Java keytool从url / port添加服务器证书的简便方法

时间:2022-01-10 14:54:35

I have a server with a self signed certificate, but also requires client side cert authentication. I am having a rough time trying to get the raw CA server cert so I can import it into a keystore. Anyone have some suggestions on how to easily do that? Thanks.

我有一个带有自签名证书的服务器,但也需要客户端证书身份验证。我正在尝试获取原始CA服务器证书,因此我可以将其导入密钥库。任何人都有一些关于如何轻松做到这一点的建议?谢谢。

3 个解决方案

#1


66  

Was looking at how to trust a certificate while using jenkins cli, and found https://issues.jenkins-ci.org/browse/JENKINS-12629 which has some recipe for that.

在查看如何在使用jenkins cli时信任证书,并找到https://issues.jenkins-ci.org/browse/JENKINS-12629,其中有一些配方。

This will give you the certificate:

这将为您提供证书:

openssl s_client -connect ${HOST}:${PORT} </dev/null

if you are interested only in the certificate part, cut it out by piping it to:

如果您只对证书部分感兴趣,可以通过管道将其剪切为:

| sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'

and redirect to a file:

并重定向到文件:

> ${HOST}.cert

Then import it using keytool:

然后使用keytool导入它:

keytool -import -noprompt -trustcacerts -alias ${HOST} -file ${HOST}.cert \
    -keystore ${KEYSTOREFILE} -storepass ${KEYSTOREPASS}

In one go:

一气呵成:

HOST=myhost.example.com
PORT=443
KEYSTOREFILE=dest_keystore
KEYSTOREPASS=changeme

# get the SSL certificate
openssl s_client -connect ${HOST}:${PORT} </dev/null \
    | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ${HOST}.cert

# create a keystore and import certificate
keytool -import -noprompt -trustcacerts \
    -alias ${HOST} -file ${HOST}.cert \
    -keystore ${KEYSTOREFILE} -storepass ${KEYSTOREPASS}

# verify we've got it.
keytool -list -v -keystore ${KEYSTOREFILE} -storepass ${KEYSTOREPASS} -alias ${HOST}

#2


18  

There were a few ways I found to do this:

我发现有几种方法可以做到这一点:

  • Firefox: Add Exception -> Get Certificat -> View -> Details -> Export...
  • Firefox:添加例外 - >获取证书 - >查看 - >详细信息 - >导出...

  • KeyMan (http://www.alphaworks.ibm.com/tech/keyman) You can get SSL cert directly from the File -> Import menu
  • KeyMan(http://www.alphaworks.ibm.com/tech/keyman)您可以直接从文件 - >导入菜单中获取SSL证书

  • InstallCert (Code by Andreas Sterbenz)
  • InstallCert(安德烈亚斯斯特本兹代码)

    java InstallCert [host]:[port] 
    keytool -exportcert -keystore jssecacerts -storepass changeit -file output.cert
    keytool -importcert -keystore [DESTINATION_KEYSTORE] -file output.cert

#3


4  

You can export a certificate using Firefox, this site has instructions. Then you use keytool to add the certificate.

您可以使用Firefox导出证书,此站点有说明。然后使用keytool添加证书。

#1


66  

Was looking at how to trust a certificate while using jenkins cli, and found https://issues.jenkins-ci.org/browse/JENKINS-12629 which has some recipe for that.

在查看如何在使用jenkins cli时信任证书,并找到https://issues.jenkins-ci.org/browse/JENKINS-12629,其中有一些配方。

This will give you the certificate:

这将为您提供证书:

openssl s_client -connect ${HOST}:${PORT} </dev/null

if you are interested only in the certificate part, cut it out by piping it to:

如果您只对证书部分感兴趣,可以通过管道将其剪切为:

| sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'

and redirect to a file:

并重定向到文件:

> ${HOST}.cert

Then import it using keytool:

然后使用keytool导入它:

keytool -import -noprompt -trustcacerts -alias ${HOST} -file ${HOST}.cert \
    -keystore ${KEYSTOREFILE} -storepass ${KEYSTOREPASS}

In one go:

一气呵成:

HOST=myhost.example.com
PORT=443
KEYSTOREFILE=dest_keystore
KEYSTOREPASS=changeme

# get the SSL certificate
openssl s_client -connect ${HOST}:${PORT} </dev/null \
    | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ${HOST}.cert

# create a keystore and import certificate
keytool -import -noprompt -trustcacerts \
    -alias ${HOST} -file ${HOST}.cert \
    -keystore ${KEYSTOREFILE} -storepass ${KEYSTOREPASS}

# verify we've got it.
keytool -list -v -keystore ${KEYSTOREFILE} -storepass ${KEYSTOREPASS} -alias ${HOST}

#2


18  

There were a few ways I found to do this:

我发现有几种方法可以做到这一点:

  • Firefox: Add Exception -> Get Certificat -> View -> Details -> Export...
  • Firefox:添加例外 - >获取证书 - >查看 - >详细信息 - >导出...

  • KeyMan (http://www.alphaworks.ibm.com/tech/keyman) You can get SSL cert directly from the File -> Import menu
  • KeyMan(http://www.alphaworks.ibm.com/tech/keyman)您可以直接从文件 - >导入菜单中获取SSL证书

  • InstallCert (Code by Andreas Sterbenz)
  • InstallCert(安德烈亚斯斯特本兹代码)

    java InstallCert [host]:[port] 
    keytool -exportcert -keystore jssecacerts -storepass changeit -file output.cert
    keytool -importcert -keystore [DESTINATION_KEYSTORE] -file output.cert

#3


4  

You can export a certificate using Firefox, this site has instructions. Then you use keytool to add the certificate.

您可以使用Firefox导出证书,此站点有说明。然后使用keytool添加证书。