【问题标题】:Android SSL certificate conversionAndroid SSL证书转换
【发布时间】:2016-12-21 10:06:30
【问题描述】:

我想使用安卓 HTTPS 连接。我有 .crt 格式的 SSL 证书,但 android 需要 .bks 格式如何在 ubuntu 中转换此证书格式

【问题讨论】:

标签: android ssl


【解决方案1】:

步骤:-

  1. 通过 Windows 操作系统或任何其他来源将“.crt”转换为“.cer - (Base 64)”。

  2. http://www.bouncycastle.org/latest_releases.html下载“Bouncy Castle provider”(bcprov-jdkxx-xxx.jar)

  3. 使用以下cmd将生成的“.cer”转换为“.bks”格式:-

"pathOfJRE/bin/keytool_here" -importcert -v -trustcacerts -file ".cerFilePath_here" -alias myAlias -keystore "pathToStoreGeneratedBKSfile_here" -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath "downloadedBouncyCastleProviderLocation_here" -storetype BKS - storepass "bksFilePassword_here"

******示例****** "C:\Program Files (x86)\Java\jre1.8.0_91\bin\keytool" -importcert -v -trustcacerts -file "C:\Users\chetan\Desktop\Pravin-123/abc_prod.cer" -alias myAlias -keystore "C:\Users\chetan\Desktop\Pravin-123/abc_tbu__prod.bks" -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath "C:\Users\chetan\Desktop\Pravin-123\bcprov-jdk15on -155.jar" -storetype BKS -storepass "abc!Tbu@app123"


  1. 验证生成的.bks文件,cmd:-

"pathOfJRE/bin/keytool_here" -list -keystore "pathOfeGeneratedBKSfile_here" -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath ""downloadedBouncyCastleProviderLocation_here" -storetype BKS -storepass "bksFilePassword_here"

******示例***** "C:\Program Files (x86)\Java\jre1.8.0_91\bin\keytool" -list -keystore "C:\Users\chetan\Desktop\Pravin-123/abc_tbu__prod.bks" -provider org.bouncycastle.jce .provider.BouncyCastleProvider -providerpath "C:\Users\chetan\Desktop\Pravin-123\bcprov-jdk15on-155.jar" -storetype BKS -storepass ""abcTbu@app123"


  1. 在 android 中使用这个 bks 文件。将其放在原始文件夹中,并将其路径提供给 Secure httpUrlConnection

-参考: http://transoceanic.blogspot.in/2011/11/android-import-ssl-certificate-and-use.html,

https://github.com/ikust/hello-pinnedcerts

【讨论】:

    【解决方案2】:

    要生成.bks 文件,您需要:

    • openssl
    • sed
    • keytool(JAVA自带)
    • 充气城堡罐 - Link to File

    现在执行以下步骤:

    获取服务器的公共自签名证书:

    echo | openssl s_client -connect [SERVER_URL]:443 2>&1 | \
      sed -ne "/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p" > [Certificate_file_name].pem
    

    使用密码生成 .bks 文件

    keytool -importcert -v -trustcacerts -file "[Certificate_file_name].pem" \
      -alias [Alias_name] -keystore "[BKS_file_name].bks" \
      -provider org.bouncycastle.jce.provider.BouncyCastleProvider \
      -providerpath "[DOWNLOADED_JAR_FILE_PATH]" -storetype BKS -storepass [Pass_phrase]
    

    确认文件已创建

    keytool -list -keystore "[BKS_file_name].bks" \
      -provider org.bouncycastle.jce.provider.BouncyCastleProvider \
      -providerpath "[DOWNLOADED_JAR_FILE_PATH]" -storetype BKS -storepass [Pass_phrase]
    

    【讨论】:

      猜你喜欢
      • 2015-08-28
      • 1970-01-01
      • 1970-01-01
      • 2013-05-11
      • 2011-09-02
      • 1970-01-01
      • 2016-06-30
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多