发表新帖
发表新帖

How to import an existing X.509 certificate and private key in Java keystore to use in SSL?

前端 未结
关注
15 868
说谎
说谎 2020-11-22 08:05

I have this in an ActiveMQ config:
15条回答
  • 不思量自难忘°
    不思量自难忘° (楼主)
    2020-11-22 08:30

    Just make a PKCS12 keystore, Java can use it directly now. In fact, if you list a Java-style keystore, keytool itself alerts you to the fact that PKCS12 is now the preferred format.

    openssl pkcs12 -export -in server.crt -inkey server.key \
               -out server.p12 -name [some-alias] \
               -CAfile ca.crt -caname root -chain

    You should have received all three files (server.crt, server.key, ca.crt) from your certificate provider. I am not sure what "-caname root" actually means, but it seems to have to be specified that way.

    In the Java code, make sure to specify the right keystore type.

    KeyStore.getInstance("PKCS12")

    I got my comodo.com-issued SSL certificate working fine in NanoHTTPD this way.

    0 讨论(0)
 看不清?
提交回复
热议问题