步骤一:生成orange.keystore和banana.keystore
keytool -genkey -alias orange -keyalg RSA -keysize 1024 -keypass kingkp -storepass kingsp -validity 365 -keystore d:/research/keystore/orange.keystore
后续输入6次orange,并按y确认生成
keytool -genkey -alias banana -keyalg RSA -keysize 1024 -keypass kingkp -storepass kingsp -validity 365 -keystore d:/research/keystore/banana.keystore
后续输入6次banana,并按y确认生成
步骤二:从orange.keystore和banana.keystore导出orange.cer和banana.cer
keytool -export -alias orange -keystore d:/research/keystore/orange.keystore -file d:/research/cer/orange.cer -storepass kingsp
keytool -export -alias banana -keystore d:/research/keystore/banana.keystore -file d:/research/cer/banana.cer -storepass kingsp
步骤三:复制orange.keystore并备份成orangeBak.keystore,等会用于比较
步骤四:把banana.cer证书导入到orange.keystore
keytool -import -file D:/research/cer/banana.cer -keystore D:/research/keystore/orange.keystore -alias banana
C:Users35992>keytool -import -file D:/research/cer/banana.cer -keystore D:/research/keystore/orange.keystore -alias banana 输入密钥库口令: 所有者: CN=banana, OU=banana, O=banana, L=banana, ST=banana, C=banana 发布者: CN=banana, OU=banana, O=banana, L=banana, ST=banana, C=banana 序列号: 8c15102 有效期开始日期: Thu Oct 12 08:44:59 CST 2017, 截止日期: Fri Oct 12 08:44:59 CST 2018 证书指纹: MD5: E4:7F:69:12:B5:00:AF:21:B2:12:22:8B:38:3C:41:2E SHA1: DD:93:47:C3:10:83:4C:BA:9D:92:BD:69:61:56:71:78:7A:AA:F8:81 SHA256: B4:3C:1E:0A:9B:9E:72:94:7B:04:74:49:F4:C9:EC:FB:32:8F:AE:26:FD:2D:46:39:A3:FA:FD:37:FE:49:F7:EF 签名算法名称: SHA256withRSA 版本: 3 扩展: #1: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 1F 3F 29 5F 87 23 C6 09 1D 2F DE 73 AD 8A CB 9E .?)_.#.../.s.... 0010: 5D 3B 69 E3 ];i. ] ] 是否信任此证书? [否]: y 证书已添加到密钥库中
步骤四报错补充说明:
以下导入会导致步骤四报错:因为orange.keystore中已存在orange.cer证书
keytool -import -file D:/research/cer/orange.cer -keystore D:/research/keystore/orange.keystore -alias orange
以下导入会导致步骤四报错:因为orange.cer中没有banana这个别名
keytool -import -file D:/research/cer/banana.cer -keystore D:/research/keystore/orange.keystore -alias banana
以下导入会导致步骤四报错:因为没有指定keystore文件
keytool -import -file D:/research/cer/banana.cer -keystore D:/research/keystore/ -alias banana
步骤五:比较旧keystore和新合并的keystore差异
keytool -list -v -keystore d:/research/keystore/orangeBak.keystore -storepass kingsp
keytool -list -v -keystore d:/research/keystore/orange.keystore -storepass kingsp
显示结果如下:
keytool -list -v -keystore d:/research/keystore/orangeBak.keystore -storepass kingsp
C:Users35992>keytool -import -file D:/research/cer/banana.cer -keystore D:/research/keystore/orange.keystore -alias banana 输入密钥库口令: kingkp 所有者: CN=banana, OU=banana, O=banana, L=banana, ST=banana, C=banana 发布者: CN=banana, OU=banana, O=banana, L=banana, ST=banana, C=banana 序列号: 8c15102 有效期开始日期: Thu Oct 12 08:44:59 CST 2017, 截止日期: Fri Oct 12 08:44:59 CST 2018 证书指纹: MD5: E4:7F:69:12:B5:00:AF:21:B2:12:22:8B:38:3C:41:2E SHA1: DD:93:47:C3:10:83:4C:BA:9D:92:BD:69:61:56:71:78:7A:AA:F8:81 SHA256: B4:3C:1E:0A:9B:9E:72:94:7B:04:74:49:F4:C9:EC:FB:32:8F:AE:26:FD:2D:46:39:A3:FA:FD:37:FE:49:F7:EF 签名算法名称: SHA256withRSA 版本: 3 扩展: #1: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 1F 3F 29 5F 87 23 C6 09 1D 2F DE 73 AD 8A CB 9E .?)