堆栈内存溢出
  简体   繁体   English

如何将SSL证书添加到cacerts和keystore?

[英]How to add SSL certificates to cacerts and keystore?

 原文  2019-05-29 11:13:16       java/ spring-boot/ ssl/ keytool

问题描述

I created a CSR file using 我使用创建了一个CSR文件

openssl req -nodes -newkey rsa:2048 -keyout yourdomain.key -out yourdomain.csr –sha256 openssl req -nodes -newkey rsa:2048 -keyout yourdomain.key -out yourdomain.csr -sha256

It created a CSR file and a key file. 它创建了一个CSR文件和一个密钥文件。 I submitted the CSR file to a CA. 我将CSR文件提交给了CA. They responded with a single yourdomain.crt a single file. 他们用单个yourdomain.crt回复了一个文件。

I've tried to import the yourdomain.crt to my java's cacert by: 我试图通过以下方式将yourdomain.crt导入到我的java的cacert:

keytool -import -keystore /usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/lib/security/cacerts -file ~/Desktop/user/ yourdomain.crt -alias yourdomain keytool -import -keystore /usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/lib/security/cacerts-file~ / Desktop / user / yourdomain.crt -alias yourdomain

And now I am confused on how to generate a Keystore ( jks file ). 现在我对如何生成密钥库( jks文件 )感到困惑。 Do I use the same yourdomain.crt ? 我是否使用相同的yourdomain.crt And what is the command that I should use? 我应该使用什么命令?

My spring boot program consists of 我的春季启动计划包括 

 File trustStoreFile = new File(CACERTS_PATH);
        File keyStoreFile = new File(JKS_PATH);
        KeyStore ks = KeyStore.getInstance("JKS");
        ks.load(new FileInputStream(keyStoreFile), KEY_PASS.toCharArray());
        return SSLContextBuilder.create()
                .useProtocol("TLS")
                .loadKeyMaterial(ks, KEY_PASS.toCharArray())
                .loadTrustMaterial(trustStoreFile, TRUST_PASS.toCharArray())
                .build();

So I need a cacerts path which I believe is the cacerts from my jdk, and the password is the one which I typed when prompted for it. 所以我需要一个cacerts路径,我相信是我的jdk的cacerts,密码是我提示时输入的密码。

Now how do I generate a Keystore file for it? 现在我如何为它生成密钥库文件?

And do I need to add the server.ssl properties for Spring boot? 我是否需要为Spring启动添加server.ssl属性?

1 个解决方案

解决方案1
 0  2019-05-30 04:31:43

First, You have to convert yourdomain.crt to .p12 Format, to do so, write following command on openssl terminal 首先,您必须将yourdomain.crt转换为.p12格式,为此,请在openssl终端上编写以下命令 

pkcs12 -export -in yourdomain.crt -inkey yourdomain.key -chain -CAfile rootCA.pem -name “localhost” -out my.p12

where, rootCA.pem = you have to create it, for that write following command on openssl, 其中,rootCA.pem =你必须创建它,在openssl上写下面的命令, 

step 1 : genrsa -des3 -out rootCA.key 2048 and hit enter

 you will get rootCA.key file.

step 2 : req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem

yourdomain.key = you have to create it by entering following command on openssl, yourdomain.key =你必须在openssl上输入以下命令来创建它, 

req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config
server.csr.cnf

where, server.csr.cnf file contain this and inside it you can write 其中,server.csr.cnf文件包含此内容,您可以在其中编写 

authorityKeyIdentifier = keyid, issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]

DNS.1 = localhost
IP.1=127.0.0.1
IP.2 = 192.168.1.XX
IP.3 = 192.XXX.XX.XXX
IP.4 = 192.XX.XX.XX and soon

server.csr and server.key file is created. server.csr和server.key文件已创建。

After following all the steps , you will get .p12 format file , now you have to convert .p12 file format to keystore.jks file format, to do so write following command on cmd (open in administration mode) 完成所有步骤后,您将获得.p12格式文件,现在您必须将.p12文件格式转换为keystore.jks文件格式,这样做可以在cmd上编写以下命令(在管理模式下打开) 

Keytool -importkeystore -deststorepass MY-KEYSTORE-PASS -destkeystore my-keystore.jks 
-srckeystore my.p12 -srcstoretype PKCS12

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何将SSL证书集成到/ jre / security文件夹中的cacerts文件? - How to integrate SSL certificates to the cacerts file in /jre/security folder? 如何在Java KeyStore中加载多个SSL证书? - How to load multiple SSL certificates in Java KeyStore? 如何添加新的 SSL 连接 Spring Boot jks cacerts - How add new SSL connection Spring Boot jks cacerts 如何跨更新保留Mac上的CAcerts密钥库? - How to preserve the CAcerts keystore on Mac across updates? 密钥库和cacert之间的别名是否相同,密钥相同? 或者,如何在密钥库/证书之间导出/导入密钥? - same alias different key OK between keystore and cacerts? Or, how to export/import key between keystore/cacerts? 如何将SSL证书添加到Docker容器中的Tomcat? - How to add SSL certificates to Tomcat in Docker container? 运行带有导入到cacerts密钥库中的受信任证书的签名jar时出现Java Web Start错误 - Java Web Start error when running signed jar with trusted certificates imported into cacerts keystore 如何将wsdl证书集成到jdk / jre / security文件夹中的cacerts文件中? - How to integrate wsdl certificates to the cacerts file in jdk/jre/security folder? 已将 Weblogic 证书添加到本地 JDK cacerts。如何在 PCF 中添加证书,以便我可以通过 mulesoft 成功连接到 Weblogic Jms - Have added Weblogic certificates to local JDK cacerts.How to add certificates in PCF so I can sucessfully connect to Weblogic Jms through mulesoft 是否需要将根证书添加到Java Keystore? - Is it necessary to add the root certificates to Java Keystore?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM