[英]Import Public key of JKS to Pem and vice-versa
I have a Java Server
Which understands .jks format
and client which understand .pem
. 我有一个
Java Server
它可以理解.jks format
而客户端则可以理解.pem
。 I have generate Server key-pair
using keytool
and Client key-pair
using openssl
but for mutual authentication how do I import client's public key into server's JKS
and Server Public key into client .pem
file. 我已经使用
keytool
生成了Server key-pair
并使用openssl
生成了Client key-pair
但是为了进行相互身份验证,如何将client's public key into server's JKS
以及如何将Server Public key into client .pem
文件中。
Most recent versions of keytool understand PEM. 最新版本的keytool可以理解PEM。 So in those cases one uses
所以在那种情况下
keytool -importcert ...
and assuming that you've already imported the cert you've signed the client cert with (as a trustcacert) you should be good. 并假设您已经导入了您与(作为trustcacert)签署了客户端证书的证书,那么您应该不错。 Otherwise also import that with the -trustcacert (or if it is iselfsigned - add that flag to the import).
否则,也请使用-trustcacert导入(或者如果它是iselfsigned的,则将该标志添加到导入中)。
If you are on an older java, say on RHEL, then you need to convert it to DER format first. 如果您使用的是较旧的Java,请在RHEL上说,那么您需要先将其转换为DER格式。 Conversion is done with:
转换是通过以下方式完成的:
openssl x509 -in client.pem -out client.der -outform DER
openssl x509 -in client.pem -out client.net -outform NET
And that should be it. 就是这样。 On the client side - one generally does not import the server cert into the client cert - but imports these separately into your application.
在客户端上-通常不会将服务器证书导入到客户端证书中-而是将它们分别导入到您的应用程序中。 So to answer that one would need to know what your client application is.
因此,要回答这个问题,您需要知道您的客户端应用程序是什么。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.