【发布时间】:2018-08-30 16:35:41
【问题描述】:
下面是我现在的 JKS
bash-3.2$ keytool -list -keystore /web/myfolder/maincert.jks
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 4 entries
root, Aug 1, 2017, trustedCertEntry,
Certificate fingerprint (SHA1): 02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68
maincert, Aug 1, 2017, PrivateKeyEntry,
Certificate fingerprint (SHA1): A0:BF:8A:61:D7:AE:82:A6:EE:4B:EB:E0:22:19:73:2E:FC:85:F8:AC
intermediate2, Aug 1, 2017, trustedCertEntry,
Certificate fingerprint (SHA1): 70:60:8B:40:D0:B7:76:17:4A:4E:D8:54:16:58:27:70:B3:07:B9:05
intermediate1, Aug 1, 2017, trustedCertEntry,
Certificate fingerprint (SHA1): EA:B0:40:68:9A:0D:80:5B:5D:6F:D6:54:FC:16:8C:FF:00:B7:8B:E3
然后我使用这个命令删除了“maincert”
keytool -delete -alias maincert -keystore /web/myfolder/maincert.jks
然后我添加了 CA 签署的新证书 [maincert.crt_2018],使用相同的旧别名,如下所示:
keytool -import -file /web/myfolder/maincert.crt_2018 -alias maincert -keystore /web/myfolder/maincert.jks
但新证书现在在 JKS 中显示为受信任条目,而不是像以前那样显示为 PrivateKeyEntry。请看下面:
bash-3.2$ keytool -list -keystore /web/myfolder/maincert.jks
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 4 entries
root, Aug 1, 2017, trustedCertEntry,
Certificate fingerprint (SHA1): 02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68
maincert, Aug 28, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): D2:7F:D0:86:79:0D:F3:06:66:C4:09:2E:29:A0:8F:8A:F3:E2:09:10
intermediate2, Aug 1, 2017, trustedCertEntry,
Certificate fingerprint (SHA1): 70:60:8B:40:D0:B7:76:17:4A:4E:D8:54:16:58:27:70:B3:07:B9:05
intermediate1, Aug 1, 2017, trustedCertEntry,
Certificate fingerprint (SHA1): EA:B0:40:68:9A:0D:80:5B:5D:6F:D6:54:FC:16:8C:FF:00:B7:8B:E3
你能建议这里有什么问题吗?
【问题讨论】:
-
您删除了私钥。你预计会发生什么?
-
如果我不触发 keytool -delete 命令并简单地导入,那么我会收到以下错误:keytool error: java.security.cert.CertificateException: java.io.IOException: Short read of DER长度
标签: ssl ssl-certificate jks