zoukankan      html  css  js  c++  java
  • CAS单点登陆实践1:创建x.509证书

    准备x.509证书


    首先要下载openssl,我的是win32openssl-0_9_8d.exe,安装后,配置一下环境变量,和jdk配置一样.
    接下来创建x.509.

    颜色标识:该颜色表示你要输入的东西
    第一步:创建私钥(这里输入命令即可)
    C:\OpenSSL\apps>openssl genrsa -out root/root-key.pem 1024
    Loading 'screen' into random state - done
    Generating RSA private key, 1024 bit long modulus
    ...++++++
    ......++++++
    e is 65537 (0x10001)

    C:\OpenSSL\apps>

    第二步:创建证书请求(这里输入命名后会让你填写一些东西)
    C:\OpenSSL\apps>openssl req -new -out root/root-req.csr -key root/root-key.pem
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [AU]:CN   //这里往下会让你输入一些东西
    State or Province Name (full name) [Some-State]:shanghai
    Locality Name (eg, city) []:shanghai
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:chuanyu
    Organizational Unit Name (eg, section) []:chuanyu
    Common Name (eg, YOUR name) []:weishuwei
    Email Address []:weishuwei112@sina.com
     
    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:password
    An optional company name []:chuanyu

    C:\OpenSSL\apps>

    第三步:产生受信任的证书文件(根据root-req.csr产生,而root-req.csr又是通过
    root-key.pem产生,也就是说私钥文件签署了该证书文件,注:这个是自签署文件,下面有自签署和非自签署的区别)
    C:\OpenSSL\apps>openssl x509 -req -in root/root-req.csr -out root/root-cert.pem
    -signkey root/root-key.pem -days 3650

    Loading 'screen' into random state - done
    Signature ok
    subject=/C=CN/ST=shanghai/L=shanghai/O=chuanyu/OU=chuanyu/CN=weishuwei/emailAddr
    ess=weishuwei112@sina.com
    Getting Private key

    第四步:将受信任的证书导出成浏览器支持的.p12(PKCS12)格式.
    C:\OpenSSL\apps>openssl pkcs12 -export -clcerts -in root/root-cert.pem -inkey root/root-key.pem -out root/root.p12
    Loading 'screen' into random state - done
    Enter Export Password: ******    // (DOS下不会显示星号,光标也不动,感觉没输入上一样);
    Verifying - Enter Export Password:******   //重新输入一次刚才输入的密码

    C:\OpenSSL\apps>

    第五步:将受信任的证书导出成JKS格式(这一步可选,这种格式供tomcat使用,tomcat的trustStore同时支持JKS和PKCS12两种格式,直接用上步的p12格式也行)
    C:\OpenSSL\apps\root>keytool -import -v -trustcacerts -storepass password -alias
     root -file root-cert.pem -keystore root.jks
    Owner: EMAILADDRESS=weishuwei112@sina.com, CN=weishuwei, OU=chuanyu, O=chuanyu,
    L=shanghai, ST=shanghai, C=CN
    发照者: EMAILADDRESS=weishuwei112@sina.com, CN=weishuwei, OU=chuanyu, O=chuanyu
    , L=shanghai, ST=shanghai, C=CN
    序号: 9a8cf5246b9bb7a7
    有效期间: Thu May 17 09:28:44 CST 2007 至: Sun May 14 09:28:44 CST 2017
    认证指纹:
             MD5:  6B:23:EB:8B:0B:3D:D0:61:ED:59:26:45:F7:DD:EE:37
             SHA1: EB:CF:D6:53:58:15:9B:88:91:6D:79:38:6E:2B:E4:BD:A8:65:BA:E3
    信任这个认证? [否]:  y
    认证已添加至keystore中
    [正在存储 root.jks]

     

  • 相关阅读:
    第6天c#基础结构体和数组
    第5天c#基础for循环和enum
    第4天c#基础switch和while循环
    第3天c#按位运算和增减buff
    第2天c#基础
    第1天c#基础语法
    背景图层填充底色调密度
    如何在运行里添加命令
    网站
    BAT设置
  • 原文地址:https://www.cnblogs.com/kungfupanda/p/1815844.html
Copyright © 2011-2022 走看看