问题
I have three file sample.cert, sample.CA,sample.key provided by verisign. I need to create keystore for tomcat.As I searched I cannot use .key file directly to create keystore.
command used by me as below :
pkcs12 -export -in sample.cert -inkey sample.key -CAfile sample.crt -out sample.p12
(I changed sample.CA to sample.crt..)
I use openssl to create sample.p12 file. Then I import sample.p12 to sample.jsk by using keytool.
keytool -importkeystore -srckeystore samp.p12 -destkeystore sample.jks -srcstoretype pkcs12
while I verify certificate it show Intermediate certificate chaining issue.
Any idea?
回答1:
I think you may just be missing one paramater in the openssl command. Add "-chain" to the end to see if that fixes things. Note that if openssl can't establish the chain, the command will fail.
Example:
openssl pkcs12 -export -in MYCERT.crt -inkey MYKEY.key -out KEYSTORE.p12 -name "tomcat" -CAfile MY-CA-CERT.crt -caname "myCA" -chain
The "-name" and "-caname" parameters give a "friendly name" to each certificate, and are optional.
The documentation for openssl pkcs12 and its various parameters is here.
来源:https://stackoverflow.com/questions/16708100/create-keystore-for-tomcat-using-key-ca-and-cert-file