Java开发网 - 微软颁发的x509证书如何导入到tomcat中

Java开发网

您没有登录

» Java开发网 » Java Security » 精华区

打印话题 寄给朋友 订阅主题

话题被移动

该话题已被移动 - menzy , 2004-05-12 08:43
如果您尚不清楚该话题被移动的原因，请参考论坛规则以及本版公告或者联系本版版主。

作者	微软颁发的x509证书如何导入到tomcat中
leecee 发贴: 0 积分: 0	于 2003-11-17 01:38 用 keytool -import 时老说不是 x509证书

作者	Re:微软颁发的x509证书如何导入到tomcat中 [Re:leecee]
menzy 版主发贴: 754 积分: 113	于 2003-11-17 08:12 把证书贴上来我试试看！

作者	Re:微软颁发的x509证书如何导入到tomcat中 [Re:leecee]
leecee 发贴: 0 积分: 0	于 2003-11-17 09:52 der x.509 v3 leecee.cer (1.0k)

作者	Re:微软颁发的x509证书如何导入到tomcat中 [Re:leecee]
tpchen 发贴: 0 积分: 0	于 2003-11-17 10:10 java keytool 不支援 v3 格式

作者	Re:微软颁发的x509证书如何导入到tomcat中 [Re:leecee]
leecee 发贴: 0 积分: 0	于 2003-11-17 10:16 那怎么办

作者	Re:微软颁发的x509证书如何导入到tomcat中 [Re:leecee]
tpchen 发贴: 0 积分: 0	于 2003-11-17 10:46 希望這個工具對您有幫助 http://homepage.ntlworld.com/wayne_grant/keytool.html 我是初學者,我也不知道x509证书如何导入到tomcat中 ^_^\|\

作者	Re:微软浞⒌膞509证书如何导入到tomcat中 [Re:leecee]
leecee 发贴: 0 积分: 0	于 2003-11-17 10:50 看看先，谢谢，表谦虚

作者	Re:微软颁发的x509证书如何导入到tomcat中 [Re:leecee]
floater Java Jedi 总版主发贴: 3233 积分: 421	于 2003-11-17 12:32 which jdk version are you using? I think the keytool from jdk1.4 should work for v3. Also, try to read it from java. "Any fool can write code that a computer can understand. Good programmers write code that humans can understand." - Martin Fowler, Refactoring - Improving the Design of Existing Code

作者	Re:微软颁发的x509证书如何导入到tomcat中 [Re:leecee]
leecee 发贴: 0 积分: 0	于 2003-11-17 12:43 win32 1.4.2不能用

作者

Re:微软颁发的x509证书如何导入到tomcat中 [Re:leecee]

floater

Java Jedi

总版主

发贴: 3233
积分: 421

于 2003-11-17 23:20

Somehow, the keytool always tries to read this file as a pkcs7 format, but this file is in X509 format. So try to read it in and write it out to a different format.

Here is the output from reading in:
cert=[
[
Version: V3
Subject: EMAILADDRESS=w_ap@sohu.com, CN=leecee, OU=sw, O=nju, L=pk, ST=pk, C=CN
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@2a5
Validity: [From: Sun Nov 16 20:08:31 EST 2003,
To: Tue Nov 16 20:18:31 EST 2004]
Issuer: CN=nju
SerialNumber: [ 12d7dec4 00010000 0083]

Certificate Extensions: 7
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 64 30 62 30 2E 06 08 2B 06 01 05 05 07 30 02 .d0b0...+.....0.

0010: 86 22 68 74 74 70 3A 2F 2F 61 70 2F 43 65 72 74 ."http://ap/Cert

0020: 45 6E 72 6F 6C 6C 2F 61 70 5F 6E 6A 75 28 31 29 Enroll/ap_nju(1)

0030: 2E 63 72 74 30 30 06 08 2B 06 01 05 05 07 30 02 .crt00..+.....0.

0040: 86 24 66 69 6C 65 3A 2F 2F 5C 5C 61 70 5C 43 65 .$file://\\ap\Ce

0050: 72 74 45 6E 72 6F 6C 6C 5C 61 70 5F 6E 6A 75 28 rtEnroll\ap_nju(

0060: 31 29 2E 63 72 74 1).crt

[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 71 29 5B 4C 2A F4 C1 27 3B B4 3B CF 49 BA CB 83 q)[L*..';.;.I...

0010: 59 85 06 28 Y..(

]
]

[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: EF 30 15 A0 19 7F 6E 61 1B 85 EC 3D D8 2F FF E5 .0....na...=./..

0010: CF 14 16 70 ...p

]

]

[4]: ObjectId: 1.2.840.113549.1.9.15 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 37 30 35 30 0E 06 08 2A 86 48 86 F7 0D 03 02 .7050...*.H.....

0010: 02 02 00 80 30 0E 06 08 2A 86 48 86 F7 0D 03 04 ....0...*.H.....

0020: 02 02 00 80 30 07 06 05 2B 0E 03 02 07 30 0A 06 ....0...+....0..

