证书私钥不能导出pfx格式,只能cer等格式
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了证书私钥不能导出pfx格式,只能cer等格式相关的知识,希望对你有一定的参考价值。
可能开始选择了不能导出
现在麻烦了,重装了一个系统
原系统不能导出pfx,私钥一栏是灰色的,不能点击
导出的cer格式又不能用
谁能解决这个问题给100分
你们都没有回答到点子上
我选择internet选项 内容 证书 导出,“是,导出密钥”这一栏就是灰色的了,点第二栏只能不导出密钥了
建行的电子证书第一次下载的是正经的PFX格式,这个一定一定要保存好。如果安装证书,尽量选以后能重新导入证书,不然只能导出CER,而CER换个机器就不能导入原证书了。
如果你的情况和我说的一样,请看解决办法:
只能去建行注销证书,然后在开通,重新下载新的证书,我因为你这情况,不下重新开了5次网银...(教训)
如果你用支付宝,申请注销,在开通,一样道理,没其他办法 参考技术A 是不是你操作不对啊。。
选择导出以后,很早的时候就有一步要问你是不是要导出私钥的
假如选择是,那么肯定是.pfx的
假如选择不是,那么还会让你选择公钥证书的格式,比如.cer,.p7b……
反正选择格式那里肯定有一半是灰的
你问也没问到点子上额……连什么证书都不知道
选择internet选项 内容 证书,你双击那个证书,看“常规”那里,如果有私钥,会告诉你有一个私钥的,如果没有私钥说明这个证书是把你的数据加密送给别人(比如网站)用他的私钥解密来看的,这种根本没私钥的肯定不能导出成pfx的 参考技术B pfx 和 cer 作用不同
如果你要做系统迁移,那已不能自动了,必须手工建立帐户,再迁移文件。密码化本来就是保护系统,你没钥, 那等於在破解系统,但不太清楚你的目的。 参考技术C windows
iis下的数字证书格式一般为。pfx
java
tomcat
下的数字证书格式一般为.jks或.store
apache和nginx一般是.pem
证书请求文件一般是.csr
证书公钥文件一般是.cer或.crt
证书私钥文件一般是.key
易维信【evtrust】 参考技术D 密钥分为公钥和私钥的啊!需要导出的是公钥啊!是CER格式的没错!
JAVA代码-数字证书公私钥生成-公钥cer ,私钥jks, pfx格式
import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.FileWriter; import java.io.IOException; import java.math.BigInteger; import java.security.InvalidKeyException; import java.security.Key; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.SecureRandom; import java.security.Security; import java.security.SignatureException; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.util.Date; import java.util.Enumeration; import org.bouncycastle.asn1.x509.X509Name; import org.bouncycastle.jce.X509V3CertificateGenerator; import org.bouncycastle.jce.provider.BouncyCastleProvider; import sun.misc.BASE64Encoder; public class DataCertCreate { private String path = "D:/"; /** * 公钥方法 */ static { Security.addProvider(new BouncyCastleProvider()); } /** * 产生数字公钥证书 String[] * info长度为9,分别是{cn,ou,o,c,l,st,starttime,endtime,serialnumber} * * @throws SignatureException * @throws SecurityException * @throws NoSuchProviderException * @throws InvalidKeyException */ public X509Certificate generateCert(String[] info, KeyPair keyPair_root, KeyPair keyPair_user) throws InvalidKeyException, NoSuchProviderException, SecurityException, SignatureException { X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); X509Certificate cert = null; certGen.setSerialNumber(new BigInteger(info[8])); certGen.setIssuerDN(new X509Name("CN=huahua, OU=hnu, O=university , C=china")); certGen.setNotBefore(new Date(Long.parseLong(info[6]))); certGen.setNotAfter(new Date(Long.parseLong(info[7]))); certGen.setSubjectDN(new X509Name("C=" + info[0] + ",OU=" + info[1] + ",O=" + info[2] + ",C=" + info[3] + ",L=" + info[4] + ",ST=" + info[3])); certGen.setPublicKey(keyPair_user.getPublic()); certGen.setSignatureAlgorithm("SHA1WithRSA"); cert = certGen.generateX509Certificate(keyPair_root.getPrivate(), "BC"); return cert; } /** * 私钥方法 */ private String KEYSTORE_PASSWORD = "2078888"; /** * 创建空的jks文件 String[] * info长度为9,分别是{cn,ou,o,c,l,st,starttime,endtime,serialnumber} */ public void generateJKS(String[] info) { try { KeyStore keyStore = KeyStore.getInstance("jks"); keyStore.load(null, null); keyStore.store(new FileOutputStream("D:/" + info[0] + ".jks"), KEYSTORE_PASSWORD.toCharArray()); } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | IOException