.NET을 사용하여 개인 키와 인증서에 대한 PKCS#12(PFX라고도 함) 컨테이너를 만들고 싶습니다 openssl
.
내 키와 인증서는 (암호화되지 않은) 파일에 포함되어 있습니다.
$ cat d.pem
-----BEGIN CERTIFICATE-----
MIIC/zCCAeegAwIBAgIUTSuL1tniz4LhTFSX5wRZ1e848tYwDQYJKoZIhvcNAQEL
[...]
t+LT
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDA0zDKJeOmZdsG
[...]
1PSc82v662N0NUTw0bELNGg=
-----END PRIVATE KEY-----
이 데이터가 파일에 저장되어 있으면 openssl과 함께 사용할 수 있지만, openssl에 파이프하면 사용할 수 없습니다.
$ openssl pkcs12 -export -in d.pem -out test.p12
Enter Export Password:
Verifying - Enter Export Password:
$ cat d.pem |openssl pkcs12 -export -out test.p12
Could not read any certificates from -in file from <stdin>
맨페이지에 따르면 다음과 같이 작동합니다.
-in filename|uri
This specifies the input filename or URI. Standard input is used by default. With the -export option this is a file with
certificates and a key, or a URI that refers to a key accessed via an engine. The order of credentials in a file doesn't matter
but one private key and its corresponding certificate should be present. If additional certificates are present they will also
be included in the PKCS#12 output file.
stdin의 입력을 기반으로 PKCS#12 컨테이너를 만드는 방법은 무엇입니까?
(저는 openssl v3.0.9를 사용하고 있습니다)
답변1
이름이 같은 것 같아요github에서 이에 대해 논의했습니다.약 3년 전.
결합된 인증서와 키 파일이 구문 분석되는 순서에 대한 설명을 보고 개인 키가 파일의 첫 번째에 오도록 파일을 바꾸게 되었습니다.
그러면 다음 명령이 작동합니다.
$ cat combined.pem
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCy0sdzTQXcEfTB
41oXmyV0D71qH7peZ1y0HAJpzshlDIAlSHUvmWgQZTzlaEBeugCt1asOwFuG5mOl
X7hgyCWGBu8ZakxlfVD6QV3fmSjDEkHPb5Af2elkoHfu8Nh3kL2Rs4wWMVWu5NYR
lSvI6jJMfmSS7VuAP9xJVjLl3sgyRbXpuow8KrjCWTyMFhc9dfvD+lc5R/XX3AqO
AI8aatu4jcTLXF2BAVq8djFRHoF3gq1BZ9olYsE2jLFVD6yrd5z6oLpRLiclSWkR
yF0iM5GgQbiAcp7XZ9in1b6yodcVres73qwTWde3vp7kB6qWE/KcIwtCH52n7JiA
FoQA52J/AgMBAAECggEAUCWSSQYjczAFEAVS8rORhMQtM+xGfls7PGo1VrDcNhX1
NUCVbSEHeBm3wmYIO6yH82GJilICc6K81HjjTVVHJBvle/GdjfstmQxFA5tEnrGH
F268HNpw9a3KMyh1DJmtrSjYx3WTHpDntPezqRf2NTyM3SFO2ltE4wWkSEyiU40U
gVMCR80UBU7xBoArC8Kqu84BKeoSaA7OZWZN4Rs8S2CkY1I7ZOXWLPY0GsgBiEyf
dbo0penqBMECQLUall26zQJuUl8MqJiXEciXTejYEJr/svuQN0vHkryW0WqbdCU3
2zNpZkBBr1zBq9wp9TViJe2LHHA+CUmpiq5TVigW4QKBgQDn9SwyeXDazCoV5GxR
R+rYwUWXSjT9Aq/kP61f/JF36hNg/79SUbLdxK68O4VQOuegDOYsPUudyvRIFIQG
Ytdhw5DGiDPl/xKzZvjQ7Zl9R/C6WrcoxvlcUzXdjGtjKa7O5KCiNiaY66WH0lPz
fMiRqxAKHQENrRq7yaHzFjsgUQKBgQDFW7m7Ji8eN7LmbTlh3wH8TQ0rK4FXlhr3
