I have a CA issued CERT in PKCS#7 format. It has certificates (chained) within it.
Keytool does not recognize the PKCS7 format. I have tried OpenSSL tool to convert PKCS7 format certificate to PEM format and it fails. I receive an error message "Unable to load PKCS7 object".
How do I import the PKCS7 cert chain to my JKS?
解决方案
As you can read in the keytool reference for -importcert command:
Reads the certificate or certificate chain (where the latter is supplied in a PKCS#7 formatted reply) from the file cert_file, and stores it in the keystore entry identified by alias. If no file is given, the certificate or PKCS#7 reply is read from stdin.
keytool can import X.509 v1, v2, and v3 certificates, and PKCS#7 formatted certificate chains consisting of certificates of that type.
Try to import the PKCS7 cert as it is.
Though, it doesn't always work. If you have problems, try to do the following (using OpenSSL):
Print all the certs it contains to a PEM file
OpenSSL> pkcs7 -in initial_file.p7b -inform DER -print_certs -outform PEM -out certs_chain.pem
Open the new PEM file (certs_chain.pem) with an editor and delete everything outside -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- boundaries (keep only the encoded content within the boundaries, the certificates themselves) and save it.
Now keytool should not have problems to import your cert, using certs_chain.pem as cert_file
948
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
