提取public.key

Question

我们尝试使用两种不同的方法来解决这种情况

A(用public.key加密数据)-发送数据到->B(用private.key解密)

我们无法控制应用程序A，我们必须添加另一个应用程序C，它将执行与B相同的任务

1)所以我们使用密钥工具为C语言创建了一个密钥库，现在我们想要从该密钥库导出public.key文件，有什么方法可以做到吗？

2)我们使用OPEN SSL生成了Private.key和Public.key，并使用SAN创建了CSR

req -new -key \..\..\..\private.key -sha256 -nodes -subj '/C=IN/ST=test/L=test/O=test/OU=test/CN=localhost/emailAddress=xxx@xxx.com/subjectAltName=IP.1=xxx.xxx.xxx.xxx' -out ..\..\..\xyz.csr

并生成了证书和密钥库，但即使在添加SAN之后，它也会抛出

Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1902)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1338)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1032)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1328)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:515)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
at org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:81)
at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:53)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:568)
... 49 more
Caused by: java.security.cert.CertificateException: No subject alternative names present
at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:142)
at sun.security.util.HostnameChecker.match(HostnameChecker.java:91)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:347)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:203)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1320)
... 63 more

所以我不能让它以这种方式工作

有没有人能从这两方面提出建议呢？

Answer 1

您生成的证书可能缺少"X509v3使用者备用名称“扩展名。

您可以使用以下命令进行验证：

openssl req -in xyz.csr -text

输出应该包含如下内容：

Requested Extensions: X509v3 Subject Alternative Name: IP Address:...

如果不是这样，那么你可能会发现例如this很有用。