问题
I have already created a keystore (server.jks in the image) having imported the relevant key-pair.
keytool -importkeystore -srckeystore server.p12 -destkeystore server.jks -srcstoretype pkcs12
I need to append intermediate certificates to it using the java keytool.
Using KeyStore explorer tool on windows, I can append certificates following the right click context menu, just like in the attached image.
After adding the primary/intermediate certificates following the Append Certificate option, I can see it on the KeyStore explorer like a tree.
---primary intermediate certificate
|---secondary intermediate certificate
|---my server certificate
I am very much interested in knowing how this can be done, using the 'Java KeyTool' on the (LINUX) command line.
Thank you in advance.
回答1:
This is more or less the same problem as in this question. You need to prepare a file representing the certificate chain, each certificate followed by the CA certificate that issued it.
-----BEGIN CERTIFICATE-----
MIICajCCAdOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVSzEa
....
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICkjCCAfugAwIBAgIJAKm5bDEMxZd7MA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNV
....
-----END CERTIFICATE-----
You may need to export your EEC (End Entity Certificate) from your keystore first (keytool -exportcert ...). Then, use the text editor of your choice (vi, emacs, gedit, ...) or cat to concatenate your EEC and the intermediate certificate(s) in order. Then import the resulting file into your keystore against the alias that contains your private key (keytool -importcert -alias ...).
来源:https://stackoverflow.com/questions/23686259/java-keytool-append-primary-secondary-intermediate-certificates-to-key-store