问题
I am Trying to configure SSL and got the .pfx file from server team. The Certificate chain length: 2
When i am trying to export the certificate chain using keytool, only the first certificate is exported.
Trying to figure out if there is any other parameters i am missing while issuing keytool command.
the commands I used are:
1) converting to JKS as alias name is not supported with pfx
keytool -importkeystore -srckeystore "serverauth.pfx" -srcstoretype pkcs12 -destkeystore "serverauth.jks"
2) Tried to Export certificates using the below.
keytool -export -alias 1 -keystore "serverauth.jks" -rfc -file "authclient.cert"
But above command generates only first cert.
If i remove entire alias option, getting error
keytool error: java.lang.Exception: Alias <1> does not exist
Is there any other process.
回答1:
This works in Java 8 to export the whole certificate chain to a file:
keytool -list -alias yourcert -keystore /path/to/keystore -rfc
Same format as export except it dumps the whole chain. You lose out on the -file option, but you can simply redirect to a file using >
回答2:
You could do (exemple with java cacert):
for cert in `keytool -list -keystore cacerts -storepass changeit | grep trustedCertEntry | grep -Eo "^[^,]*"`;do
`keytool -exportcert -keystore cacerts -alias $cert -file ${cert}.crt <<< $'changeit'`
done
That will export all cert in a separated .crt file
回答3:
keytool -list -rfc -keystore serverauth.jks
This will output all the certs in a single stream. If you wanted to split them into separate files, you'd have more work to do.
来源:https://stackoverflow.com/questions/30091942/how-to-export-the-all-intermediate-certs-including-root-certificates-using-keyto