给定一个包含多个根 CA 证书的 PEM 文件:
-----BEGIN CERTIFICATE-----
. . .
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
. . .
-----END CERTIFICATE-----
目前我正在将这个包转换为 JKS(java 本机格式)并用作默认信任库:
java -Djavax.net.ssl.trustStore=... -Djavax.net.ssl.trustStoreType=jks ...
想将其转换为 PKCS12,因为这是从 Java 9 开始的默认格式。
我尝试了什么:
# provide changeit as password when asked
$ openssl pkcs12 -export -in ./ca-bundle.pem -out ./ca-bundle.p12 -nokeys
ca-bundle.p12keytool-Djavax.net.ssl.trustStore$ keytool -list -rfc -keystore ./ca-bundle.p12 -storetype PKCS12 -storepass changeit
Keystore type: PKCS12
Keystore provider: SUN
Your keystore contains 0 entries