证书操作(openssl、keytool)

最近弄了很久的证书相关的东西，对其中使用到的一些命令做下记录,有空再补一下使用的java代码


证书转换(openssl)：


openssl pkcs12 -export -inkey test.key -in test.cer -out test.pfx
openssl pkcs12 -in test.pfx -nodes -out test.pem 
openssl rsa -in test.pem -out test.key
openssl x509 -in test.pem -out test.crt （cer和crt格式一样，直接修改后缀名即可）


创建RSA2048With256的证书


1、创建keystore：keytool -genkey -alias companyNametest -keyalg RSA2048WithSHA256 -keystore D:\companyNametest.keystore -keysize 2048
2、创建自签名证书：keytool -selfcert -alias companyNametest -keystore d:\companyNametest.keystore
3、验证：keytool -selfcert -alias company -keystore d:\companyNametest.keystore
4、导出：keytool -export -alias companyNametest -keystore d:\companyNametest.keystore -storepass 111111 -rfc -file d:\companyNametest.cer


导出csr：keytool -certReq -keystore company.keystore -alias company -file pa.csr


keytool -list -v -keystore company.keystore


new one :
1、生成keystore和密钥对：keytool -genkey -alias companyName -keyalg RSA -keystore companyName.jks -keysize 2048
2、为存在的keystore生成证书请求文件CSR ：keytool -certreq -alias companyName -keystore companyName.jks -file companyName.csr



keytool -genkey -alias yushan -keypass yushan -keyalg RSA -keysize 2048 -keystore  e:\yushan.keystore -storepass 123456 -dname "CN=(名字与
姓氏), OU=(组织单位名称), O=(组织名称), L=(城市或区域名称), ST=(州或省份名称), C=(单位的两字母国家代码)"


keytool -genkey -alias companyNametest -keypass companyNametest -keyalg RSA -keysize 2048 -keystore  e:\companyNametest.keystore -storepass 111111 -dname "CN=051, OU=SSL-RSA, O=companyName, L=Shanghai, ST=Shanghai, C=CN"


keytool -genkey -alias companyNametest -keypass companyNametest -keyalg RSA -keysize 2048 -keystore  companyNametest.keystore -storepass 111111 -dname "CN=CN, OU=OU, O=O, L=L, ST=ST, C=C"




CN=051@companyName@N91440300789222662P@1,OU=Organizational-1,OU=companyName,O=CFCA RSA OCA31,C=CN


CN = 192.168.*.*
OU = SSL-RSA
O = companyName
L = Shanghai
S = Shanghai
C = CN


创建ssl -src：
CN=192.168.*.*,OU=SSL-RSA,O=company,L=Shanghai,S=Shanghai,C=CN
 1、创建客户端证书密钥文件client.key：
    openssl genrsa -des3 -out company_ssl.key 2048
 2、创建客户端证书的申请文件client.csr：
    openssl req -new -key company_ssl.key -out company_ssl.csr
 3、查看csr文件细节：
openssl req -in company_ssl.csr -noout -text

Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Shanghai
Locality Name (eg, city) [Default City]:Shanghai
Organization Name (eg, company) [Default Company Ltd]:companyName
Organizational Unit Name (eg, section) []:SSL-RSA
Common Name (eg, your name or your server's hostname) []:192.168.*.*




final:1、签名证书：
创建keystore：keytool -genkey -alias companyNametest -keyalg RSA -sigalg SHA256withRSA -keystore companyNametest.keystore -keysize 2048
创建自签名证书：keytool -selfcert -alias companyNametest -keystore companyNametest.keystore
验证：keytool -selfcert -alias companyNametest -keystore companyNametest.keystore
导出：keytool -export -alias companyNametest -keystore companyNametest.keystore -storepass 111111 -rfc -file companyNametest.cer
导出csr：keytool -certReq -keystore companyNametest.keystore -alias companyNametest -file companyNametest.csr
导出私钥(pfx):keytool GUI


What is your first and last name?
  [Unknown]:  051@companyName@N91440300789222662P@1
What is the name of your organizational unit?
  [Unknown]:  Organizational-1
What is the name of your organization?
  [Unknown]:  CFCA RSA OCA31
What is the name of your City or Locality?
  [Unknown]:  Shanghai
What is the name of your State or Province?
  [Unknown]:  Shanghai
What is the two-letter country code for this unit?
  [Unknown]:  CN



  2、服务器证书：
  创建密钥文件、申请文件：openssl req -new -x509 -days 100 -sha256 -newkey rsa:2048 -keyout company_ssl.key -out company_ssl.csr
  查看csr文件细节：openssl req -in company_ssl.csr -noout -text（openssl req -noout -text -in company_ssl.csr）
  查看key信息：openssl rsa -noout -text -in company_ssl.key
  综合:openssl req -new -days 365 -sha256 -newkey rsa:2048 -keyout company_ssl.key -out company_ssl.csr -subj "/C=CN/ST=Shanghai/L=Shanghai/O=companyName/OU=SSL-RSA/CN=192.168.*.*"


导出私钥：pkcs12 -export -inkey company_ssl.key -in signatureCert-SSL.cer -out rrrr.pfx
  
 
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Shanghai
Locality Name (eg, city) [Default City]:Shanghai
Organization Name (eg, company) [Default Company Ltd]:companyName
Organizational Unit Name (eg, section) []:SSL-RSA
Common Name (eg, your name or your server's hostname) []:192.168.*.*




openssl req -new -days 365 -sha256 -newkey rsa:2048 -keyout company_ssl.key -out company_ssl.csr -subj "/C=CN/ST=Shanghai/L=Shanghai/O=companyName/OU=SSL-RSA/CN=192.168.*.*"