java.security.cert.CertificateParsingException:签名字段无效

时间:2014-02-15 06:14:52

标签: java security encryption x509certificate digital-certificate

我正在尝试阅读X509 certificate

FileInputStream fr = new FileInputStream("suresh.pfx");
CertificateFactory cf =   CertificateFactory.getInstance("X509");
X509Certificate c = (X509Certificate) cf.generateCertificate(fr); 

然后进入异常

java.security.cert.CertificateParsingException: signed fields invalid
    at sun.security.x509.X509CertImpl.parse(Unknown Source)
    at sun.security.x509.X509CertImpl.<init>(Unknown Source)
    at sun.security.provider.X509Factory.engineGenerateCertificate(Unknown Source)
    at java.security.cert.CertificateFactory.generateCertificate(Unknown Source)
    at com.nextenders.certificategeenrator.CertificateGenerator.testGenerateSignCertWithKeyStore(CertificateGenerator.java:102)
    at com.nextenders.certificategeenrator.CertificateGenerator.main(CertificateGenerator.java:65)

Oracle forum找到与之无关的内容,没有解决方案。

任何提示?

1 个答案:

答案 0 :(得分:5)

PFX本身不是证书,而是密钥库。

要获取证书,您必须将pfx加载到密钥库中,然后获取证书:

InputStream certIs=new FileInputStream("suresh.pfx");
Keystore ks=KeyStore.getInstance("PKCS12");
ks.load(certIs.getInputStream(),"password".toCharArray());
Certificate cert=ks.getCertificate("alias");

此致