KeyStore keystore_client = KeyStore.getInstance("pkcs12");
try(InputStream keyInput = new FileInputStream("2.pfx")){
keystore_client.load(keyInput, null);
}
Enumeration<String> e = keystore_client.aliases();
while(e.hasMoreElements()){
String alias = e.nextElement();
if(keystore_client.getCertificate(alias)==null)
throw new RuntimeException("Cannot get Certificate");
}
When I run this code, I always get the exception: "Cannot get Certificate".
当我运行此代码时,我总是得到异常:“无法获取证书”。
How can I extract certificates from a pkcs12 file?
如何从pkcs12文件中提取证书?
Edit:
The pfx file was created by openssl.
编辑:pfx文件由openssl创建。
$ openssl pkcs12 -export -out 2.pfx -in server.crt -inkey server.key
$ keytool -list -keystore 2.pfx
Enter keystore password:
***************** WARNING WARNING WARNING *****************
* The integrity of the information stored in your keystore *
* has NOT been verified! In order to verify its integrity, *
* you must provide your keystore password. *
***************** WARNING WARNING WARNING *****************
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
1, May 9, 2016, PrivateKeyEntry,
1 个解决方案
#1
1
The reason why you are not getting the certificate is because you are not providing a password. Take a closer look at the warning you are getting:
您没有获得证书的原因是您没有提供密码。仔细看看你得到的警告:
***************** WARNING WARNING WARNING *****************
* The integrity of the information stored in your keystore *
* has NOT been verified! In order to verify its integrity, *
* you must provide your keystore password. *
***************** WARNING WARNING WARNING *****************
If you do JUnit tests on your code and try keystores with a password and without a password you will see that only the ones that need password will let you get certificates via this code, and of course provided that you input a correct password.
如果您对代码进行JUnit测试并尝试使用密码而没有密码的密钥库,您将看到只有需要密码的密钥才能通过此代码获取证书,当然前提是您输入了正确的密码。
Another thing you'll see if you try to extract this from the command line is:
如果您尝试从命令行中提取此内容,您将看到的另一件事是:
***************** WARNING WARNING WARNING *****************
* The integrity of the information stored in your keystore *
* has NOT been verified! In order to verify its integrity, *
* you must provide your keystore password. *
***************** WARNING WARNING WARNING *****************
keytool error: java.lang.Exception: Alias <1> has no certificate
#1
1
The reason why you are not getting the certificate is because you are not providing a password. Take a closer look at the warning you are getting:
您没有获得证书的原因是您没有提供密码。仔细看看你得到的警告:
***************** WARNING WARNING WARNING *****************
* The integrity of the information stored in your keystore *
* has NOT been verified! In order to verify its integrity, *
* you must provide your keystore password. *
***************** WARNING WARNING WARNING *****************
If you do JUnit tests on your code and try keystores with a password and without a password you will see that only the ones that need password will let you get certificates via this code, and of course provided that you input a correct password.
如果您对代码进行JUnit测试并尝试使用密码而没有密码的密钥库,您将看到只有需要密码的密钥才能通过此代码获取证书,当然前提是您输入了正确的密码。
Another thing you'll see if you try to extract this from the command line is:
如果您尝试从命令行中提取此内容,您将看到的另一件事是:
***************** WARNING WARNING WARNING *****************
* The integrity of the information stored in your keystore *
* has NOT been verified! In order to verify its integrity, *
* you must provide your keystore password. *
***************** WARNING WARNING WARNING *****************
keytool error: java.lang.Exception: Alias <1> has no certificate