qudIrPBlL92Qvc+6Ct+0eEkib39owHGIeVF4fz80PECp3wiVXx4o8ORUERhQXp5A
plwuFSM+eMN6DAK1ZGNOCcHQER4V4AzqgIIBYMxeRa8VVo5IpyUNtvz656Vek2VN
tL1So+zxzwKBgBBt+z1wAKBeybRXQ5zWPToxJl668Nni8NZ39C3SU/Nsbwb11nVc
OBEhN0c56A1wvqtFfqAvj0WT9I2OdnOFWMAh/AUz7Ikj8g0nBAS4b6DCEbkBZ+vJ
fCwf8LbKlWimsS0SYJZcw4sdVdIzAaNDeWln9nDg8Qwo8LXQaFoxfuqhAoGBAIs4
XHnHwt9HHV1tWVhQL59iX1K/utslWVqy5bqfvGk07dCIBXxQ5WPyomy3SKKFdtF1
+2HMKbLYeika23w7gBQTco5XDNbNGEe00zvyz0zndcWnqVV6Po8zVNRI7vcxeQsH
oi4EscYi1BJyX6aiugHFvwnj1QU1ZvX89LzSRHiDAoGAESfTselxhjz+mxks7j1x
bTdBKkz+AhN7WFt7pPpy1gczbsymx7DfND2jnNrShV2GNwVsTIcmQMK19is5kebM
1XqRUI7gfmj71FKC2MfYS2rSW45d5XOf3aaQnug3FIrmZ3q2W9nfXz7EKa+PhQvK
/jijehWfg0wNbIGHIqYvYYo=
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIID7zCCAtegAwIBAgIUXTKYiRPMvbjmSSqvbsWyUPjDDe4wDQYJKoZIhvcNAQEL
BQAwgYYxCzAJBgNVBAYTAlhYMRIwEAYDVQQIDAlTdGF0ZU5hbWUxETAPBgNVBAcM
CENpdHlOYW1lMRQwEgYDVQQKDAtDb21wYW55TmFtZTEbMBkGA1UECwwSQ29tcGFu
eVNlY3Rpb25OYW1lMR0wGwYDVQQDDBRDb21tb25OYW1lT3JIb3N0bmFtZTAeFw0y
MzA3MTAxMjE2MzRaFw0zMzA3MDcxMjE2MzRaMIGGMQswCQYDVQQGEwJYWDESMBAG
A1UECAwJU3RhdGVOYW1lMREwDwYDVQQHDAhDaXR5TmFtZTEUMBIGA1UECgwLQ29t
cGFueU5hbWUxGzAZBgNVBAsMEkNvbXBhbnlTZWN0aW9uTmFtZTEdMBsGA1UEAwwU
Q29tbW9uTmFtZU9ySG9zdG5hbWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCy0sdzTQXcEfTB41oXmyV0D71qH7peZ1y0HAJpzshlDIAlSHUvmWgQZTzl
aEBeugCt1asOwFuG5mOlX7hgyCWGBu8ZakxlfVD6QV3fmSjDEkHPb5Af2elkoHfu
8Nh3kL2Rs4wWMVWu5NYRlSvI6jJMfmSS7VuAP9xJVjLl3sgyRbXpuow8KrjCWTyM
Fhc9dfvD+lc5R/XX3AqOAI8aatu4jcTLXF2BAVq8djFRHoF3gq1BZ9olYsE2jLFV
D6yrd5z6oLpRLiclSWkRyF0iM5GgQbiAcp7XZ9in1b6yodcVres73qwTWde3vp7k
B6qWE/KcIwtCH52n7JiAFoQA52J/AgMBAAGjUzBRMB0GA1UdDgQWBBTQYP2RwN9N
qQ7+btR0jkO7Ggu/lTAfBgNVHSMEGDAWgBTQYP2RwN9NqQ7+btR0jkO7Ggu/lTAP
BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCWuciptdgAb/o13oY+
45tkEE3WpuB9iD61OOe1PsnMvivQnJDFxD6zHm2LFoXYcu/wHVzOPrzYO/8dOGuu
EFeIAevdrPYPMOumotLVcHyIPbS8Vyp+AbQ+owk3bl8FfdqUyr5FnVxwNfJ/YM69
++opiqPHo92WSv+d04MGLsx7swoLGyFV8JMmldC4vPfrqODHqoki6DD9FH8iPZ5p
suB+xIPHoVTmLM9oh2zQVeXygwJGLG7smsfSoQNQWTaUoSNnb1eLMcm1vhtkwuh7
GYkxmJPzofpPxGX5unoq0pr53vgt38xauhxP3kWx04VMcs1dRwixhBEP8YNof5k0
R/3a
-----END CERTIFICATE-----
$ cat combined.pem | openssl pkcs12 -export -out combined.p12
Enter Export Password:
Verifying - Enter Export Password:
$ ls -lh combined.p12
-rw------- 1 gareth gareth 2.6K Jul 10 13:44 combined.p12