论坛首页 Java版 Spring

用OpenSSL生成证书: CA.pl 生成的证书用keytool无法导入证书库?

浏览 886 次
锁定老贴子 主题:用OpenSSL生成证书: CA.pl 生成的证书用keytool无法导入证书库?
精华帖 (0) :: 良好帖 (0) :: 新手帖 (0) :: 隐藏帖 (0)
作者 正文
  • Hejrcc
  • 等级: 三星会员
  • 用户头像
  • 文章: 39
  • 积分: 304
最后更新时间:2007-07-22 关键字: OpenSSL 证书
安装OpenSSL 后, 将 C:\OpenSSL\bin 添加到path, 没有修改任何其他选项,
在 C:\myCert 下面 分别执行 

CA.pl -genca
CA.pl -newreq-nodes
CA.pl -sign


一切都OK, 没有报任何错误!

最后, 用 keytool 将 Ca 证书 cacert.pem 导入到证书库, 
keytool -import -keystore mycacerts.keystore -storepass abc123 -alias ca1 -file cacert.pem


执行失败, 错误信息如下:
    keytool错误: java.lang.Exception: 所输入的不是一个 X.509 认证

CA.p -genca 生成的CA 证书 cacert.pem 内容如下: 

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            bc:d3:75:72:1f:77:fd:c8
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=AU, ST=HK, O=O, OU=OU, CN=CA/emailAddress=ca@ca.com
        Validity
            Not Before: Jul 22 09:02:13 2007 GMT
            Not After : Jul 21 09:02:13 2010 GMT
        Subject: C=AU, ST=HK, O=O, OU=OU, CN=CA/emailAddress=ca@ca.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:d3:c5:77:43:81:ab:43:ff:b9:6a:cb:15:07:9c:
                    de:98:45:7b:07:65:fd:c9:ba:be:47:bb:f4:69:69:
                    2f:35:ac:d6:ec:b0:f9:ca:ee:83:ee:38:96:3a:05:
                    98:42:c4:ee:72:69:72:0a:35:02:4a:b6:d7:1b:b1:
                    ee:10:0b:29:79:29:16:ef:50:98:41:a4:29:8f:5c:
                    0c:d7:6b:e8:a6:cd:54:3b:91:16:29:42:de:8a:4d:
                    11:66:b9:41:5d:8e:ef:da:37:f8:ca:21:3b:d8:da:
                    87:08:ac:90:1f:71:73:98:7f:3b:2f:e5:58:52:34:
                    cf:7f:d4:49:87:43:59:72:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                1C:23:0A:05:84:33:DD:55:C7:74:C3:F5:2A:4E:77:B1:00:17:98:CD
            X509v3 Authority Key Identifier: 
                keyid:1C:23:0A:05:84:33:DD:55:C7:74:C3:F5:2A:4E:77:B1:00:17:98:CD
                DirName:/C=AU/ST=HK/O=O/OU=OU/CN=CA/emailAddress=ca@ca.com
                serial:BC:D3:75:72:1F:77:FD:C8

