证书操作(openssl、keytool)
来源:互联网 发布:淘宝卖家跑路了 编辑:程序博客网 时间:2024/05/21 16:22
最近弄了很久的证书相关的东西,对其中使用到的一些命令做下记录,有空再补一下使用的java代码
证书转换(openssl):
openssl pkcs12 -export -inkey test.key -in test.cer -out test.pfx
openssl pkcs12 -in test.pfx -nodes -out test.pem
openssl rsa -in test.pem -out test.key
openssl x509 -in test.pem -out test.crt (cer和crt格式一样,直接修改后缀名即可)
创建RSA2048With256的证书
1、创建keystore:keytool -genkey -alias companyNametest -keyalg RSA2048WithSHA256 -keystore D:\companyNametest.keystore -keysize 2048
2、创建自签名证书:keytool -selfcert -alias companyNametest -keystore d:\companyNametest.keystore
3、验证:keytool -selfcert -alias company -keystore d:\companyNametest.keystore
4、导出:keytool -export -alias companyNametest -keystore d:\companyNametest.keystore -storepass 111111 -rfc -file d:\companyNametest.cer
导出csr:keytool -certReq -keystore company.keystore -alias company -file pa.csr
keytool -list -v -keystore company.keystore
new one :
1、生成keystore和密钥对:keytool -genkey -alias companyName -keyalg RSA -keystore companyName.jks -keysize 2048
2、为存在的keystore生成证书请求文件CSR :keytool -certreq -alias companyName -keystore companyName.jks -file companyName.csr
keytool -genkey -alias yushan -keypass yushan -keyalg RSA -keysize 2048 -keystore e:\yushan.keystore -storepass 123456 -dname "CN=(名字与
姓氏), OU=(组织单位名称), O=(组织名称), L=(城市或区域名称), ST=(州或省份名称), C=(单位的两字母国家代码)"
keytool -genkey -alias companyNametest -keypass companyNametest -keyalg RSA -keysize 2048 -keystore e:\companyNametest.keystore -storepass 111111 -dname "CN=051, OU=SSL-RSA, O=companyName, L=Shanghai, ST=Shanghai, C=CN"
keytool -genkey -alias companyNametest -keypass companyNametest -keyalg RSA -keysize 2048 -keystore companyNametest.keystore -storepass 111111 -dname "CN=CN, OU=OU, O=O, L=L, ST=ST, C=C"
CN=051@companyName@N91440300789222662P@1,OU=Organizational-1,OU=companyName,O=CFCA RSA OCA31,C=CN
CN = 192.168.*.*
OU = SSL-RSA
O = companyName
L = Shanghai
S = Shanghai
C = CN
创建ssl -src:
CN=192.168.*.*,OU=SSL-RSA,O=company,L=Shanghai,S=Shanghai,C=CN
1、创建客户端证书密钥文件client.key:
openssl genrsa -des3 -out company_ssl.key 2048
2、创建客户端证书的申请文件client.csr:
openssl req -new -key company_ssl.key -out company_ssl.csr
3、查看csr文件细节:
openssl req -in company_ssl.csr -noout -text
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Shanghai
Locality Name (eg, city) [Default City]:Shanghai
Organization Name (eg, company) [Default Company Ltd]:companyName
Organizational Unit Name (eg, section) []:SSL-RSA
Common Name (eg, your name or your server's hostname) []:192.168.*.*
final:1、签名证书:
创建keystore:keytool -genkey -alias companyNametest -keyalg RSA -sigalg SHA256withRSA -keystore companyNametest.keystore -keysize 2048
创建自签名证书:keytool -selfcert -alias companyNametest -keystore companyNametest.keystore
验证:keytool -selfcert -alias companyNametest -keystore companyNametest.keystore
导出:keytool -export -alias companyNametest -keystore companyNametest.keystore -storepass 111111 -rfc -file companyNametest.cer
导出csr:keytool -certReq -keystore companyNametest.keystore -alias companyNametest -file companyNametest.csr
导出私钥(pfx):keytool GUI
What is your first and last name?
[Unknown]: 051@companyName@N91440300789222662P@1
What is the name of your organizational unit?
[Unknown]: Organizational-1
What is the name of your organization?
[Unknown]: CFCA RSA OCA31
What is the name of your City or Locality?
[Unknown]: Shanghai
What is the name of your State or Province?
[Unknown]: Shanghai
What is the two-letter country code for this unit?
[Unknown]: CN
2、服务器证书:
创建密钥文件、申请文件:openssl req -new -x509 -days 100 -sha256 -newkey rsa:2048 -keyout company_ssl.key -out company_ssl.csr
查看csr文件细节:openssl req -in company_ssl.csr -noout -text(openssl req -noout -text -in company_ssl.csr)
查看key信息:openssl rsa -noout -text -in company_ssl.key
综合:openssl req -new -days 365 -sha256 -newkey rsa:2048 -keyout company_ssl.key -out company_ssl.csr -subj "/C=CN/ST=Shanghai/L=Shanghai/O=companyName/OU=SSL-RSA/CN=192.168.*.*"
导出私钥:pkcs12 -export -inkey company_ssl.key -in signatureCert-SSL.cer -out rrrr.pfx
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Shanghai
Locality Name (eg, city) [Default City]:Shanghai
Organization Name (eg, company) [Default Company Ltd]:companyName
Organizational Unit Name (eg, section) []:SSL-RSA
Common Name (eg, your name or your server's hostname) []:192.168.*.*
openssl req -new -days 365 -sha256 -newkey rsa:2048 -keyout company_ssl.key -out company_ssl.csr -subj "/C=CN/ST=Shanghai/L=Shanghai/O=companyName/OU=SSL-RSA/CN=192.168.*.*"
阅读全文
0 0
- 证书操作(openssl、keytool)
- openssl keytool 制作签名证书
- Openssl+Keytool自签发证书
- openssl和keytool生成证书
- keytool证书操作
- 利用keytool、openssl生成证书文件
- keytool和openssl生成的证书转换
- openssl 证书操作命令
- Openssl证书操作
- OpenSSL linux 证书操作
- openssl 证书操作命令
- openssl 证书操作命令
- OpenSSL证书操作
- openssl 证书操作命令
- openssl 证书操作命令
- openssl 证书操作命令
- keytool+tomcat配置HTTPS双向证书认证(无openssl)
- keytool+tomcat配置HTTPS双向证书认证(无openssl)
- 配置java运行环境
- Java实践(一)---程序设计基本概念
- 曲线运动PathInterpolator /path
- 由于已经达到 MaxReports 限制,没有写入 apport 报告。
- 子进程的异步等待方式
- 证书操作(openssl、keytool)
- 交叉验证及其用于参数选择、模型选择、特征选择的例子
- PHP伪造post请求
- 关于HttpURLConnection测试servlet
- 2017年6月14日中午 java.io.IOException: Premature EOF
- 第一次||走在最初的路上
- opencvn的模板匹配方法
- TensorFlow 笔记(四):常用的函数和说明
- virtualbox 相关操作