keytool 和 java keystore.aliases() 之间的 .pfx 文件或 .p12 文件的别名不匹配
alias mismatch of .pfx file or .p12 file between keytool and java keystore.aliases()
我正在尝试使用
从 pfx/p12 文件中获取别名
keytool -v -list -storetype pkcs12 -keystore servercert.p12 -storepass 1234
这给了我
Keystore type: PKCS12
Keystore provider: SunJSSE
Your keystore contains 1 entry
Alias name: 1
Creation date: Jul 4, 2017
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=CSIT CA, O="CSIT CA,Ltd.", L=Dhaka, ST=Dhaka, C=BD
Issuer: EMAILADDRESS=csit@csit.com, CN=CSIT CA, OU=Software Department, O=CSIT CA, L=Dhaka, ST=Dhaka, C=BD
Serial number: 1
Valid from: Tue Jul 04 15:41:40 BDT 2017 until: Mon Mar 30 15:41:40 BDT 2020
Certificate fingerprints:
MD5: 5C:CC:77:17:6C:91:FC:81:58:5A:D4:B0:FE:D8:B9:A8
SHA1: 9A:34:32:64:29:BF:0B:7E:4F:63:1B:27:99:54:41:0F:9D:55:CF:C8
SHA256: 27:01:BE:9D:F6:0E:38:35:AE:9C:07:B9:64:AB:76:50:06:D3:5D:8E:25:C4:59:87:D0:E9:A1:5A:96:41:D7:70
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
0000: 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 72 61 ..OpenSSL Genera
0010: 74 65 64 20 43 65 72 74 69 66 69 63 61 74 65 ted Certificate
#2: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 32 0F 04 D5 F6 1B 84 E5 87 EB 64 70 C7 D8 F2 5F 2.........dp..._
0010: FA 92 4D 57 ..MW
]
]
#3: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
#4: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
]
#5: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: example.com
DNSName: www.example.com
DNSName: mail.example.com
DNSName: ftp.example.com
]
#6: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 1C 59 74 4B 59 3B 1D 76 99 C2 10 4D 09 12 94 BB .YtKY;.v...M....
0010: 20 95 2C 21 .,!
]
]
*******************************************
*******************************************
这里的别名是"1"。
但是,我也尝试使用 java
KeyStore keystore = KeyStore.getInstance("PKCS12", "BC");
InputStream input = PdfSigner.class.getResourceAsStream(KEYSTORE_LOCATION);
keystore.load(input, PASSWORD.toCharArray());
System.out.println(keystore.size());
Enumeration<String> s=keystore.aliases();
while(s.hasMoreElements()){
System.out.println("alias:"+s.nextElement());
}
这给了我
1
alias:326bbd5c3d1ad4c6013ee70938d2c76b3c7a29d0
显示别名不匹配。
注意:我使用 this
生成我的证书
Q1:为什么不匹配?
Q2: 如果不匹配,我的客户如何向我提供 pfx/p12 文件、别名和密码,用于即时签署 pdf ?
别名是一个友好的名称,但它是可选的。如果未设置,可能每个工具都使用不同的方法来计算它。导出 .p12 文件时,检查设置为别名的 "name"。
例如使用
openssl pkcs12 -export -in my-cert.crt -inkey my-priv-key.key -certfile my-ca-bundle -out my-pfx.pfx -name "alias"
我正在尝试使用
从 pfx/p12 文件中获取别名keytool -v -list -storetype pkcs12 -keystore servercert.p12 -storepass 1234
这给了我
Keystore type: PKCS12
Keystore provider: SunJSSE
Your keystore contains 1 entry
Alias name: 1
Creation date: Jul 4, 2017
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=CSIT CA, O="CSIT CA,Ltd.", L=Dhaka, ST=Dhaka, C=BD
Issuer: EMAILADDRESS=csit@csit.com, CN=CSIT CA, OU=Software Department, O=CSIT CA, L=Dhaka, ST=Dhaka, C=BD
Serial number: 1
Valid from: Tue Jul 04 15:41:40 BDT 2017 until: Mon Mar 30 15:41:40 BDT 2020
Certificate fingerprints:
MD5: 5C:CC:77:17:6C:91:FC:81:58:5A:D4:B0:FE:D8:B9:A8
SHA1: 9A:34:32:64:29:BF:0B:7E:4F:63:1B:27:99:54:41:0F:9D:55:CF:C8
SHA256: 27:01:BE:9D:F6:0E:38:35:AE:9C:07:B9:64:AB:76:50:06:D3:5D:8E:25:C4:59:87:D0:E9:A1:5A:96:41:D7:70
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
0000: 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 72 61 ..OpenSSL Genera
0010: 74 65 64 20 43 65 72 74 69 66 69 63 61 74 65 ted Certificate
#2: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 32 0F 04 D5 F6 1B 84 E5 87 EB 64 70 C7 D8 F2 5F 2.........dp..._
0010: FA 92 4D 57 ..MW
]
]
#3: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
#4: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
]
#5: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: example.com
DNSName: www.example.com
DNSName: mail.example.com
DNSName: ftp.example.com
]
#6: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 1C 59 74 4B 59 3B 1D 76 99 C2 10 4D 09 12 94 BB .YtKY;.v...M....
0010: 20 95 2C 21 .,!
]
]
*******************************************
*******************************************
这里的别名是"1"。
但是,我也尝试使用 java
KeyStore keystore = KeyStore.getInstance("PKCS12", "BC");
InputStream input = PdfSigner.class.getResourceAsStream(KEYSTORE_LOCATION);
keystore.load(input, PASSWORD.toCharArray());
System.out.println(keystore.size());
Enumeration<String> s=keystore.aliases();
while(s.hasMoreElements()){
System.out.println("alias:"+s.nextElement());
}
这给了我
1
alias:326bbd5c3d1ad4c6013ee70938d2c76b3c7a29d0
显示别名不匹配。
注意:我使用 this
生成我的证书Q1:为什么不匹配?
Q2: 如果不匹配,我的客户如何向我提供 pfx/p12 文件、别名和密码,用于即时签署 pdf ?
别名是一个友好的名称,但它是可选的。如果未设置,可能每个工具都使用不同的方法来计算它。导出 .p12 文件时,检查设置为别名的 "name"。
例如使用
openssl pkcs12 -export -in my-cert.crt -inkey my-priv-key.key -certfile my-ca-bundle -out my-pfx.pfx -name "alias"