1. 首頁
  2. 問答
  3. keytool錯誤:java.io.IOException:密鑰庫密碼不正確

keytool錯誤:java.io.IOException:密鑰庫密碼不正確

2017-06-29 764 views
0

爲Tomcat創建證書,嘗試將它安裝到新的密鑰庫中,並且出現錯誤(編輯:使用-v選項運行它,現在獲取更多信息):keytool錯誤:java.io.IOException:密鑰庫密碼不正確

keytool error: java.io.IOException: keystore password was incorrect 
java.io.IOException: keystore password was incorrect 
    at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2015) 
    at java.security.KeyStore.load(KeyStore.java:1445) 
    at sun.security.tools.keytool.Main.loadSourceKeyStore(Main.java:1894) 
    at sun.security.tools.keytool.Main.doImportKeyStore(Main.java:1926) 
    at sun.security.tools.keytool.Main.doCommands(Main.java:1021) 
    at sun.security.tools.keytool.Main.run(Main.java:340) 
    at sun.security.tools.keytool.Main.main(Main.java:333) 
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: java.io.IOException: getSecretKey failed: Password is not ASCII

不幸的是,這是正確的,密碼有兩個「®」。因此,鑑於我做了什麼(私有密鑰具有非ASCII密碼),它是如何痛苦的多少將恢復從該?:

1: Create a passphrase file: vi .kp 
2: Make CSR: 
A: Generate a 2048 bit private key: 
openssl genpkey -algorithm RSA -outform PEM -out mike.privateKey.pass.pem -pkeyopt rsa_keygen_bits:2048 -pass file:.kp 
B: Make the CSR: 
openssl req -new -sha256 -key mike.privateKey.pass.pem -out mike.ike.com.cert.csr 
Note: CSR has different "challenge password" than in the passphrase file, if that matters 
3: Submit CSR to Comodo 
4: Get certificate file mike_ike_com.cer & Comodo trust chain files: COMODORSAOrganizationValidationSecureServerCA.crt, COMODORSAAddTrustCA.crt, AddTrustExternalCARoot.crt 
5: Convert the Certificates: 
A: Convert to PEM: 
openssl x509 -inform DER -in COMODORSAOrganizationValidationSecureServerCA.crt -out COMODORSAOrganizationValidationSecureServerCA.pem -outform PEM 
openssl x509 -inform DER -in COMODORSAAddTrustCA.crt -out COMODORSAAddTrustCA.pem -outform PEM 
openssl x509 -inform DER -in AddTrustExternalCARoot.crt -out AddTrustExternalCARoot.pem -outform PEM 
B: Concat into a single file: 
cat COMODORSAOrganizationValidationSecureServerCA.pem COMODORSAAddTrustCA.pem AddTrustExternalCARoot.pem > Comodo.root.crt 
C: Use openssl to create a pkcs12 file: 
openssl pkcs12 -export -in mike_ike_com.cer -inkey mike.privateKey.pass.pem -passin file:.kp -out mike_ike.p12 -name tomcat -caname root -chain -CAfile Comodo.root.crt 
Note: when it asks "Enter Export Password" I give it the pw from .kp 
6: Use keytool to create the keystore file: 
$JAVA_HOME/bin/keytool -importkeystore -deststorepass:file .kp -destkeypass:file .kp -destkeystore .keystore -srckeystore mike_ike.p12 -srcstoretype PKCS12 -srcstorepass:file .kp -alias tomcat

文件「的.keystore」不存在。我假設keytool將創建它

來源

2017-06-29 Greg Dougherty

+0

如果您在使用'-passin文件:.kp'作爲密碼,你可能想嘗試提供這個密碼以及:-):現在你正在執行'-srcstorepass:file .kp' – vegaasen

+0

我不明白你的意見:-( –

回答

0

我已經整理出來了。我使用的密碼是'密碼'來更新JDK中的cacerts keystore,而cacerts keystore的默認密碼是'changeit'

來源

2017-06-29 16:19:01 Sharma

+0

我使用openssl創建了cacerts keystore,它讓我在設置密碼時它要求輸入輸出密碼: 該部分工作 –

0

好的,所以我有一個答案。

1:我在密碼中有一個非ASCII字符。 openssl可以處理,keypass不能。

2:已經創建了非ASCII密碼私鑰,我堅持了下來,所以我改名該文件.kpkey,並創建一個新文件.KP用純ASCII密碼

3 :這需要改變,以5:C:

openssl pkcs12 -export -in mike_ike_com.cer -inkey mike.privateKey.pass.pem -passin file:.kpkey -out mike_ike.p12 -name tomcat -caname root -chain -CAfile Comodo.root.crt

注:當它要求「輸入導出口令」我給它的PW從.KP,而不是從.kpkey。唯一的變化是-passin文件:.kpkey

其他一切保持不變,並努力

來源

2017-06-29 16:56:25

相關問題

 相關問題