create keystore for tomcat using .key ,.ca and .cert file

半城伤御伤魂 提交于 2019-12-25 07:30:50

问题


I have three file sample.cert, sample.CA,sample.key provided by verisign. I need to create keystore for tomcat.As I searched I cannot use .key file directly to create keystore.

command used by me as below :

 pkcs12 -export -in sample.cert -inkey sample.key  -CAfile sample.crt -out sample.p12

(I changed sample.CA to sample.crt..)

I use openssl to create sample.p12 file. Then I import sample.p12 to sample.jsk by using keytool.

    keytool -importkeystore -srckeystore samp.p12 -destkeystore sample.jks -srcstoretype pkcs12     

while I verify certificate it show Intermediate certificate chaining issue.

Any idea?


回答1:


I think you may just be missing one paramater in the openssl command. Add "-chain" to the end to see if that fixes things. Note that if openssl can't establish the chain, the command will fail.

Example:

openssl pkcs12 -export -in MYCERT.crt -inkey MYKEY.key -out KEYSTORE.p12 -name "tomcat" -CAfile MY-CA-CERT.crt -caname "myCA" -chain

The "-name" and "-caname" parameters give a "friendly name" to each certificate, and are optional.

The documentation for openssl pkcs12 and its various parameters is here.



来源:https://stackoverflow.com/questions/16708100/create-keystore-for-tomcat-using-key-ca-and-cert-file

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!