问题描述
我在这方面的知识不多,但我仍然尝试通过谷歌搜索来做事.这是我面临的问题.
I don't have much knowledge in this area, but i have still tried to do things by googling. Here is the problem i am facing.
我有一个 CA 签名证书,我想在我的 Web 应用程序中使用它.我首先创建了一个密钥库.我看到它在密钥库中创建了一个条目类型keyEntry".然后我将 CA 签名证书导入到创建的密钥库中.
I have a CA signed certificate and i would like to use it in my Web Application. I first created a keystore. I see that it creates an entry type "keyEntry" in the keystore. Then i import the CA signed certificate to the keystore created.
步骤如下:
keytool -genkeypair -keystore keystore.jks
我在别名mykey"的keyEntry"类型的密钥库中看到一个条目
I see an entry in the keystore of type "keyEntry" of alias "mykey"
现在我导入证书:
keytool -importcert -alias abc -file cert.crt -keystore keystore.jks
现在我看到另一个 trype "trustedcertEntry" 条目.
Now i see another entry of trype "trustedcertEntry".
有了这个密钥库,我可以在上传 Web 应用程序时访问它.
With this keystore i am able to access my web application when i uploaded it.
我在导入证书时即时创建了一个密钥库.
I create a keystore on the fly while importing the certificate.
keytool -importcert -alias abc -file cert.crt -keystore keystore2.jks
这里我只看到一种条目类型,即trustedcertEntry"
Here i see only one entry type which is "trustedcertEntry"
使用此密钥库,我无法访问我的 Web 应用程序.
With this keystore i am not able to access my web application.
什么是密钥条目类型keyEntry"和trustedcertEntry",为什么我的密钥库只有在我有条目类型keyEntry"时才有效
What is key entry type "keyEntry" and "trustedcertEntry" and why does my keystore works only when i have the entry type "keyEntry"
推荐答案
我对 keytool 的理解充其量是微不足道的,但我认为诀窍在于,对于案例 2,通过省略 -genkeypair,您'没有生成必要的私钥.
My understanding of keytool is tenuous at best but I think the trick is that with Case 2, by omitting the -genkeypair, you're not generating the necessary private key.
在案例 1 中,您使用的步骤是:创建一个私钥对(公钥和私钥),然后将证书导入到密钥库的受信任证书中.假设您在密钥库中有另一个与私钥连接的证书,尽管受信任的证书可能正在充当证书,或者您的应用程序未在同一文件中使用连接的密钥对/证书.
In Case 1, the steps you're using are: create a private key pair (public key and private key), and then import a certificate into the trusted certificates for the keystore. Presumably you have another certificate in the keystore that's joining with the private key though it's possible the trusted cert is acting as the cert or your application isn't using a joined keypair/cert in the same file.
我可以说trustedCertEntry"是受密钥库信任的证书.这对于允许证书链至关重要(例如:Root-CA 签署 Intermediate-CA1,后者签署 End-Cert1.如果没有 Root-CA 和 Intermediate-CA1 作为trustedCertEntry,则密钥库不信任最终证书).TrustedCertEntry 没有与之关联的私钥,只有证书包含的公钥.
I can say that a 'trustedCertEntry' is a certificate which is trusted by the keystore. This is essential for allowing certificate chains (ex: Root-CA signs Intermediate-CA1 which signs End-Cert1. Without having both Root-CA and Intermediate-CA1 as trustedCertEntry, the keystore doesn't trust the end cert). TrustedCertEntry do not have private keys associated with them, only the public key the certificate contains.
keyEntry(我认为!)是没有证书的公钥/私钥对.
A keyEntry (I think!) is a public/private key pair without the certificate.
privateKeyEntry 是带有关联 CA 签名或自签名证书的公钥/私钥对.
A privateKeyEntry is a public/private key pair with an associated CA-signed or self-signed certificate.
这篇关于条目类型“keyEntry"之间的区别和“trustedCertEntry"在密钥库中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!