Java keytool easy way to add server cert from url/port(Java keytool 从 url/port 添加服务器证书的简单方法)
问题描述
我有一个带有自签名证书的服务器,但也需要客户端证书身份验证.我在尝试获取原始 CA 服务器证书时遇到了困难,因此我可以将其导入密钥库.有人对如何轻松做到这一点有一些建议吗?谢谢.
I have a server with a self signed certificate, but also requires client side cert authentication. I am having a rough time trying to get the raw CA server cert so I can import it into a keystore. Anyone have some suggestions on how to easily do that? Thanks.
推荐答案
正在研究使用jenkins cli时如何信任证书,发现https://issues.jenkins-ci.org/browse/JENKINS-12629 有一些配方那个.
Was looking at how to trust a certificate while using jenkins cli, and found https://issues.jenkins-ci.org/browse/JENKINS-12629 which has some recipe for that.
这会给你证书:
openssl s_client -connect ${HOST}:${PORT} </dev/null
如果您只对证书部分感兴趣,请通过管道将其剪掉:
if you are interested only in the certificate part, cut it out by piping it to:
| sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
并重定向到一个文件:
> ${HOST}.cert
然后使用keytool导入:
Then import it using keytool:
keytool -import -noprompt -trustcacerts -alias ${HOST} -file ${HOST}.cert
-keystore ${KEYSTOREFILE} -storepass ${KEYSTOREPASS}
一口气:
HOST=myhost.example.com
PORT=443
KEYSTOREFILE=dest_keystore
KEYSTOREPASS=changeme
# get the SSL certificate
openssl s_client -connect ${HOST}:${PORT} </dev/null
| sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ${HOST}.cert
# create a keystore and import certificate
keytool -import -noprompt -trustcacerts
-alias ${HOST} -file ${HOST}.cert
-keystore ${KEYSTOREFILE} -storepass ${KEYSTOREPASS}
# verify we've got it.
keytool -list -v -keystore ${KEYSTOREFILE} -storepass ${KEYSTOREPASS} -alias ${HOST}
这篇关于Java keytool 从 url/port 添加服务器证书的简单方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!
本文标题为:Java keytool 从 url/port 添加服务器证书的简单方法
基础教程推荐
- Spring Boot Freemarker从2.2.0升级失败 2022-01-01
- 如何对 HashSet 进行排序? 2022-01-01
- 如何使用 Eclipse 检查调试符号状态? 2022-01-01
- Java 中保存最后 N 个元素的大小受限队列 2022-01-01
- 如何使用 Stream 在集合中拆分奇数和偶数以及两者的总和 2022-01-01
- 首次使用 Hadoop,MapReduce Job 不运行 Reduce Phase 2022-01-01
- 如何在不安装整个 WTP 包的情况下将 Tomcat 8 添加到 Eclipse Kepler 2022-01-01
- 如何强制对超级方法进行多态调用? 2022-01-01
- 由于对所需库 rt.jar 的限制,对类的访问限制? 2022-01-01
- 在螺旋中写一个字符串 2022-01-01