步骤1keystore的生成:
keytool -genkeypair -alias cjmexPrivateKey -keypass 123456 -keyalg RSA -keysize 1024 -validity 365 -keystore /home/app/vexchange-front/cjmex123.keystore -storepass 123456 -dname "CN=(CJMEX), OU=(CJMEX), O=(CJMEX), L=(SH), ST=(SH), C=(CN)"
步骤2keystore信息的查看:
keytool -list -v -keystore d:/cjmex_rsa/cjmex.keystore -storepass 123456
步骤3生成密钥库(自签名的证书和私钥):
keytool -genkey -alias cjmexPrivateKey -keyalg RSA -keystore /home/app/vexchange-front/cjmex.keystore
步骤4查看密钥库:
keytool -list -v -keystore /home/app/vexchange-front/cjmex.keystore
步骤5导出密钥库公钥、信息等到证书中:
keytool -export -alias cjmexPrivateKey -keystore /home/app/vexchange-front/cjmex.keystore -storepass 123456 -file /home/app/vexchange-front/scert.cer
上面的输出如果用文本编辑器打开***.cer或**.cer,将会发现它是二进制文件,有些内容无法显示,这不利于公布证书。在导出证书时加上-rfc参数则可以使用一种可打印的编码格式来保存证书。如:
keytool -export -alias cjmexServerPrivateKey -keystore /home/app/vexchange-front/cjmex.keystore -storepass 123456 -file /home/app/vexchange-front/scert.cer -keystore /home/app/vexchange-front/cjmex.keystore -storepass 123456 -rfc
步骤6建立信任密钥库(将服务端证书,导入到客户端的信任密钥库中):
keytool -import -alias cjmexPrivateKey -file /home/app/vexchange-front/scert.cer -keystore ctruststore
补助7查看信任密钥库:
keytool -list -v -keystore /home/app/vexchange-front/cjmex.jks
同理,生成客户端的密钥库和证书,服务器端导入客户端证书。
keytool -genkey -alias cksalias -keyalg RSA -keystore ckeystore.jks
keytool -export -alias cksalias -keystore ckeystore.jks -storepass 123456 -file ccert.cer
keytool -import -alias cksalias -file ccert.cer -keystore struststore
注:scert.cer证书里面放的是公钥,可以直接读取文件使用,私钥无法通过keytool工具输出到文件,可以用代码读取cjmex.keystore,通过keystore获取私钥。
keytool -delete -keystore /home/app/vexchange-front/cjmex.keystore -alias cjmexServerPrivateKey
三步骤:
生成一对密钥
keytool -genkeypair -alias cjmexWeipanPrivateKey -keypass 123456 -keyalg RSA -sigalg SHA1withRSA -keysize 1024 -validity 3650 -keystore /home/app/vexchange-front/cjmex.jks -storepass 123456 -dname "CN=(CJMEX), OU=(CJMEX), O=(CJMEX), L=(SH), ST=(SH), C=(CN)"
导出证书(公钥)
keytool -export -alias cjmexWeipanPrivateKey -keystore /home/app/vexchange-front/cjmex.jks -storepass 123456 -file /home/app/vexchange-front/scert.cer -keystore /home/app/vexchange-front/cjmex.jks -storepass 123456 -rfc
让密钥库信任证书
keytool -import -alias cjmexWeipanPrivateKey -file /home/app/vexchange-front/scert.cer -keystore ctruststore
keytool -export -alias cjmexWeipanPrivateKey -keystore /home/app/vexchange-front/cjmex.jks -storepass 123456 -file /home/app/vexchange-front/scertB.cer
检查是否存在同名证书:
keytool -list -v -alias tomcat -keystore "%JAVA_HOME%/jre/lib/security/cacerts" -storepass changeit
删除已创建的证书:
keytool -delete -alias tomcat -keystore "%JAVA_HOME%/jre/lib/security/cacerts" -storepass changeit
三、创建证书
1. 服务器中生成证书:
(注:生成证书时,CN要和服务器的域名相同,如果在本地测试,则使用localhost)
keytool -genkey -alias tomcat -keyalg RSA -keystore d:/mykeystore -dname "CN=localhost, OU=localhost, O=localhost, L=SH, ST=SH, C=CN" -keypass changeit -storepass changeit
2. 导出证书,由客户端安装:
keytool -export -alias tomcat -keystore d:/mykeystore -file d:/mycerts.cer -storepass changeit
3. 客户端配置:为客户端的JVM导入密钥(将服务器下发的证书导入到JVM中)
keytool -import -trustcacerts -alias tomcat -keystore "%JAVA_HOME%/jre/lib/security/cacerts" -file d:/mycerts.cer -storepass changeit
例:分会员生成密钥对: 规则: alias:cjwpAppId keypass:cjwpAppId storepass:123456 证书命名:cjwpAppId 交易中心: alias:cjmexPrivateKey keypass:cjmexPrivateKey storepass:123456 证书命名;cjmexPrivateKey 密钥库命名:cjmexServer.jks 信任证书命名:cjmexServerCtrustStore 818 cjwp_8182875: keytool -genkeypair -alias cjwp_8182875 -keypass cjwp_8182875 -keyalg RSA -sigalg SHA1withRSA -keysize 1024 -validity 3650 -keystore /home/app/tomcat7/bin/cjmex.jks -storepass 123456 -dname "CN=(CJMEX), OU=(CJMEX), O=(CJMEX), L=(SH), ST=(SH), C=(CN)" keytool -export -alias cjwp_8182875 -keystore /home/app/tomcat7/bin/cjmex.jks -storepass 123456 -file /home/app/vexchange-front/cer/cjwp_8182875.cer -keystore /home/app/tomcat7/bin/cjmex.jks -storepass 123456 -rfc keytool -import -alias cjwp_8182875 -file /home/app/vexchange-front/cer/cjwp_8182875.cer -keystore /home/app/tomcat7/bin/ctruststore 266 cjwp_2664215: keytool -genkeypair -alias cjwp_2664215 -keypass cjwp_2664215 -keyalg RSA -sigalg SHA1withRSA -keysize 1024 -validity 3650 -keystore /home/app/tomcat7/bin/cjmex.jks -storepass 123456 -dname "CN=(CJMEX), OU=(CJMEX), O=(CJMEX), L=(SH), ST=(SH), C=(CN)" keytool -export -alias cjwp_2664215 -keystore /home/app/tomcat7/bin/cjmex.jks -storepass 123456 -file /home/app/vexchange-front/cer/cjwp_2664215.cer -keystore /home/app/tomcat7/bin/cjmex.jks -storepass 123456 -rfc keytool -import -alias cjwp_2664215 -file /home/app/vexchange-front/cer/cjwp_2664215.cer -keystore /home/app/tomcat7/bin/ctruststore
注意:javaweb 项目,需要把密钥库cjmex.jks ,放进tomcat的bin目录下,否则应用程序将无法匹配公钥和私钥。
转载请注明原文地址: https://ju.6miu.com/read-4519.html