发表新帖
发表新帖

Error while Importing public certificate to a keystore

前端 未结
关注
4 1928
悲&欢浪女
悲&欢浪女 2020-12-17 19:20

I have a public certificate from a CA. I want to create a Java SSL connection using this certificate. I referred How can I use different certificates on specific connections

相关标签:
4条回答
  • 感动是毒
    2020-12-17 19:49

    You can use keyStore explorer gui tool to generate keystore/certificate and for importing/exporting certificate into keystore.

    0 讨论(0)
  • 天命终不由人
    2020-12-17 19:56

    I faced the same problem while importing the SSL certificate in the keystore. In my case the certificate of the Root CA was missing from the chain. I exported the root certificate in a file and manually imported in the keystore.

    0 讨论(0)
  • 迷失自我
    2020-12-17 19:57

    Please change the alias from tomcat to any other as you are using the same alias for Keystore -genkey

    0 讨论(0)
  • 太阳男子
    2020-12-17 20:00

    I think you are not properly following certificate signin process. Checkout this discussion https://forums.oracle.com/thread/1533940 to implement them properly by following below steps:

    1. create a keystore keytool -genkey -keyalg RSA -keystore test.keystore -validity 360 (this generates a keystore and a key (DC) with alias of "mykey")

    2. create a Certificate Signing Request (CSR). keytool -certreq -keyalg RSA -file test.csr -keystore test.keystore (this generates a text CSR file)

    3. Had signed cert generated: http://www.instantssl.com/ssl-certificate-support/csr_generation/ssl-certificate-index.html

    4. Imported signed certificate (watch out for CRLFs if pasting signed cert from step 3) keytool -import -alias newkey -file <signed cert file> -keystore test.keystore (?important that this has an alias different to step 1 (which defaults to "mykey")?

    5. Export public key for client usage keytool -export -alias mykey -file test.publickey -keystore test.keystore

    On Server system

    1. create a truststore keytool -genkey -keyalg RSA -keystore test.truststore -validity 360 (this generates a keystore and a key (DC) with alias of "mykey")

    2. Import public key - for testing SSL SOAP service via client keytool -import -file test.publickey -keystore test.truststore

    The problem was letting the alias in steps 1 and 6 default to "mykey". When I changed step 6 to be: keytool -genkey -alias testAlias -keyalg RSA -keystore test.truststore -validity 360

    you can import using step 7 above (though I did add "-alias apublickey" in step 7). This worked for me.

    0 讨论(0)
 看不清?
提交回复
热议问题