没有“覆盖”选项。

没有“覆盖”选项。

我有一台运行glassfish 3.1.2应用服务器的Linux Centos服务器。GlassFish安装的端口4848和8181的默认证书是1024位。我需要用2048位版本替换它们。寻求帮助来创建执行此操作的keytool命令行代码。

我在这里找到了证书:

# keytool -list -keystore keystore.jks
   Keystore type: JKS
   Keystore provider: SUN
   Your keystore contains 2 entries
   glassfish-instance, Feb 7, 2012, PrivateKeyEntry, 
   Certificate fingerprint (SHA1): 40:...:46
   s1as, Feb 7, 2012, PrivateKeyEntry, 
   Certificate fingerprint (SHA1): 3C:...:FC

答案1

给你,我总是把这个页面加到书签里作为参考,最常见的 Java Keytool 密钥库命令

因此,您需要先删除该证书,然后才能重新添加。从上面的页面:

从 Java Keytool 密钥库中删除证书

  • keytool -delete -alias mydomain -keystore keystore.jks

答案2

我与上面的回复有不同意见。我发现,如果您从现有密钥库创建 CSR,则可以替换证书。您所要做的就是使用与旧证书相同的别名导入新证书。

keytool -importcert -alias old_cert_alias -file new_cert_file.cer -keystore your_key_store.jks

答案3

没有“覆盖”选项。

添加内容时似乎没有“覆盖”或“强制”命令。所以你必须先手动删除。

(您可以查看源代码并搜索“already.exists”。没有覆盖。它直接引发异常。=>https://github.com/openjdk/jdk17u/blob/master/src/java.base/share/classes/sun/security/tools/keytool/Main.java

没有记录“-genkey”命令或“-importcert”命令的“覆盖”选项。以下是“-genkey”命令的示例。

生成新的信任库:

$ keytool -keystore keystore.p12 -storepass 123456 -genkey -keyalg RSA -noprompt -dname "CN=test.example.com" -v
Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 90 days
        for: CN=test.example.com
[Storing keystore.p12]

覆盖不起作用:

$ keytool -keystore keystore.p12 -storepass 123456 -genkey -keyalg RSA -noprompt -dname "CN=test.example.com" -v
keytool error: java.lang.Exception: Key pair not generated, alias <mykey> already exists
java.lang.Exception: Key pair not generated, alias <mykey> already exists
        at java.base/sun.security.tools.keytool.Main.doGenKeyPair(Main.java:1930)
        at java.base/sun.security.tools.keytool.Main.doCommands(Main.java:1171)
        at java.base/sun.security.tools.keytool.Main.run(Main.java:415)
        at java.base/sun.security.tools.keytool.Main.main(Main.java:408)

$ keytool -keystore keystore.p12 -storepass 123456 -list
Keystore type: PKCS12
Keystore provider: SUN

Your keystore contains 1 entry

mykey, Mar 13, 2024, PrivateKeyEntry,
Certificate fingerprint (SHA-256): 99:56:B4:19:E8:02:38:39:C4:01:67:08:EB:37:25:B8:15:CB:23:AE:CE:A1:15:44:0D:B4:B4:17:82:0D:D8:89

因此您必须手动删除:

$ keytool -keystore keystore.p12 -storepass 123456 -delete -alias mykey -v
[Storing keystore.p12]

$ keytool -keystore keystore.p12 -storepass 123456 -delete -alias mykey -v
keytool error: java.lang.Exception: Alias <mykey> does not exist
java.lang.Exception: Alias <mykey> does not exist
        at java.base/sun.security.tools.keytool.Main.doDeleteEntry(Main.java:1654)
        at java.base/sun.security.tools.keytool.Main.doCommands(Main.java:1149)
        at java.base/sun.security.tools.keytool.Main.run(Main.java:415)
        at java.base/sun.security.tools.keytool.Main.main(Main.java:408)

$ keytool -keystore keystore.p12 -storepass 123456 -list
Keystore type: PKCS12
Keystore provider: SUN

Your keystore contains 0 entries

然后它就可以正常工作了:

$ keytool -keystore keystore.p12 -storepass 123456 -genkey -keyalg RSA -noprompt -dname "CN=test.example.com" -v
Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 90 days
        for: CN=test.example.com
[Storing keystore.p12]

$ keytool -keystore keystore.p12 -storepass 123456 -list
Keystore type: PKCS12
Keystore provider: SUN

Your keystore contains 1 entry

mykey, Mar 13, 2024, PrivateKeyEntry,
Certificate fingerprint (SHA-256): 91:DA:5C:EA:AA:65:83:A2:D4:7B:27:5E:44:09:4E:8B:5F:C2:FD:87:94:03:E7:83:18:CD:10:D9:C9:E0:F8:7E

相关内容