e) { e.printStackTrace(); } } /** * 使用空的jks创建自己的jks String[] * info长度为9,分别是{cn,ou,o,c,l,st,starttime,endtime,serialnumber} */ public void storeJKS(String[] info, KeyPair keyPair_root, KeyPair keyPair_user) { KeyStore keyStore; try { // use exited jks file keyStore = KeyStore.getInstance("JKS"); keyStore.load(new FileInputStream("D:/" + info[0] + ".jks"), KEYSTORE_PASSWORD.toCharArray()); // generate user‘s keystore by info[8] -----keypair X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setSerialNumber(new BigInteger(info[8])); certGen.setIssuerDN(new X509Name("CN=huahua, OU=hnu, O=university , C=china")); certGen.setNotBefore(new Date(Long.parseLong(info[6]))); certGen.setNotAfter(new Date(Long.parseLong(info[7]))); certGen.setSubjectDN(new X509Name("C=" + info[0] + ",OU=" + info[1] + ",O=" + info[2] + ",C=" + info[3] + ",L=" + info[4] + ",ST=" + info[3])); certGen.setPublicKey(keyPair_user.getPublic()); certGen.setSignatureAlgorithm("SHA1WithRSA"); X509Certificate cert = null; Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); cert = certGen.generateX509Certificate(keyPair_root.getPrivate(), "BC"); X509Certificate[] chain = new X509Certificate[1]; chain[0] = cert; keyStore.setKeyEntry("mykey", keyPair_user.getPrivate(), KEYSTORE_PASSWORD.toCharArray(), chain); keyStore.setCertificateEntry("single_cert", cert); keyStore.store(new FileOutputStream("D:/" + info[0] + ".jks"), KEYSTORE_PASSWORD.toCharArray()); } catch (Exception e) { e.printStackTrace(); } } /** * 公私钥公共方法 */ /** * 根据seed产生密钥对 * * @param seed * @return * @throws NoSuchAlgorithmException */ public KeyPair generateKeyPair(int seed) throws NoSuchAlgorithmException { KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); kpg.initialize(1024, new SecureRandom(new byte[seed])); KeyPair keyPair = kpg.generateKeyPair(); return keyPair; } public static final String PKCS12 = "PKCS12"; /** * 转换成pfx格式 * * @param info */ public Boolean toPFX(String[] info) { try { String pfx_keystore_file = "D:/" + info[0] + ".pfx"; String jkx_keystore_file = "D:/" + info[0] + ".jks"; KeyStore inputKeyStore = KeyStore.getInstance("JKS"); FileInputStream fis = new FileInputStream(jkx_keystore_file); char[] nPassword = null; if ((KEYSTORE_PASSWORD == null) || KEYSTORE_PASSWORD.trim().equals("")) { nPassword = null; } else { nPassword = KEYSTORE_PASSWORD.toCharArray(); } inputKeyStore.load(fis, nPassword); fis.close(); KeyStore outputKeyStore = KeyStore.getInstance("PKCS12"); outputKeyStore.load(null, KEYSTORE_PASSWORD.toCharArray()); Enumeration enums = inputKeyStore.aliases(); while (enums.hasMoreElements()) { String keyAlias = (String) enums.nextElement(); System.out.println("alias=[" + keyAlias + "]"); if (inputKeyStore.isKeyEntry(keyAlias)) { Key key = inputKeyStore.getKey(keyAlias, nPassword); java.security.cert.Certificate[] certChain = inputKeyStore.getCertificateChain(keyAlias); outputKeyStore.setKeyEntry(keyAlias, key, KEYSTORE_PASSWORD.toCharArray(), certChain); } } FileOutputStream out = new FileOutputStream(pfx_keystore_file); outputKeyStore.store(out, nPassword); out.close(); return true; } catch (Exception