using OpenSSL to create .pfx file

让人想犯罪 __ 提交于 2020-01-29 13:19:46

问题


I've been offered some commands to create a .pfx file using OpenSSL. For the most part, my partner gathered this information from: Is it possible to convert an SSL certificate from a .key file to a .pfx?

I have the following files:

  1. 2010certificate.cer
  2. 2010cert_and_key.pem
  3. private_verisign10to11.key

I have tried to generate with both:

openssl pkcs12 -export -out s2010-1.pfx -inkey private_verisign10to11.key -in 2010cert_and_key.pem -certfile 2010certificate.cer
and
openssl pkcs12 -export -out s2010-1.pfx -inkey private_verisign10to11.key -in 2010certificate.cer -certfile 2010cert_and_key.pem 

No errors are thrown in this situation, but when I try to view or import the generated file s2010-1.pfx, Protecle says it can't open it. Keytool says:

keytool -import -file s2010-1.pfx x -keystore cacerts -alias fqdn -storepass <.pfx's pass word>
keytool error: java.lang.Exception: Input not an X.509 certificate

I am assuming the problem is with the .pfx generation, but I don't really know how to test it until the keytool command. Any suggestions on what to do from here would be great.


回答1:


Try using TinyCA to open each of your 3 files, because they can be something else that what their extension says, specially the .pem ones. Then use TinyCA to export the keys ; There is a message window displaying both the openssl command and the output of said command.




回答2:


The problem is because keytool -importcert (-import in Java < 1.6) only support importing x509 certificates.

To import a PKCS12 (sometimes delivered in a .pfx file) into a Java .jks file, including cacerts:

keytool -importkeystore -srckeystore my.pfx -srcstoretype PKCS12 -srcstorepass <mysecret> -destkeystore cacerts -deststoretype JKS  -deststorepass changeit


来源:https://stackoverflow.com/questions/2868989/using-openssl-to-create-pfx-file

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!