0030: 08 2A 86 48 86 F7 0D 03 07 .*.H.....

[5]: ObjectId: 2.5.29.31 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 4C 30 4A 30 48 A0 46 A0 44 86 1F 68 74 74 70 .L0J0H.F.D..http

0010: 3A 2F 2F 61 70 2F 43 65 72 74 45 6E 72 6F 6C 6C ://ap/CertEnroll

0020: 2F 6E 6A 75 28 31 29 2E 63 72 6C 86 21 66 69 6C /nju(1).crl.!fil

0030: 65 3A 2F 2F 5C 5C 61 70 5C 43 65 72 74 45 6E 72 e://\\ap\CertEnr

0040: 6F 6C 6C 5C 6E 6A 75 28 31 29 2E 63 72 6C oll\nju(1).crl

[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.2]]

[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
]

]
Algorithm: [SHA1withRSA]
Signature:
0000: 34 1D AB AB 34 A4 32 A0 14 5B 05 B4 DA A6 A0 4C 4...4.2..[.....L

0010: 6D 70 32 7A 00 AE 90 FC 8A 90 16 94 BE AA B2 4B mp2z...........K

0020: E7 0B A7 8F 6D 44 57 39 6D 63 E7 97 9E 21 D5 1D ....mDW9mc...!..

0030: 2C 1C F5 7F 1A 52 0B 8C FE 48 D9 F1 1B 0F 5B 0E ,....R...H....[.

0040: ED 71 64 30 CB 46 D4 D3 CA 59 38 81 A3 8C 89 26 .qd0.F...Y8....&

0050: 2C F0 41 28 DB 0D 34 1C 55 0F 60 53 7B A3 F0 44 ,.A(..4.U.`S...D

0060: 8A 0A 3E AB EC F3 B5 80 CD FE F4 22 BC AC B9 C6 ..>........"....

0070: 99 7C FA A1 CF C6 C3 49 8E 4D 3D B0 8B A6 2F 08 .......I.M=.../.

0080: 7A B2 15 19 C7 A6 D7 ED 86 56 70 19 A8 DB 02 EF z........Vp.....

0090: E5 FA 1B F9 39 88 Cool

D9 38 0B 06 39 7D 51 A0 9F ....9...8..9.Q..

00A0: 78 B8 B3 29 BF 9B CC 37 53 BB 14 74 68 D7 EE 02 x..)...7S..th...

00B0: 51 86 E9 49 B4 3C 00 14 45 3A B1 49 93 9E CA F5 Q..I.<..E:.I....

00C0: D0 9E 4D 2C 70 2F 29 CF 09 DD 12 B8 19 BF 19 04 ..M,p/).........

00D0: 80 D3 76 98 56 BE F7 7D D0 60 D5 53 E1 A6 DB C1 ..v.V....`.S....

00E0: 42 F0 DE 0B E5 3A F5 00 48 4A 2E D5 48 22 96 A8 B....:..HJ..H"..

00F0: 48 A1 D7 BD 98 DD 7C 57 C4 EC F1 C0 46 B8 8E C5 H......W....F...

]

"Any fool can write code that a computer can understand. Good programmers write code that humans can understand."
- Martin Fowler, Refactoring - Improving the Design of Existing Code

作者

Re:微软颁发的x509证书如何导入到tomcat中 [Re:leecee]

leecee

发贴: 0
积分: 0

于 2003-11-18 00:46

keytool的开发者告诉我只支持pkkcs#7
不过我试的pkcs#7 也导不进去
没办法了
————————————————————————
他的回复如下
KTG can only import certs from X.509 or PKCs#7 files. It won't do PFX. If
your file is in PFX it is effectively a KeyStore itself so you shold be able
to open it using "File -> Open KeyStore". From there you can export the
certificate to a cer or p7b file and reimport it into your chosen KeyStore.

Cheers,
- Wayne.

leecee edited on 2003-11-18 00:49

作者	Re:微软颁发的x509证书如何导入到tomcat中 [Re:leecee]
robin 超级水鬼发贴: 128 积分: 19	于 2003-11-18 19:46 试试openssl！

作者

Re:微软颁发的x509证书如何导入到tomcat中 [Re:floater]

leecee

发贴: 0
积分: 0

于 2003-11-19 01:33

I have discovered the jdk.1.4.2 can't import
but the jdk1.4.0 ok.

somehow or other,and you know?

floater wrote:
Somehow, the keytool always tries to read this file as a pkcs7 format, but this file is in X509 format. So try to read it in and write it out to a different format.

Here is the output from reading in:
cert=[
[
Version: V3
Subject: EMAILADDRESS=w_ap@sohu.com, CN=leecee, OU=sw, O=nju, L=pk, ST=pk, C=CN
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@2a5
Validity: [From: Sun Nov 16 20:08:31 EST 2003,
To: Tue Nov 16 20:18:31 EST 2004]
Issuer: CN=nju
SerialNumber: [ 12d7dec4 00010000 0083]

Certificate Extensions: 7
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 64 30 62 30 2E 06 08 2B 06 01 05 05 07 30 02 .d0b0...+.....0.

