1. 首页
  2. 问答
  3. keytool错误:java.io.IOException:密钥库密码不正确

keytool错误:java.io.IOException:密钥库密码不正确

2017-06-29 745 views
0

为Tomcat创建证书,尝试将它安装到新的密钥库中,并且出现错误(编辑:使用-v选项运行它,现在获取更多信息):keytool错误:java.io.IOException:密钥库密码不正确

keytool error: java.io.IOException: keystore password was incorrect 
java.io.IOException: keystore password was incorrect 
    at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2015) 
    at java.security.KeyStore.load(KeyStore.java:1445) 
    at sun.security.tools.keytool.Main.loadSourceKeyStore(Main.java:1894) 
    at sun.security.tools.keytool.Main.doImportKeyStore(Main.java:1926) 
    at sun.security.tools.keytool.Main.doCommands(Main.java:1021) 
    at sun.security.tools.keytool.Main.run(Main.java:340) 
    at sun.security.tools.keytool.Main.main(Main.java:333) 
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: java.io.IOException: getSecretKey failed: Password is not ASCII

不幸的是,这是正确的,密码有两个“®”。因此,鉴于我做了什么(私有密钥具有非ASCII密码),它是如何痛苦的多少将恢复从该?:

1: Create a passphrase file: vi .kp 
2: Make CSR: 
A: Generate a 2048 bit private key: 
openssl genpkey -algorithm RSA -outform PEM -out mike.privateKey.pass.pem -pkeyopt rsa_keygen_bits:2048 -pass file:.kp 
B: Make the CSR: 
openssl req -new -sha256 -key mike.privateKey.pass.pem -out mike.ike.com.cert.csr 
Note: CSR has different "challenge password" than in the passphrase file, if that matters 
3: Submit CSR to Comodo 
4: Get certificate file mike_ike_com.cer & Comodo trust chain files: COMODORSAOrganizationValidationSecureServerCA.crt, COMODORSAAddTrustCA.crt, AddTrustExternalCARoot.crt 
5: Convert the Certificates: 
A: Convert to PEM: 
openssl x509 -inform DER -in COMODORSAOrganizationValidationSecureServerCA.crt -out COMODORSAOrganizationValidationSecureServerCA.pem -outform PEM 
openssl x509 -inform DER -in COMODORSAAddTrustCA.crt -out COMODORSAAddTrustCA.pem -outform PEM 
openssl x509 -inform DER -in AddTrustExternalCARoot.crt -out AddTrustExternalCARoot.pem -outform PEM 
B: Concat into a single file: 
cat COMODORSAOrganizationValidationSecureServerCA.pem COMODORSAAddTrustCA.pem AddTrustExternalCARoot.pem > Comodo.root.crt 
C: Use openssl to create a pkcs12 file: 
openssl pkcs12 -export -in mike_ike_com.cer -inkey mike.privateKey.pass.pem -passin file:.kp -out mike_ike.p12 -name tomcat -caname root -chain -CAfile Comodo.root.crt 
Note: when it asks "Enter Export Password" I give it the pw from .kp 
6: Use keytool to create the keystore file: 
$JAVA_HOME/bin/keytool -importkeystore -deststorepass:file .kp -destkeypass:file .kp -destkeystore .keystore -srckeystore mike_ike.p12 -srcstoretype PKCS12 -srcstorepass:file .kp -alias tomcat

文件“的.keystore”不存在。我假设keytool将创建它

来源

2017-06-29 Greg Dougherty

+0

如果您在使用'-passin文件:.kp'作为密码,你可能想尝试提供这个密码以及:-):现在你正在执行'-srcstorepass:file .kp' – vegaasen

+0

我不明白你的意见:-( –

回答

0

我已经整理出来了。我使用的密码是'密码'来更新JDK中的cacerts keystore,而cacerts keystore的默认密码是'changeit'

来源

2017-06-29 16:19:01 Sharma

+0

我使用openssl创建了cacerts keystore,它让我在设置密码时它要求输入输出密码: 该部分工作 –

0

好的,所以我有一个答案。

1:我在密码中有一个非ASCII字符。 openssl可以处理,keypass不能。

2:已经创建了非ASCII密码私钥,我坚持了下来,所以我改名该文件.kpkey,并创建一个新文件.KP用纯ASCII密码

3 :这需要改变,以5:C:

openssl pkcs12 -export -in mike_ike_com.cer -inkey mike.privateKey.pass.pem -passin file:.kpkey -out mike_ike.p12 -name tomcat -caname root -chain -CAfile Comodo.root.crt

注:当它要求“输入导出口令”我给它的PW从.KP,而不是从.kpkey。唯一的变化是-passin文件:.kpkey

其他一切保持不变,并努力

来源

2017-06-29 16:56:25

相关问题

 相关问题