我正在尝试使用 SSL 加密来保护我的私有 docker 注册表。根据这,我需要将.crt和复制.key到一个/certs目录中,它就可以工作了。
我现在有的是.csr,.keystore和.cer和root ca,intermediate certificate。
我曾经Java Keytool生成.csr和keystore,CA 给了我.cer,root ca和intermediate certificate。
现在根据上面提到的链接,我特别需要.crt和.key。
我做了什么
我进口了
root certificate (root ca),intermediate certificat并received signed certificate (.cer)进口到keystorekeytool -import -trustcacerts -alias rootca -file Primary.pem -keystore hostname.keystorekeytool -import -trustcacerts -alias intermediate -file Secondary.pem -keystore hostname.keystorekeytool -import -trustcacerts -alias hostname -file cert.cer -keystore hostname.keystore其中
Primary.pem和Secondary.pem分别是根证书和中级证书,cert.cer是收到的签名证书,hostname.keystore是使用的密钥库。然后我尝试生成
.key并.crt首先hostname.keystore将其转换为PKCS12如下形式这里但在第一步之后,我得到了以下错误Problem importing entry for alias rootca: java.security.KeyStoreException: TrustedCertEntry not supported请参阅下面的命令和错误:
keytool -importkeystore -srckeystore hostname.keystore -destkeystore hostname.p12 -deststoretype PKCS12Enter destination keystore password: Enter source keystore password:Problem importing entry for alias rootca: java.security.KeyStoreException: TrustedCertEntry not supported. Entry for alias rootca not imported. Do you want to quit the import process? [no]: noProblem importing entry for alias intermediate: java.security.KeyStoreException: TrustedCertEntry not supported. Entry for alias intermediate not imported. Do you want to quit the import process? [no]: noExisting entry alias domain exists, overwrite? [no]: yes Entry for alias domain successfully imported.Problem importing entry for alias hostname: java.security.KeyStoreException: TrustedCertEntry not supported. Entry for alias hostname not imported. Do you want to quit the import process? [no]: noImport command completed: 1 entries successfully imported, 3 entries failed or cancelled如何解决该问题并保证注册表安全?这与 Java 版本有关吗?
平台:RHEL 4.1
Java 版本:1.7.0_75