Arc*_*rci 5 java ssl https jks keytool
如何将.jks文件导入java安全性的信任库?我看到的所有教程都使用".crt"文件.但是,我只有".jks"文件,它也是我使用keytool命令生成的密钥库.
目前,我正在学习本教程.
我能够生成Java密钥库和密钥对,并为现有Java密钥库生成证书签名请求(CSR),该请求基于本教程.但我无法将根CA或中间CA证书导入现有Java密钥库,并将签名的主证书导入现有Java密钥库,因为它正在查找".cert"文件.
我错过了教程中列出的步骤吗?如果我拥有的唯一文件是".jks"文件,我如何信任证书?什么是".csr"文件的用途?
请注意我正在使用Windows.
Maa*_*wes 11
的".jks" 是信任库,或者至少,如果你把它分配给JSSE是应该的.您应该将CA中的证书添加到该文件中.然后,软件将通过迭代证书来查找证书链.私钥应保留在(密码保护)".jks"文件中.
换句话说,您应该将证书导入到".jks"非导出证书中.如果证书请求的响应中未包含特定提供商的证书,则可能需要单独下载这些证书.您可能也可以从您喜欢的浏览器中导出它们.通常这些以X5.09 DER格式存储(应该与Java兼容keytool).
步骤(一般):
.jks)#Use Keytool command to generate a self-signed certificate and install the certificate in Client Machine JDK Security Key store path.
# generate a certificate using JKS format keystore
keytool -genkey -alias selfrest -keyalg RSA -keypass pass123 -storetype JKS -keystore selfsigned.jks -storepass pass123 -validity 360 -keysize 2048
# To check the content of the keystore, we can use keytool again:
keytool -list -v -keystore selfsigned.jks
#Export Self signed certificate into .cer file
keytool -exportcert -alias selfrest -keystore selfsigned.jks -file selfsigned.cer
# (Run As Administrator- to open CMD.exe)
# Install self-signed certificate into Java JDK CA Certificate key store path
# to avoid giving certificate path in the client program.
keytool -import -alias selfrest -keystore "C:\Program Files\Java\jdk1.8.0_181\jre\lib\security\cacerts" -file selfsigned.cer
# List certificates stored in JDK Key store which you have just now imported into JDK Security path.
keytool -list -keystore "%JAVA_HOME%\jre\lib\security\cacerts
| 归档时间: |
|
| 查看次数: |
42831 次 |
| 最近记录: |