如何从现有的证书(abc.crt)和 abc.key 文件创建密钥存储库?

我试图导入一个证书和密钥文件到密钥存储库,但我不能这样做。

如何通过导入现有证书(abc.crt)和 abc.key 文件来创建密钥存储库?

198603 次浏览
小开

The easiest is probably to create a PKCS#12 file using OpenSSL:

openssl pkcs12 -export -in abc.crt -inkey abc.key -out abc.p12

You should be able to use the resulting file directly using the PKCS12 keystore type.

If you really need to, you can convert it to JKS using keytool -importkeystore (available in keytool from Java 6):

keytool -importkeystore -srckeystore abc.p12 \
-srcstoretype PKCS12 \
-destkeystore abc.jks \
-deststoretype JKS
小开

You must use OpenSSL and keytool.

OpenSSL for CER & PVK file > P12

openssl pkcs12 -export -name servercert -in selfsignedcert.crt -inkey serverprivatekey.key -out myp12keystore.p12

Keytool for p12 > JKS

keytool -importkeystore -destkeystore mykeystore.jks -srckeystore myp12keystore.p12 -srcstoretype pkcs12 -alias servercert

小开

In addition to @Bruno's answer, you need to supply the -name for alias, otherwise Tomcat will throw Alias name tomcat does not identify a key entry error

Sample Command: openssl pkcs12 -export -in localhost.crt -inkey localhost.key -out localhost.p12 -name localhost

小开

If the keystore is for tomcat then, after creating the keystore with the above answers, you must add a final step to create the "tomcat" alias for the key:

keytool -changealias -alias "1" -destalias "tomcat" -keystore keystore-file.jks

You can check the result with:

keytool -list -keystore keystore-file.jks -v
小开

Adding to @MK Yung and @Bruno's answer.. Do enter a password for the destination keystore. I saw my console hanging when I entered the command without a password. 

openssl pkcs12 -export -in abc.crt -inkey abc.key -out abc.p12 -name localhost  -passout pass:changeit
小开

Ideally you should have received 3 files: ca_bundle.crt yourname.crt yourname.key

Use the following command to create the pk cs 12 version of it with:

openssl pkcs12 -export -out yourname.pfx -inkey yourname.key -in yourname.crt -certfile ca_bundle.crt

Then you will need to import it into key store that is easy to configure in Apache

keytool -importkeystore -srckeystore yourname.pfx -srcstorepass yourpassword -srcstoretype pkcs12 -destkeystore yourkeystore.jks -deststoretype jks -deststorepass yourkeystorepassword

提交答案