0010: 86 22 68 74 74 70 3A 2F 2F 61 70 2F 43 65 72 74 ."http://ap/Cert

0020: 45 6E 72 6F 6C 6C 2F 61 70 5F 6E 6A 75 28 31 29 Enroll/ap_nju(1)

0030: 2E 63 72 74 30 30 06 08 2B 06 01 05 05 07 30 02 .crt00..+.....0.

0040: 86 24 66 69 6C 65 3A 2F 2F 5C 5C 61 70 5C 43 65 .$file://\\ap\Ce

0050: 72 74 45 6E 72 6F 6C 6C 5C 61 70 5F 6E 6A 75 28 rtEnroll\ap_nju(

0060: 31 29 2E 63 72 74 1).crt

[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 71 29 5B 4C 2A F4 C1 27 3B B4 3B CF 49 BA CB 83 q)[L*..';.;.I...

0010: 59 85 06 28 Y..(

]
]

[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: EF 30 15 A0 19 7F 6E 61 1B 85 EC 3D D8 2F FF E5 .0....na...=./..

0010: CF 14 16 70 ...p

]

]

[4]: ObjectId: 1.2.840.113549.1.9.15 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 37 30 35 30 0E 06 08 2A 86 48 86 F7 0D 03 02 .7050...*.H.....

0010: 02 02 00 80 30 0E 06 08 2A 86 48 86 F7 0D 03 04 ....0...*.H.....

0020: 02 02 00 80 30 07 06 05 2B 0E 03 02 07 30 0A 06 ....0...+....0..

0030: 08 2A 86 48 86 F7 0D 03 07 .*.H.....

[5]: ObjectId: 2.5.29.31 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 4C 30 4A 30 48 A0 46 A0 44 86 1F 68 74 74 70 .L0J0H.F.D..http

0010: 3A 2F 2F 61 70 2F 43 65 72 74 45 6E 72 6F 6C 6C ://ap/CertEnroll

0020: 2F 6E 6A 75 28 31 29 2E 63 72 6C 86 21 66 69 6C /nju(1).crl.!fil

0030: 65 3A 2F 2F 5C 5C 61 70 5C 43 65 72 74 45 6E 72 e://\\ap\CertEnr

0040: 6F 6C 6C 5C 6E 6A 75 28 31 29 2E 63 72 6C oll\nju(1).crl

[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.2]]

[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
]

]
Algorithm: [SHA1withRSA]
Signature:
0000: 34 1D AB AB 34 A4 32 A0 14 5B 05 B4 DA A6 A0 4C 4...4.2..[.....L

0010: 6D 70 32 7A 00 AE 90 FC 8A 90 16 94 BE AA B2 4B mp2z...........K

0020: E7 0B A7 8F 6D 44 57 39 6D 63 E7 97 9E 21 D5 1D ....mDW9mc...!..

0030: 2C 1C F5 7F 1A 52 0B 8C FE 48 D9 F1 1B 0F 5B 0E ,....R...H....[.

0040: ED 71 64 30 CB 46 D4 D3 CA 59 38 81 A3 8C 89 26 .qd0.F...Y8....&

0050: 2C F0 41 28 DB 0D 34 1C 55 0F 60 53 7B A3 F0 44 ,.A(..4.U.`S...D

0060: 8A 0A 3E AB EC F3 B5 80 CD FE F4 22 BC AC B9 C6 ..>........"....

0070: 99 7C FA A1 CF C6 C3 49 8E 4D 3D B0 8B A6 2F 08 .......I.M=.../.

0080: 7A B2 15 19 C7 A6 D7 ED 86 56 70 19 A8 DB 02 EF z........Vp.....

0090: E5 FA 1B F9 39 88 D9 38 0B 06 39 7D 51 A0 9F ....9...8..9.Q..

00A0: 78 B8 B3 29 BF 9B CC 37 53 BB 14 74 68 D7 EE 02 x..)...7S..th...

00B0: 51 86 E9 49 B4 3C 00 14 45 3A B1 49 93 9E CA F5 Q..I.<..E:.I....

00C0: D0 9E 4D 2C 70 2F 29 CF 09 DD 12 B8 19 BF 19 04 ..M,p/).........

00D0: 80 D3 76 98 56 BE F7 7D D0 60 D5 53 E1 A6 DB C1 ..v.V....`.S....

00E0: 42 F0 DE 0B E5 3A F5 00 48 4A 2E D5 48 22 96 A8 B....:..HJ..H"..

00F0: 48 A1 D7 BD 98 DD 7C 57 C4 EC F1 C0 46 B8 8E C5 H......W....F...

]

作者	Re:微软颁发的x509证书如何导入到tomcat中 [Re:leecee]
bawanglongqiqi 发贴: 73 积分: 37	于 2004-01-08 16:19 jdk版本问题

已读帖子

新的帖子

被删除的帖子