我有一种被赋予的竟然是在PKCS8格式,这是我成功地变成一个PEM文件使用以下命令私钥:
I have a been given a private key that turned out to be in pkcs8 format, which I managed to turn into a pem file using the following command:
openssl pkcs8 -inform der -nocrypt -in private.key -out pkey.pem
我现在需要将其转换为PKCS12这样我就可以用它在.NET创建一个X509证书(我也想将其导入到Windows证书管理器)。
I now need to convert this to pkcs12 so I can use it in .NET to create an X509 certificate (also I'd like to import it to windows cert manager).
我试过这个命令:
openssl pkcs12 -export -name myalias -in mycert.crt -inkey pkey.pem -out keystore.p12
不过,我没有公钥,我使用pkey.pem文件作为-in ARG已经试过,但它告诉我无证书的私钥匹配
。如果我尝试没有 -in
阿根廷则没有任何反应(我的意思是什么,有一个空白行,直到我preSS CTRL-C
)。
however, I don't have the public key, I've tried using the pkey.pem file as the -in arg, but it tells me No certificate matches private key
. If I try without the -in
arg then nothing happens (and I mean nothing, there is a blank row until I press ctrl-c
).
我如何能够生成私钥的公钥,或者转换成PKCS12没有公钥?
How can I generate the public key from the private key, or convert to pkcs12 without the public key?
这个问题的第一部分,是从这里的答案
The first part of this question, was from the answer here
我找到了答案这给了我一些希望,这说来运行这个命令(-nocerts):
I found an answer that gave me some hope, which says to run this command (-nocerts):
openssl pkcs12 -export -nocerts -inkey your.private.key.pem -out your.private.key.p12
但是,当我尝试将文件导入到Windows键存储,它说指定的文件是空
当它被导入。
我还成功地生成一个证书签名请求从此处说明,它生成一个证书文件,但该命令仍然没有接受,说无证书相匹配的私钥
I've also managed to generate a certificate signing request from instructions here, which generated a certificate file, but the command still didn't accept that saying No certificate matches private key
表明生成公钥,这是我做的,但另一个答案时,我使用它作为 -in
阿根廷还在说无证书相匹配的私钥
,我不明白,因为这公钥是从私钥生成使用这个命令: OpenSSL的RSA -in privkey.pem -pubout> key.pub
Another answer suggests generating the public key, which I do, but when I use that as the -in
arg it still says No certificate matches private key
, which I don't understand as this public key was generated from the private key using this command: openssl rsa -in privkey.pem -pubout > key.pub
编辑: 我已经张贴了以下的答案,但提到我已经没有办法核实该信息,或者告诉它是否正常工作的。如果任何人有任何进一步的信息,请让我知道。
I've posted an answer below, but as mentioned I've no way of verifying this information or telling if it works. If anyone has any further information, please let me know.
这似乎是:
下面的命令,把它变成一个可用的格式在Windows中:
The following commands turn this into a format usable in windows:
转换PKCS8 / DER私钥到PEM文件格式
Convert the private key from pkcs8/DER to a PEM file format
openssl pkcs8 -nocrypt -in dealerPrivate.key -inform der -outform pem -out private.pem
转换X509 / DER证书到PEM文件格式
Convert the certificate from x509/DER to a PEM file format
openssl x509 -inform der -in dealerCertificate.x509 -out public.pem
将两个文件合并成一个PKCS12文件 - 你会被提示输入密码来保护P12与
Merge the two files into a pkcs12 file – you will be prompted for password to protect the p12 with
openssl pkcs12 -export -inkey private.pem -in public.pem -out mycert.p12
这给了我一个PKCS12证书(我认为),我已经添加到Windows密钥库,然后可以从.NET访问并将其连接到我的WCF的请求。
This gives me a pkcs12 certificate (I think) that I've added to the windows key store and can then access from .NET and attach it to my WCF request.
不幸的是,我不能验证这可以作为使用相同的数据作为我的请求,这完全是混淆了服务响应:
Unfortunately I can't verify that this works as the service response with the same data as my request, which is completely confusing:
要求:
POST http://[HOST].com/services/fsa/1.0 HTTP/1.1
Content-Type: text/xml; charset=utf-8
VsDebuggerCausalityData: uIDPo0ii5Jr5wONMi6i/jkMQdFkAAAAArRV2zOsUrEioQMkqYDWulG6ktjqzCoRLtP+/9VQSARUACQAA
SOAPAction: ""
Host: [HOST]
Content-Length: 299
Expect: 100-continue
Connection: Keep-Alive
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><list xmlns="http://[HOST].com/services/fsa/1.0"><String_1 xmlns="">[MY_STRING]</String_1></list></s:Body></s:Envelope>
响应:
HTTP/1.1 200 OK
Date: Thu, 31 Oct 2013 12:19:38 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/1.0.0a mod_jk/1.2.31
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
VsDebuggerCausalityData: uIDPo0ii5Jr5wONMi6i/jkMQdFkAAAAArRV2zOsUrEioQMkqYDWulG6ktjqzCoRLtP+/9VQSARUACQAA
SOAPAction: ""
host: [HOST]
Expect: 100-continue
connection: Keep-Alive, Keep-Alive
Content-Length: 299
Keep-Alive: timeout=2, max=100
Content-Type: text/xml;charset=utf-8
<s:Envelope xmlns:s='http://schemas.xmlsoap.org/soap/envelope/'><s:Body xmlns:xsd='http://www.w3.org/2001/XMLSchema' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'><list xmlns='http://[HOST].com/services/fsa/1.0'><String_1 xmlns=''>[MY_STRING]</String_1></list></s:Body></s:Envelope>
上一篇:在WPF如何与分辨率无关的工作?分辨率、工作、WPF
下一篇:如何通过的sequenceNumber使用MessageReceiver.Receive方法上ServiceBus方法、MessageReceiver、sequenceNumber、ServiceBu