SSL证书转换(JKS、PFX)
package com.hengbao;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Enumeration;
public class ConventPFX {
public static final String PKCS12 = "PKCS12";
public static final String JKS = "JKS";
public static final String PFX_KEYSTORE_FILE = "G:\\0002.pfx";// pfx文件位置
public static final String KEYSTORE_PASSWORD = "111111";// 导出为pfx文件的设的密码
public static final String JKS_KEYSTORE_FILE = "G:\\key.jks"; // jks文件位置
public static void main(String[] args) {
coverTokeyStore();
}
public static void coverTokeyStore() {
try {
KeyStore inputKeyStore = KeyStore.getInstance(PKCS12);
FileInputStream fis = new FileInputStream(PFX_KEYSTORE_FILE);
char[] mPwd = null;
if (KEYSTORE_PASSWORD == null
|| KEYSTORE_PASSWORD.trim().equals("")) {
mPwd = null;
} else {
mPwd = KEYSTORE_PASSWORD.toCharArray();
}
inputKeyStore.load(fis, mPwd);
fis.close();
KeyStore outKeyStore = KeyStore.getInstance(JKS);
outKeyStore.load(null, mPwd);
Enumeration<String> enums = inputKeyStore.aliases();
while (enums.hasMoreElements()) {
String keyAlias = (String) enums.nextElement();
System.out.println("alias=[" + keyAlias + "]");
if (inputKeyStore.isKeyEntry(keyAlias)) {
java.security.Key key = inputKeyStore
.getKey(keyAlias, mPwd);
Certificate[] certChain = inputKeyStore
.getCertificateChain(keyAlias);
outKeyStore.setKeyEntry(keyAlias, key, mPwd, certChain);
}
FileOutputStream fos = new FileOutputStream(JKS_KEYSTORE_FILE);
outKeyStore.store(fos, mPwd);
fos.close();
}
} catch (KeyStoreException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (FileNotFoundException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (CertificateException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (UnrecoverableKeyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
public static void coverToPfx() {
try {
KeyStore inputKeyStore = KeyStore.getInstance(JKS);
FileInputStream fis = new FileInputStream(JKS_KEYSTORE_FILE);
char[] mPwd = null;
if (KEYSTORE_PASSWORD == null
|| KEYSTORE_PASSWORD.trim().equals("")) {
mPwd = null;
} else {
mPwd = KEYSTORE_PASSWORD.toCharArray();
}
inputKeyStore.load(fis, mPwd);
fis.close();
KeyStore outKeyStore = KeyStore.getInstance(PKCS12);
outKeyStore.load(null, mPwd);
Enumeration<String> enums = inputKeyStore.aliases();
while (enums.hasMoreElements()) {
String keyAlias = (String) enums.nextElement();
System.out.println("alias=[" + keyAlias + "]");
if (inputKeyStore.isKeyEntry(keyAlias)) {
java.security.Key key = inputKeyStore
.getKey(keyAlias, mPwd);
Certificate[] certChain = inputKeyStore
.getCertificateChain(keyAlias);
outKeyStore.setKeyEntry(keyAlias, key, mPwd, certChain);
}
FileOutputStream fos = new FileOutputStream(PFX_KEYSTORE_FILE);
outKeyStore.store(fos, mPwd);
fos.close();
}
} catch (KeyStoreException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (FileNotFoundException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (CertificateException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (UnrecoverableKeyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
利用openssl完成X509证书和PFX证书之间的互转
1.将X509格式的数字证书转换成微软的PFX格式
# openssl pkcs12 -export -inkey server.key -in server.crt -out server.pfx
2.将微软的PFX数字证书转换成X509格式
# openssl pkcs12 -in server.pfx -nodes -out server.pem # 生成明文所有内容 # openssl rsa -in server.pem -out server.key # 取 key 文件 # openssl x509 -in server.pem -out server.crt # 取证书