将JKS的公钥导入Pem,反之亦然
[英]Import Public key of JKS to Pem and vice-versa
问题描述
I have a Java Server Which understands .jks format and client which understand .pem . 
我有一个Java Server它可以理解.jks format而客户端则可以理解.pem 。 I have generate Server key-pair using keytool and Client key-pair using openssl but for mutual authentication how do I import client's public key into server's JKS and Server Public key into client .pem file. 我已经使用keytool生成了Server key-pair并使用openssl生成了Client key-pair但是为了进行相互身份验证,如何将client's public key into server's JKS以及如何将Server Public key into client .pem文件中。
1 个解决方案
解决方案1
0 2012-06-18 08:20:14
Most recent versions of keytool understand PEM. 最新版本的keytool可以理解PEM。 So in those cases one uses 所以在那种情况下
keytool -importcert ...
and assuming that you've already imported the cert you've signed the client cert with (as a trustcacert) you should be good. 并假设您已经导入了您与(作为trustcacert)签署了客户端证书的证书,那么您应该不错。 Otherwise also import that with the -trustcacert (or if it is iselfsigned - add that flag to the import). 否则,也请使用-trustcacert导入(或者如果它是iselfsigned的,则将该标志添加到导入中)。
If you are on an older java, say on RHEL, then you need to convert it to DER format first. 如果您使用的是较旧的Java,请在RHEL上说,那么您需要先将其转换为DER格式。 Conversion is done with: 转换是通过以下方式完成的:
openssl x509 -in client.pem -out client.der -outform DER
openssl x509 -in client.pem -out client.net -outform NET
And that should be it. 就是这样。 On the client side - one generally does not import the server cert into the client cert - but imports these separately into your application. 在客户端上-通常不会将服务器证书导入到客户端证书中-而是将它们分别导入到您的应用程序中。 So to answer that one would need to know what your client application is. 因此,要回答这个问题,您需要知道您的客户端应用程序是什么。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.