https pkcs格式证书遇到的那些事

案例1:读取证书时格式转换不对

java.io.IOException:DerInputStream.getLength():lengthTag=66,toobig.

at sun.security.util.DerInputStream. getLength(DerInputStream.java:561)
|  at sun.security.util.DerValue.init (DerValue.java:365)
|  at sun.security.util.DerValue.(DerValue.java:320)
|  at sun.security.pkcs12 .PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1914)
|  at java.security.KeyStore.load (KeyStore.java:1445)

PKCS#12 is encoded in DER format, and DER format is binary .

You are using a FileReader that is (from  javadoc) Convenience class for writing  character  files.

which inherites from OutputStreamWriter

An OutputStreamWriter is a bridge from  character streams to byte streams:  Characters written to it are encoded into  bytes using a specified charset.

Therefore,You have an encoding problem ,converting binary to char
The file you receive is not really in binary format. It could be in Base64。

In both cases, use a FileOutputStream.write or Files.write to store the file, and if your  'certificate' variable is a String, first convert it to binary。

案例2:没有指明storetype为pkcs12

在用keytool生成服务器端SSL证书后,启动springboot时,报错java.io.IOException:DerInputStream.getLength():lengthTag=111,toobig.使用以下命令:

keytool -genkey -alias tomcat  -keypass  123456 -keyalg RSA -keysize 1024 -validity  3650 -keystore D:\keystore\keystore.p12  -storepass 123456

出错原因是:没有指明storetype为 pkcs12

补救方法:keytool -importkeystore  -srckeystore D:\keystore\keystore.p12  -destkeystore D:\keystore\new\keystore.p12 -deststoretype pkcs12

将刚才生成的证书指定为pkcs12密钥库。

你可能感兴趣的:(https pkcs格式证书遇到的那些事)