e) { e.printStackTrace(); System.out.println("toPFX :" + e.getMessage()); return false; } } public boolean createPublicKey(String[] info) { try { KeyPair keyPair_root = generateKeyPair(10); KeyPair keyPair_user = generateKeyPair(100); X509Certificate cert = generateCert(info, keyPair_root, keyPair_user); String certPath = path + info[0] + ".cer"; FileOutputStream fos = new FileOutputStream(certPath); BASE64Encoder encoder = new BASE64Encoder(); String string = encoder.encode(cert.getEncoded()); System.out.println(string); fos.write(cert.getEncoded()); fos.close(); return true; } catch (Exception e) { e.printStackTrace(); System.out.println("public key :" + e.getMessage()); return false; } } public boolean createPublicKeyBYDecode(String[] info) { try { KeyPair keyPair_root = generateKeyPair(10); KeyPair keyPair_user = generateKeyPair(100); X509Certificate cert = generateCert(info, keyPair_root, keyPair_user); String certPath = path + info[0] + "_base.cer"; FileWriter wr = new java.io.FileWriter(new File(certPath)); String encode = new BASE64Encoder().encode(cert.getEncoded()); String strCertificate = "-----BEGIN CERTIFICATE-----\r\n" + encode + "\r\n-----END CERTIFICATE-----\r\n"; wr.write(strCertificate); // 给证书编码 wr.flush(); wr.close(); return true; } catch (Exception e) { e.printStackTrace(); System.out.println("public key :" + e.getMessage()); return false; } } public X509Certificate fromString(String cert) { try { CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); String strCertificate = "-----BEGIN CERTIFICATE-----\n" + cert + "\n-----END CERTIFICATE-----\n"; java.io.ByteArrayInputStream streamCertificate = new java.io.ByteArrayInputStream( strCertificate.getBytes("UTF-8")); return (X509Certificate) certificateFactory.generateCertificate(streamCertificate); } catch (Exception ex) { System.out.println(ex.getMessage()); } return null; } public boolean createPrivateKey(String[] info) { try { KeyPair keyPair_root = generateKeyPair(10); KeyPair keyPair_user = generateKeyPair(100); generateJKS(info); storeJKS(info, keyPair_root, keyPair_user); return true; } catch (NoSuchAlgorithmException e) { e.printStackTrace(); System.out.println("private key :" + e.getMessage()); return false; } } public static void main(String[] args) throws NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SecurityException, SignatureException, CertificateEncodingException, IOException { DataCertCreate dataCertCreate = new DataCertCreate(); String[] info = { "huahua_user", "hnu", "university", "china", "hunan", "changsha", "111111", "11111111", "1" }; // 生成公钥 boolean createPublicKey = dataCertCreate.createPublicKey(info); System.out.println("PUBLIC KEY CREATE OK, result==" + createPublicKey); boolean createPublicKeyBYDecode = dataCertCreate.createPublicKeyBYDecode(info); System.out.println("PUBLIC KEY BY BASE64Encoder CREATE OK, result==" + createPublicKeyBYDecode); boolean createPrivateKey = dataCertCreate.createPrivateKey(info); System.out.println("PRIVATE KEY CREATE OK, result==" + createPrivateKey); Boolean pfx = dataCertCreate.toPFX(info); System.out.println("transToPFX OK, result==" + pfx); } }
以上是关于证书私钥不能导出pfx格式,只能cer等格式的主要内容,如果未能解决你的问题,请参考以下文章