Importing Thawte trial certificates into a Java keystore

*爱你&永不变心* 提交于 2019-12-03 12:49:26

I finally understood what was going on here. It turns out that the replies that I got from Thawte are formatted as PKCS#7, whereas keytool expects certificated in the X.509 format.

openssl can be used to convert certificates from one format to another:

$ openssl pkcs7 -in thawtetest.crt -print_certs |
  openssl x509 > thawtetest.x509

Now you can import thawtetest.x509 with keytool, and tomcat.crt right behind it.

You should be able to import PKCS#7 chains using keytool, so long as you're using a more recent version. Exporting the certs into distinct files will work, too, but if you're running a recent version of keytool there should be no problem importing the PKCS#7 file itself.

Having run into the same trouble I found this post which helped me out. I put the trial certificates I received into a single file and used keytool to import making sure the ALIAS (keytool -alias param) I used was different (ie not the same alias I used when creating the certificates for the request). It is a bizarre error message given it simply doesn't like you trying to import to the same alias.

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!