我得到了一个私钥,结果是 pkcs8 格式,我设法使用以下命令将其转换为 pem 文件:
I have a been given a private key that turned out to be in pkcs8 format, which I managed to turn into a pem file using the following command:
openssl pkcs8 -inform der -nocrypt -in private.key -out pkey.pem
我现在需要将其转换为 pkcs12,以便我可以在 .NET 中使用它来创建 X509 证书(我也想将其导入 Windows 证书管理器).
I now need to convert this to pkcs12 so I can use it in .NET to create an X509 certificate (also I'd like to import it to windows cert manager).
我试过这个命令:
openssl pkcs12 -export -name myalias -in mycert.crt -inkey pkey.pem -out keystore.p12
但是,我没有公钥,我尝试使用 pkey.pem 文件作为 -in arg,但它告诉我 没有证书匹配私钥
.如果我在没有 -in
arg 的情况下尝试,那么什么也不会发生(我的意思是什么,在我按下 ctrl-c
之前会有一个空白行).
however, I don't have the public key, I've tried using the pkey.pem file as the -in arg, but it tells me No certificate matches private key
. If I try without the -in
arg then nothing happens (and I mean nothing, there is a blank row until I press ctrl-c
).
如何从私钥生成公钥,或者在没有公钥的情况下转换为pkcs12?
How can I generate the public key from the private key, or convert to pkcs12 without the public key?
这个问题的第一部分是来自这里的答案
我找到了一个答案,给了我一些希望,它说要运行这个命令 (-nocerts):>
I found an answer that gave me some hope, which says to run this command (-nocerts):
openssl pkcs12 -export -nocerts -inkey your.private.key.pem -out your.private.key.p12
但是当我尝试将文件导入 Windows 密钥库时,它在导入时显示指定的文件为空
.
But when I try to import the file into the windows key store, it says The specified file is empty
when it is importing.
我还设法根据说明生成了证书签名请求 这里,它生成了一个证书文件,但命令仍然不接受说没有证书匹配私钥
I've also managed to generate a certificate signing request from instructions here, which generated a certificate file, but the command still didn't accept that saying No certificate matches private key
另一个答案建议生成公钥,我确实这样做了,但是当我将其用作 -在
arg 中它仍然说No certificate matching private key
,我不明白,因为这个公钥是使用以下命令从私钥生成的:openssl rsa -in privkey.pem -pubout >key.pub
Another answer suggests generating the public key, which I do, but when I use that as the -in
arg it still says No certificate matches private key
, which I don't understand as this public key was generated from the private key using this command: openssl rsa -in privkey.pem -pubout > key.pub
我已经在下面发布了一个答案,但如前所述,我无法验证此信息或判断它是否有效.如果有人有任何进一步的信息,请告诉我.
I've posted an answer below, but as mentioned I've no way of verifying this information or telling if it works. If anyone has any further information, please let me know.
看起来:
以下命令将其转换为可在 Windows 中使用的格式:
The following commands turn this into a format usable in windows:
将私钥从 pkcs8/DER 转换为 PEM 文件格式
Convert the private key from pkcs8/DER to a PEM file format
openssl pkcs8 -nocrypt -in dealerPrivate.key -inform der -outform pem -out private.pem
将证书从 x509/DER 转换为 PEM 文件格式
Convert the certificate from x509/DER to a PEM file format
openssl x509 -inform der -in dealerCertificate.x509 -out public.pem
将这两个文件合并为一个 pkcs12 文件 - 系统将提示您输入密码以保护 p12
Merge the two files into a pkcs12 file – you will be prompted for password to protect the p12 with
openssl pkcs12 -export -inkey private.pem -in public.pem -out mycert.p12
这为我提供了一个 pkcs12 证书(我认为),我已将其添加到 Windows 密钥库中,然后可以从 .NET 访问并将其附加到我的 WCF 请求中.
This gives me a pkcs12 certificate (I think) that I've added to the windows key store and can then access from .NET and attach it to my WCF request.
不幸的是,我无法验证这是否可以作为具有与我的请求相同数据的服务响应,这完全令人困惑:
Unfortunately I can't verify that this works as the service response with the same data as my request, which is completely confusing:
请求:
POST http://[HOST].com/services/fsa/1.0 HTTP/1.1
Content-Type: text/xml; charset=utf-8
VsDebuggerCausalityData: uIDPo0ii5Jr5wONMi6i/jkMQdFkAAAAArRV2zOsUrEioQMkqYDWulG6ktjqzCoRLtP+/9VQSARUACQAA
SOAPAction: ""
Host: [HOST]
Content-Length: 299
Expect: 100-continue
Connection: Keep-Alive
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><list xmlns="http://[HOST].com/services/fsa/1.0"><String_1 xmlns="">[MY_STRING]</String_1></list></s:Body></s:Envelope>
回复:
HTTP/1.1 200 OK
Date: Thu, 31 Oct 2013 12:19:38 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/1.0.0a mod_jk/1.2.31
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
VsDebuggerCausalityData: uIDPo0ii5Jr5wONMi6i/jkMQdFkAAAAArRV2zOsUrEioQMkqYDWulG6ktjqzCoRLtP+/9VQSARUACQAA
SOAPAction: ""
host: [HOST]
Expect: 100-continue
connection: Keep-Alive, Keep-Alive
Content-Length: 299
Keep-Alive: timeout=2, max=100
Content-Type: text/xml;charset=utf-8
<s:Envelope xmlns:s='http://schemas.xmlsoap.org/soap/envelope/'><s:Body xmlns:xsd='http://www.w3.org/2001/XMLSchema' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'><list xmlns='http://[HOST].com/services/fsa/1.0'><String_1 xmlns=''>[MY_STRING]</String_1></list></s:Body></s:Envelope>
这篇关于如何将 pem 私钥转换为可在 .NET 中使用的 Windows 格式的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持html5模板网!