[Reproduced please indicate the source] :Blog.csdn.net/huahao1989/…

Mainstream Web services software certificates

In general, the mainstream Web services software is based on two basic cryptographic libraries, OpenSSL and Java.

  • Tomcat,Weblogic,JBossSuch as Web services software, generalUse the password library provided by Java. Use the Keytool in the Java Development Kit (JDK) toolkitJava Keystore (JKS) certificate file.
  • Apache,NginxSuch as Web services software, generalUse the password library provided by the OpenSSL toolTo generate thePEM,KEY,CRTCertificate file in the format of.
  • IBM Web services products, such asWebsphere,IBM Http Server (IHS)And so on. IBM products are generally usedIKeyman toolTo generate theKDBFormat certificate file.
  • Microsoft Windows ServerInternet Information Services (IIS)Service, using Windows own certificate library generationPFXFormat certificate file.

Check whether the certificate file is in text format or binary format

You can easily distinguish certificate files with suffix extensions by using the following methods:

  • .DERor.CERFile: Such a certificate file is in binary format,Contains only certificate informationContains no private key.
  • .CRTFile: Such a certificate fileIt can be binary or text format, are generally text format, function and.DERand.CERThe certificate files are the same.
  • .PEMFile: Such a certificate fileUsually in text format, can hold a certificate or private key, or both..PEMIf the file contains only the private key, it is generally used.KEYFile instead.
  • .PFXor.P12File: Such a certificate file is in binary format, contains both the certificate and the private key, and is generally password protected.

Certificate Format Conversion

The figure above visually illustrates the conversion process among various certificates. As long as each step is successfully converted, other transformations are the combination of each step.

JKS and PFX transform into each other

You can use the keytool in the JDK to convert PFX certificates to JKS certificates.

Convert JKS format to PFX format

keytool -importkeystore -srckeystore server.jks -destkeystore server.pfx -srcstoretype JKS -deststoretype PKCS12
Copy the code

Convert PFX format to JKS format

keytool -importkeystore -srckeystore server.pfx -srcstoretype PKCS12 -srcstorepass {pfx-password} -destkeystore server.jks -deststoretype JKS -deststorepass {jks-password}  -alias {key-alias}
Copy the code

PFX and KEY&CRT interconvert

The OpenSSL tool can be used to convert certificates to PFX formats.

Convert PFX to PEM/KEY/CRT

openssl pkcs12 -in server.pfx -nodes -out server.pem
openssl rsa -in server.pem -out server.key
openssl x509 -in server.pem -out server.crt
Copy the code

This step is used to generate a private key and CSR certificate file using the Keytool. In this way, you can separate the private key after obtaining the public key of the PEM certificate.

Convert PEM/KEY/CRT to PFX

openssl pkcs12 -export -out server.pfx -inkey server.key -in server.crt
Copy the code

Welcome to the “backend old bird” public account, the next will be a series of feature articles, including Java, Python, Linux, SpringBoot, SpringCloud, Dubbo, algorithms, technical team management, as well as a variety of brain maps and learning materials. NFC technology, search technology, crawler technology, recommendation technology, audio and video interactive live broadcast, as long as I have time to sort out and share, please look forward to, ready-made notes, brain maps and learning materials if you have requirements can also leave a message on the public account to obtain in advance. As I am in all the teams are basically in the role of breakthrough and pathfinding, made a lot of things, encountered many pits, solve a lot of problems, welcome everyone to add the public account into the group to exchange and learn together.

[Reproduced please indicate the source] :Blog.csdn.net/huahao1989/…