_.#.../.s.... 0010: 5D 3B 69 E3 ];i. ] ] 是否信任此证书? [否]: y 证书已添加到密钥库中 C:Users35992>keytool -list -v -keystore d:/research/keystore/orangeBak.keystore -storepass kingsp 密钥库类型: JKS 密钥库提供方: SUN 您的密钥库包含 1 个条目 别名: orange 创建日期: 2017-10-12 条目类型: PrivateKeyEntry 证书链长度: 1 证书[1]: 所有者: CN=orange, OU=orange, O=orange, L=orange, ST=orange, C=orange 发布者: CN=orange, OU=orange, O=orange, L=orange, ST=orange, C=orange 序列号: 49190147 有效期开始日期: Thu Oct 12 08:44:41 CST 2017, 截止日期: Fri Oct 12 08:44:41 CST 2018 证书指纹: MD5: 33:8A:CA:1D:85:73:7B:98:FC:57:3B:AC:BA:B7:72:55 SHA1: 8C:BB:15:8D:DD:0A:10:85:C7:A5:AB:41:82:66:60:02:F6:80:46:6C SHA256: 26:2D:2D:3B:65:14:63:AB:89:C7:72:9D:3A:29:C7:C2:8F:0B:DD:71:F1:76:E3:70:82:8E:C1:08:EF:8D:AE:D4 签名算法名称: SHA256withRSA 版本: 3 扩展: #1: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: F5 E0 C4 5E B5 84 3D B8 F8 1E 25 DB 80 20 E8 94 ...^..=...%.. .. 0010: AE C3 27 1B ..'. ] ] ******************************************* *******************************************
keytool -list -v -keystore d:/research/keystore/orange.keystore -storepass kingsp
C:Users35992>keytool -list -v -keystore d:/research/keystore/orange.keystore -storepass kingsp 密钥库类型: JKS 密钥库提供方: SUN 您的密钥库包含 2 个条目 别名: banana 创建日期: 2017-10-12 条目类型: trustedCertEntry 所有者: CN=banana, OU=banana, O=banana, L=banana, ST=banana, C=banana 发布者: CN=banana, OU=banana, O=banana, L=banana, ST=banana, C=banana 序列号: 8c15102 有效期开始日期: Thu Oct 12 08:44:59 CST 2017, 截止日期: Fri Oct 12 08:44:59 CST 2018 证书指纹: MD5: E4:7F:69:12:B5:00:AF:21:B2:12:22:8B:38:3C:41:2E SHA1: DD:93:47:C3:10:83:4C:BA:9D:92:BD:69:61:56:71:78:7A:AA:F8:81 SHA256: B4:3C:1E:0A:9B:9E:72:94:7B:04:74:49:F4:C9:EC:FB:32:8F:AE:26:FD:2D:46:39:A3:FA:FD:37:FE:49:F7:EF 签名算法名称: SHA256withRSA 版本: 3 扩展: #1: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 1F 3F 29 5F 87 23 C6 09 1D 2F DE 73 AD 8A CB 9E .?)_.#.../.s.... 0010: 5D 3B 69 E3 ];i. ] ] ******************************************* ******************************************* 别名: orange 创建日期: 2017-10-12 条目类型: PrivateKeyEntry 证书链长度: 1 证书[1]: 所有者: CN=orange, OU=orange, O=orange, L=orange, ST=orange, C=orange 发布者: CN=orange, OU=orange, O=orange, L=orange, ST=orange, C=orange 序列号: 49190147 有效期开始日期: Thu Oct 12 08:44:41 CST 2017, 截止日期: Fri Oct 12 08:44:41 CST 2018 证书指纹: MD5: 33:8A:CA:1D:85:73:7B:98:FC:57:3B:AC:BA:B7:72:55 SHA1: 8C:BB:15:8D:DD:0A:10:85:C7:A5:AB:41:82:66:60:02:F6:80:46:6C SHA256: 26:2D:2D:3B:65:14:63:AB:89:C7:72:9D:3A:29:C7:C2:8F:0B:DD:71:F1:76:E3:70:82:8E:C1:08:EF:8D:AE:D4 签名算法名称: SHA256withRSA 版本: 3 扩展: #1: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: F5 E0 C4 5E B5 84 3D B8 F8 1E 25 DB 80 20 E8 94 ...^..=...%.. .. 0010: AE C3 27 1B ..'. ] ] ******************************************* *******************************************
对比后可以看到新的密钥库已经变成了2个条目的keystore