English 中文(简体)
using OpenSSL to create .pfx file
原标题:

I ve been offered some commands to create a .pfx file using OpenSSL. For the most part, my partner gathered this information from: Is it possible to convert an SSL certificate from a .key file to a .pfx?

I have the following files:

  1. 2010certificate.cer
  2. 2010cert_and_key.pem
  3. private_verisign10to11.key

I have tried to generate with both:

openssl pkcs12 -export -out s2010-1.pfx -inkey private_verisign10to11.key -in 2010cert_and_key.pem -certfile 2010certificate.cer
and
openssl pkcs12 -export -out s2010-1.pfx -inkey private_verisign10to11.key -in 2010certificate.cer -certfile 2010cert_and_key.pem 

No errors are thrown in this situation, but when I try to view or import the generated file s2010-1.pfx, Protecle says it can t open it. Keytool says:

keytool -import -file s2010-1.pfx x -keystore cacerts -alias fqdn -storepass <.pfx s pass word>
keytool error: java.lang.Exception: Input not an X.509 certificate

I am assuming the problem is with the .pfx generation, but I don t really know how to test it until the keytool command. Any suggestions on what to do from here would be great.

问题回答

Try using TinyCA to open each of your 3 files, because they can be something else that what their extension says, specially the .pem ones. Then use TinyCA to export the keys ; There is a message window displaying both the openssl command and the output of said command.

The problem is because keytool -importcert (-import in Java < 1.6) only support importing x509 certificates.

To import a PKCS12 (sometimes delivered in a .pfx file) into a Java .jks file, including cacerts:

keytool -importkeystore -srckeystore my.pfx -srcstoretype PKCS12 -srcstorepass <mysecret> -destkeystore cacerts -deststoretype JKS  -deststorepass changeit




相关问题
SSL wrapper stream in C

I have a simple stream_t type in C with your basic read/write operations, and support for multiple underlying implementations using function pointers. So a stream could be backed by a file, a char ...

Access violation writing location

I have the following code: #include <openssl/bn.h> #include <openssl/rsa.h> unsigned char* key; RSA* rsa = RSA_new(); rsa = RSA_generate_key(1024,65537,NULL,NULL); //init pubkey key[...

Visual Studio merging DLL into console application

I have very simple program to simplify things as shown below... #include <openssl/evp.h> int main (int argc, char *argv[]) { EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX_init(&ctx); } ...

Can t add static lib

I am trying to build a DLL and it needs to reference a library namely libeay32.dll from the openssl package. I cant seem to add it as a reference under the Property Pages->Common Properties->Add New ...

Php paypalewp on windows not working right, short return

I am working on a payment script using paypalewp, it seems to work fine in the stage environment which is a centos linux box, however on my dev box it doesn t... when I run the button creation ...

How do I get SSL working in fsockopen?

I m running PHP 5.2.6 on Windows, I have extension=php_curl.dll and extension=php_openssl.dll uncommented in php.ini; as such I can see the following in phpinfo: curl cURL support enabled cURL ...

Load RSA keys from files

I used openSSL command to create 2 files: 1 for RSA public key & 1 for RSA private key. How do I recover RSA keys using C? Specifically, I have these functions: RSA_public_encrypt(read_num, ...

OpenSSL on iPhone

I need to figure out how to get two OpenSSL functions for iPhone. I m trying to keep it so I don t need another dylib, because I don t want Apple to reject my application for something so silly. ...

热门标签