porta ca配置
1.生成服务器公钥、密钥
keytool -keystore porta.jks -keypass 7788119 -storepass 7788119 -alias porta -genkey -keyalg RSA -dname "CN=porta.pzhu.cn, OU=servers, O=COMSYSNetCn"
2.生成服务器证书
keytool -keystore porta.jks -keypass 7788119 -storepass 7788119 -alias porta -certreq -file portaServerreq.pem
服务证书文件:portaServerreq.pem
3.ca签发服务器证书
openssl ca -in portaServerreq.pem -out portaServercert.pem -config "D:/javaTest/CA/conf/ucitca.conf"
经过ca签名的服务器证书:portaServercert.pem
删除portaServercert.pem文件中‘-----BEGIN CERTIFICATE行之前的内容
查看证书:keytool -printcert -file portaServercert.pem
4.把服务器证书导回服务器keystore中
4.1把ca证书导入服务器keystore
keytool -keystore porta.jks -keypass 7788119 -storepass 7788119 -alias ca -import -trustcacerts -file cacert.pem
4.2导入经过ca签名的服务器证书(认证回复,alias与先前生成的相同)
keytool -keystore porta.jks -keypass 7788119 -storepass 7788119 -alias porta -import -file portaServercert.pem
5.创建服务器信任的ca证书库
keytool -keystore truststore.jks -keypass 7788119 -storepass 7788119 -alias ca -import -trustcacerts -file cacert.pem
6.将ca证书添加到jre信任中
keytool -import -trustcacerts -alias ca -file cacert.pem -keystore C:/jdk1.6.0_07/jre/lib/security/cacerts -storepass 7788119
openssl带密码
openssl req -newkey rsa:1024 -keyout 610403198403260044key.pem -keyform PEM -out 610403198403260044req.pem -outform PEM -subj "/O=CNSUCCCom/OU=cnsuccOU/CN=610403198403260044" -passout pass:123456
带密码参数的生成记录:
1.客户公钥、私钥
openssl req -newkey rsa:1024 -keyout 610403198403260044key.pem -keyform PEM -out 610403198403260044req.pem -outform PEM -subj "/O=JiFCom/OU=JiFOU/CN=季枫" -passout pass:123456
2.ca签发
openssl ca -in 610403198403260044req.pem -out 610403198403260044cert.pem -config "D:/javaTest/CA/conf/ucitCA.conf" -passin pass:7788119
3.生成P12文件
openssl pkcs12 -export -in 610403198403260044cert.pem -inkey 610403198403260044key.pem -out 610403198403260044.p12 -name 610403198403260044r -chain -CAfile "D:/javaTest/CA/cacert.pem" -passin pass:123456 -passout pass:111111