Tomcat Replacement SSL Certificate method-key and CRT file conversion to Jks__ssl

Source: Internet
Author: User
Tags base64 pkcs12 csr certificate ssl certificate pfx file
The PKCS full name is Public-key cryptography standards, a set of standards developed by RSA Labs and other security system developers to promote the development of public key cryptography, and a PKCS currently publishes 15 standards. Commonly used are:
1. Pkcs#7 Cryptographic Message Syntax Standard
2. PKCS#10 Certification Request Standard
3. Pkcs#12 Personal information Exchange Syntax Standard
X.509 is a common generic certificate format. All certificates conform to the ITU-T X509 International standards established for public Key infrastructure (PKI).
1. Pkcs#7 commonly used suffixes are:. p7b. p7c. Spc
2. pkcs#12 commonly used suffixes are:. P12. PFX
3. PKCS#10:. P10 is a certificate request




. der = The extension der is used for binary DER-encoded certificates. These certificates can also be extended with a CER or CRT. The more appropriate term is "I have a DER-encoded certificate" instead of "I have a der Certificate".
. PEM = extension Pem A variety of X.509 v3 certificates for ASCII (BASE64) encoding. The file starts with a line of "-–begin ...".
. CRT = Extension CRT is used for certificates. The certificate can be either der or PEM-encoded. The extension CER is almost synonymous with the CRT. This situation is common in a variety of unix/linux systems.
CER = Microsoft style for CRT certificates. The CRT file can be converted to a CER file using Microsoft Tools (CRT and CER must be the same encoded, der, or Pem). Files with an extension of CER can be identified by IE and invoked as a command to Microsoft's CryptoAPI (specifically Rudll32.exe Cryptext.dll, cyrptextopencer), which then pops up a dialog box to import and/or view the contents of the certificate.
. Key = Extension key is used for PCSK#8 public and private keys. These public and private keys can be either der or PEM-encoded.
CRT files and CER files can be safely substituted for each other only when the same encoding is used.


The suffix of the X.509 PAM encoding (BASE64) is:. Pem. Cer. Crt
PFX/P12 is used to store personal certificates/private keys, he usually contains protection password, 2
. CSR Certificate Request File


JKs (Java key Store): a container for storing keys in Java. can hold n public or private keys at the same time, suffixes are generally. jks or. KeyStore or. Truststore, etc.Strange. No matter what the suffix is, it's a container, and companies or organizations call it different.  For example, a container containing only "trusted public key" is stored as a. truststore file. Use the Jdk\bin directory of Keytool.exe to view, import, export, delete, modify passwords and other operations. You can add a password to the JKS container and enter it correctly to manipulate the key in this container.


PFX: The same features as JKS but different file formats, PFX is commonly used in Windows and browsers. You can use some tools to convert a PFX to a JKS format for use by Java programs (such as a bank offering only a PFX, but we want to use httpclient to simulate the automatic access of the browser). It is said that IE exported PFX format is not standard, conversion jks often error, you can try to import and export Netscape Navigator, and then converted. I've had a situation like this.




PKCS#12 is the public key encryption standard, which stipulates that all private keys, public keys, and certificates can be included. It is stored in binary format, also known as a PFX file, that can be imported directly into the key area in Windows, noting that pkcs#12 's KeyStore protection password is also used to protect key.


Key and CRT-> jks:http://baike.soso.com/h481267.htm?sp=l521305
1. OpenSSL pkcs12-export-export-chain-cafile gd_bundle.crt-in server.crt-inkey server.key-out server.p12-name "se RVer "
2. Keytool-rfc-list-keystore Server.p12-storetype PKCS12
3. Keytool-importkeystore-v-srckeystore server.p12-srcstoretype pkcs12-srcstorepass changeit-destkeystore server.ke Ystore-deststoretype Jks-deststorepass Changeit

4. Keytool-list-keystore Server.keystore



The method of adding GoDaddy's SSL domain name certificate in JBoss: http://heylinux.com/archives/1334.html

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.