            X509v3 Basic Constraints: 
                CA:TRUE
    Signature Algorithm: sha1WithRSAEncryption
        44:56:1c:85:e8:36:96:88:09:b5:4a:20:94:df:87:72:99:cd:
        91:55:d1:60:a4:c1:86:03:43:34:82:fa:48:1e:96:8e:fb:37:
        80:88:d1:d1:72:db:92:9b:26:c2:aa:48:a2:bc:e3:59:5b:d9:
        99:2b:4b:53:f9:88:39:f5:8f:36:4b:6e:08:ed:ef:8f:52:07:
        1b:5c:df:b5:2a:d9:1e:37:b0:eb:8a:03:dc:c8:31:d3:3b:20:
        bd:02:e9:53:b8:22:e6:a0:68:32:f4:82:33:38:23:9b:b8:1d:
        2c:6c:38:40:63:7b:b7:00:08:44:44:a9:28:b7:c9:91:2c:08:
        df:32
-----BEGIN CERTIFICATE-----
MIIC8jCCAlugAwIBAgIJALzTdXIfd/3IMA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV
BAYTAkFVMQswCQYDVQQIEwJISzEKMAgGA1UEChMBTzELMAkGA1UECxMCT1UxCzAJ
BgNVBAMTAkNBMRgwFgYJKoZIhvcNAQkBFgljYUBjYS5jb20wHhcNMDcwNzIyMDkw
MjEzWhcNMTAwNzIxMDkwMjEzWjBaMQswCQYDVQQGEwJBVTELMAkGA1UECBMCSEsx
CjAIBgNVBAoTAU8xCzAJBgNVBAsTAk9VMQswCQYDVQQDEwJDQTEYMBYGCSqGSIb3
DQEJARYJY2FAY2EuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDTxXdD
gatD/7lqyxUHnN6YRXsHZf3Jur5Hu/RpaS81rNbssPnK7oPuOJY6BZhCxO5yaXIK
NQJKttcbse4QCyl5KRbvUJhBpCmPXAzXa+imzVQ7kRYpQt6KTRFmuUFdju/aN/jK
ITvY2ocIrJAfcXOYfzsv5VhSNM9/1EmHQ1ly6wIDAQABo4G/MIG8MB0GA1UdDgQW
BBQcIwoFhDPdVcd0w/UqTnexABeYzTCBjAYDVR0jBIGEMIGBgBQcIwoFhDPdVcd0
w/UqTnexABeYzaFepFwwWjELMAkGA1UEBhMCQVUxCzAJBgNVBAgTAkhLMQowCAYD
VQQKEwFPMQswCQYDVQQLEwJPVTELMAkGA1UEAxMCQ0ExGDAWBgkqhkiG9w0BCQEW
CWNhQGNhLmNvbYIJALzTdXIfd/3IMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF
BQADgYEARFYcheg2logJtUoglN+HcpnNkVXRYKTBhgNDNIL6SB6Wjvs3gIjR0XLb
kpsmwqpIorzjWVvZmStLU/mIOfWPNktuCO3vj1IHG1zftSrZHjew64oD3Mgx0zsg
vQLpU7gi5qBoMvSCMzgjm7gdLGw4QGN7twAIRESpKLfJkSwI3zI=
-----END CERTIFICATE-----


发现删除 -----BEGIN CERTIFICATE----- 前面的那些内容后, 导入成功,
也就是说, 证书里面的内容只要这些就可以了: 
-----BEGIN CERTIFICATE-----
MIIC8jCCAlugAwIBAgIJALzTdXIfd/3IMA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV
BAYTAkFVMQswCQYDVQQIEwJISzEKMAgGA1UEChMBTzELMAkGA1UECxMCT1UxCzAJ
BgNVBAMTAkNBMRgwFgYJKoZIhvcNAQkBFgljYUBjYS5jb20wHhcNMDcwNzIyMDkw
MjEzWhcNMTAwNzIxMDkwMjEzWjBaMQswCQYDVQQGEwJBVTELMAkGA1UECBMCSEsx
CjAIBgNVBAoTAU8xCzAJBgNVBAsTAk9VMQswCQYDVQQDEwJDQTEYMBYGCSqGSIb3
DQEJARYJY2FAY2EuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDTxXdD
gatD/7lqyxUHnN6YRXsHZf3Jur5Hu/RpaS81rNbssPnK7oPuOJY6BZhCxO5yaXIK
NQJKttcbse4QCyl5KRbvUJhBpCmPXAzXa+imzVQ7kRYpQt6KTRFmuUFdju/aN/jK
ITvY2ocIrJAfcXOYfzsv5VhSNM9/1EmHQ1ly6wIDAQABo4G/MIG8MB0GA1UdDgQW
BBQcIwoFhDPdVcd0w/UqTnexABeYzTCBjAYDVR0jBIGEMIGBgBQcIwoFhDPdVcd0
w/UqTnexABeYzaFepFwwWjELMAkGA1UEBhMCQVUxCzAJBgNVBAgTAkhLMQowCAYD
VQQKEwFPMQswCQYDVQQLEwJPVTELMAkGA1UEAxMCQ0ExGDAWBgkqhkiG9w0BCQEW
CWNhQGNhLmNvbYIJALzTdXIfd/3IMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF
BQADgYEARFYcheg2logJtUoglN+HcpnNkVXRYKTBhgNDNIL6SB6Wjvs3gIjR0XLb
kpsmwqpIorzjWVvZmStLU/mIOfWPNktuCO3vj1IHG1zftSrZHjew64oD3Mgx0zsg
vQLpU7gi5qBoMvSCMzgjm7gdLGw4QGN7twAIRESpKLfJkSwI3zI=
-----END CERTIFICATE-----


这是为什么?
CA.pl 生成的证书不对? 还是用keytool 导入时需要什么选项?
返回顶楼
   
论坛首页 Java版 Spring

跳转论坛:
JavaEye推荐