCEKS -trustcacerts
When the file was presented to me by the third party, they did not tell me what the alias of the public key is.当文件由第三方提供给我时,他们没有告诉我公钥的别名是什么。
Am I right in thinking that I can't import it without knowing this information?我认为在不知道这些信息的情况下无法导入它是否正确?
It is a quite old question.这是一个很老的问题。 But I just faced the same problem, so I'll post what I did.
但我刚刚遇到了同样的问题,所以我会发布我所做的。
We had a .p7b file from a public agency holding a certificate chain that had to be accepted in our system.我们有一个来自公共机构的 .p7b 文件,该文件持有必须在我们的系统中接受的证书链。 As it had a certificate chain, it could not be imported directly to a p12 file, so, first, with
openssl
I inspected it:因为它有一个证书链,所以不能直接导入到 p12 文件中,所以,首先,我用
openssl
检查了它:
openssl pkcs7 -print_certs -inform der -in file.p7b
This command gives a list of aliases and base64-encoded certificates:此命令提供别名和 base64 编码证书的列表:
subject=LONG CERTIFICATE1 COMMONNAME WITH ESCAPE SEQUENCES
issuer=LONG CERTIFICATE1'S ISSUER COMMONNAME
-----BEGIN CERTIFICATE-----
long base64 string
-----END CERTIFICATE-----
subject=LONG CERTIFICATE2 COMMONNAME WITH ESCAPE SEQUENCES
issuer=LONG CERTIFICATE2'S ISSUER COMMONNAME
-----BEGIN CERTIFICATE-----
long base64 string
-----END CERTIFICATE-----
This list was quite long, as the .p7b file holded several certificates.该列表很长,因为 .p7b 文件包含多个证书。
The next step was to copy all fragments between -----BEGIN CERTIFICATE-----
and -----END CERTIFICATE-----
and store them in different files with a .pem
extension:下一步是复制
-----BEGIN CERTIFICATE-----
和-----END CERTIFICATE-----
之间的所有片段,并将它们存储在扩展名为.pem
不同文件中:
certificate1.pem
certificate2.pem
...
And then import them to the keystore, using the long commonname as alias:然后将它们导入密钥库,使用长通用名作为别名:
keytool -alias "LONG CERTIFICATE1 COMMONNAME WITH ESCAPE SEQUENCES" -importcert -trustcacerts -file certificate1.pem -keystore trustcerts.p12 -storetype PKCS12
keytool -alias "LONG CERTIFICATE2 COMMONNAME WITH ESCAPE SEQUENCES" -importcert -trustcacerts -file certificate2.pem -keystore trustcerts.p12 -storetype PKCS12
After this, we had a pkcs12 keystore with all the .p7b certificates.在此之后,我们有了一个包含所有 .p7b 证书的 pkcs12 密钥库。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.