博主在尝试将自签名证书导入Java控制面板的受信任证书时遇到问题,无论设置的密钥库密码多么简单,导入时总是提示密码无效。问题源于尝试导入的是CSR文件,而控制面板期望的是包含证书的PKCS#12格式的密钥库。解决方案是生成包含自签名证书的JKS或PKCS#12格式密钥库,并将其转换为PKCS#12格式以供导入。
I am trying to import a self-signed certificate into the trusted certificates in the java control panel. it is under the security tab-> Manage Certificates. No matter how simple the password is i set on the keystore, the import program always tells me my password is invalid after i type it in. I have also tried changing the certificate type but no luck..li tried all of them. Here are the simple steps i used to create my files
keytool -genkey -keyalg RSA -keysize 2048 -keystore test_keystore.jks -alias test
Then I generate my CSR file which the java control panel takes as an input
keytool -certreq -alias test -keystore test_keystore.jks -file test_certificate_request.csr
Since this is just a test, the passwords I am setting are super simple so its not an issue of using the wrong password or typing it incorrectly. Yet every time i import the test_certificate_request.csr file i created it it tells me invalid password.
In case it matters, here is the full strack trace generated from the import program when i click on the "more information" button.
java.io.IOException: toDerInputStream rejects tag type 45
at sun.security.util.DerValue.toDerInputStream(Unknown Source)
at sun.security.pkcs12.PKCS12KeyStore.engineLoad(Unknown Source)
at java.security.KeyStore.load(Unknown Source)
at com.sun.deploy.panel.CertificatesDialog.importPKCS12Certificate(Unknown Source)
at com.sun.deploy.panel.CertificatesDialog.importButtonActionPerformed(Unknown Source)
at com.sun.deploy.panel.CertificatesDialog.access$200(Unknown Source)
at com.sun.deploy.panel.CertificatesDialog$4.actionPerformed(Unknown Source)
at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source)
at java.awt.AWTEventMulticaster.mouseReleased(Unknown Source)
at java.awt.Component.processMouseEvent(Unknown Source)
at javax.swing.JComponent.processMouseEvent(Unknown Source)
at java.awt.Component.processEvent(Unknown Source)
at java.awt.Container.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Window.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
at java.awt.EventQueue.access$200(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue$4.run(Unknown Source)
at java.awt.EventQueue$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.WaitDispatchSupport$2.run(Unknown Source)
at java.awt.WaitDispatchSupport$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.awt.WaitDispatchSupport.enter(Unknown Source)
at java.awt.Dialog.show(Unknown Source)
at java.awt.Component.show(Unknown Source)
at java.awt.Component.setVisible(Unknown Source)
at java.awt.Window.setVisible(Unknown Source)
at java.awt.Dialog.setVisible(Unknown Source)
at com.sun.deploy.panel.SecurityPanel.certsBtnActionPerformed(Unknown Source)
at com.sun.deploy.panel.SecurityPanel.access$300(Unknown Source)
at com.sun.deploy.panel.SecurityPanel$4.actionPerformed(Unknown Source)
at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source)
at java.awt.AWTEventMulticaster.mouseReleased(Unknown Source)
at java.awt.Component.processMouseEvent(Unknown Source)
at javax.swing.JComponent.processMouseEvent(Unknown Source)
at java.awt.Component.processEvent(Unknown Source)
at java.awt.Container.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Window.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
at java.awt.EventQueue.access$200(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue$4.run(Unknown Source)
at java.awt.EventQueue$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)
What am i doing wrong?
解决方案
keytool -certreq creates certificate request also known as PKCS#10, which should be provided to Certificate Authority to get a real certificate. Then you upload it to the tool, which expects certificate.
From these lines in the stacktrace
at java.security.KeyStore.load(Unknown Source)
at com.sun.deploy.panel.CertificatesDialog.importPKCS12Certificate(Unknown Source)
I can tell that UI actually expects keystore in PKCS#12 format with certificate inside, not just a separate certificate.
This is how you can generate a keystore with self-signed certificate with a keytool
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks \
-storepass password -validity 360 -keysize 2048
However, this will create keystore in JKS format and that have to be converted to PKCS#12 format with a command
keytool -importkeystore -srckeystore keystore.jks -srcstoretype JKS \
-deststoretype PKCS12 -destkeystore keystore.p12
or alternatively keystore can be created in PKCS#12 format with specifying -storetype
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.p12 \
-storetype pkcs12 -storepass password -validity 360 -keysize 2048
Note that the keystore contains self-singed certificate together with the corresponding private key.
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
