keytool和java keystore.aliases()之间的.pfx文件或.p12文件的别名不匹配

时间:2017-07-04 10:41:35

标签: java ssl ssl-certificate bouncycastle ca

我正在尝试使用

从pfx / p12文件中获取别名

keytool -v -list -storetype pkcs12 -keystore servercert.p12 -storepass 1234

给了我

Keystore type: PKCS12
Keystore provider: SunJSSE

Your keystore contains 1 entry

Alias name: 1
Creation date: Jul 4, 2017
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=CSIT CA, O="CSIT CA,Ltd.", L=Dhaka, ST=Dhaka, C=BD
Issuer: EMAILADDRESS=csit@csit.com, CN=CSIT CA, OU=Software Department, O=CSIT CA, L=Dhaka, ST=Dhaka, C=BD
Serial number: 1
Valid from: Tue Jul 04 15:41:40 BDT 2017 until: Mon Mar 30 15:41:40 BDT 2020
Certificate fingerprints:
     MD5:  5C:CC:77:17:6C:91:FC:81:58:5A:D4:B0:FE:D8:B9:A8
     SHA1: 9A:34:32:64:29:BF:0B:7E:4F:63:1B:27:99:54:41:0F:9D:55:CF:C8
     SHA256: 27:01:BE:9D:F6:0E:38:35:AE:9C:07:B9:64:AB:76:50:06:D3:5D:8E:25:C4:59:87:D0:E9:A1:5A:96:41:D7:70
     Signature algorithm name: SHA256withRSA
     Version: 3

Extensions:
#1: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
0000: 16 1D 4F 70 65 6E 53 53   4C 20 47 65 6E 65 72 61  ..OpenSSL Genera
0010: 74 65 64 20 43 65 72 74   69 66 69 63 61 74 65     ted Certificate

#2: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 32 0F 04 D5 F6 1B 84 E5   87 EB 64 70 C7 D8 F2 5F  2.........dp..._
0010: FA 92 4D 57                                        ..MW
]
]

#3: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:false
  PathLen: undefined
]

#4: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
  DigitalSignature
  Key_Encipherment
]

#5: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  DNSName: example.com
  DNSName: www.example.com
  DNSName: mail.example.com
  DNSName: ftp.example.com
]

#6: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 1C 59 74 4B 59 3B 1D 76   99 C2 10 4D 09 12 94 BB  .YtKY;.v...M....
0010: 20 95 2C 21                                         .,!
]
]



*******************************************
*******************************************

别名是" 1" 此处。

但是,我也尝试使用java 

KeyStore keystore = KeyStore.getInstance("PKCS12", "BC");
InputStream input = PdfSigner.class.getResourceAsStream(KEYSTORE_LOCATION);
keystore.load(input, PASSWORD.toCharArray());
System.out.println(keystore.size());
Enumeration<String> s=keystore.aliases();
while(s.hasMoreElements()){
    System.out.println("alias:"+s.nextElement());
}

给了我

1
alias:326bbd5c3d1ad4c6013ee70938d2c76b3c7a29d0

其中显示别名不匹配。

注意:我使用this

生成证书

Q1:为什么不匹配?

Q2:如果不匹配,我的客户如何向我提供pfx / p12文件,别名和通过,这将用于动态签署PDF格式?

1 个答案:

答案 0 :(得分:1)

Alias是一个友好的名称,但它是可选的。如果未设置,可能每个工具都使用不同的方式来计算它。导出.p12文件时,请检查您设置为别名的“名称”。

例如使用

var ss= "<pre>aaaa\nbbb\nccc</pre>ddd";
var arr= ss.match( /<pre[^\0]*?<\/pre>/gm );
alert(arr);     //Working
相关问题
最新问题