原文地址:(http://alvinalexander.com/java/java-using-keytool-import-certificate-keystore)
Java keytool import FAQ: Can you share some examples of the Java keytool import command and process?
When you're working with Java public and private keys, there may be a time when someone else says, "Here is a certificate. Import it into your public key keystore, and then you can do XYZ", where "XYZ" can be a variety of things, including reading their document, using their Java application, etc. To do this you need to use the Java keytool import command.
In this example I'll assume that you have just received a keytool certificate file from another person, and you want to import the information in that certificate file into your public keystore file.
Java keytool import - Import a certificate into a public keystore
Assuming that you've been given a certificate file named "certfile.cer" which contains an alias named "foo", you can import it into a public keystore named "publicKey.store" with the following keytool import command:
1 2 3 |
$ keytool -import -alias foo -file certfile.cer -keystore publicKey.store |
This import command can be read as:
- Read from the certfile file named certfile.cer.
- Look in that file for an alias named "foo".
- If you find the alias "foo", import the information into the keystore named "publicKey.store".
- Note: The file publicKey.store may already exist, in which case the public key for "foo" will be added to that keystore file; otherwise, publicKey.store will be created.
Java keytool import - a complete example
Here's the actual input and output from a Java keytool import example. Hopefully you can use the description I just provided to understand how this command works:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
$ keytool -import -alias publicCertFromAl -file certfile.cer -keystore publicKey.store Enter keystore password: BARBAZ Owner: CN=Alvin Alexander, OU=Application Development, O=devdaily.com, L=Louisville, ST=KY, C=US Issuer: CN=Alvin Alexander, OU=Application Development, O=devdaily.com, L=Louisville, ST=KY, C=US Serial number: 4bd4e793 Valid from: Sun Apr 25 17:08:35 AKDT 2010 until: Sat Jul 24 17:08:35 AKDT 2010 Certificate fingerprints: MD5: 55:20:B2:68:FD:0F:4E:BF:D5:E5:D5:04:47:6C:E3:10 SHA1: 25:17:A0:CA:86:CC:3E:6C:2D:C0:4E:8D:E8:33:05:F7:4B:50:FE:E5 Trust this certificate? [no]: yes Certificate was added to keystore |
A few important points here about this output:
- The alias used here (publicCertFromAl) does not have to correspond to the alias used when the private key keystore and certificate file were created.
- The password shown above is the password for the keystore named publicKey.store.
因为对tomcat下ssl的运作机制不太熟悉,只是在工作中遇到了这个问题,所以转载这篇文章,以做记录。原文所在的网站里还有很多关于keytool的详尽内容,有需要的可以浏览一下,主人看起来还是很厉害的样子。