制作SSL证书-keytool命令
来源:互联网 发布:淘宝海选报名 编辑:程序博客网 时间:2024/06/04 19:30
生成服务器密钥库和证书,客户端导入服务器证书:
1、生成密钥库(自签名的证书和私钥)
keytool -genkey -alias sksalias -keyalg RSA -keystore skeystore.jks
密钥库和密钥库别名都需要密码,用时也需要
Enter keystore password:
Enter key password for <ksalias>
查看密钥库
keytool -list -v -keystore skeystore.jks
2、导出密钥库公钥、信息等到证书中
keytool -export -alias sksalias -keystore skeystore.jks -storepass 123456 -file scert.cer
3、建立信任密钥库(将服务端证书,导入到客户端的信任密钥库中)
keytool -import -alias sksalias -file scert.cer -keystore ctruststore
信任密钥库truststore也需要密码,但别名不需要密码
//truststore也是密钥库,只是少了私钥
Enter keystore password:
查看信任密钥库
keytool -list -v -keystore truststore
keytool,可以转换,pem,直接导入pem的。ie,firefox也可以转换。
同理,生成客户端的密钥库和证书,服务器端导入客户端证书。
keytool -genkey -alias cksalias -keyalg RSA -keystore ckeystore.jks
keytool -export -alias cksalias -keystore ckeystore.jks -storepass 123456 -file ccert.cer
keytool -import -alias cksalias -file ccert.cer -keystore struststore
代码如下
package socket.ssl.mutual;import java.io.DataOutputStream;import java.io.FileInputStream;import java.io.IOException;import java.io.OutputStream;import java.security.KeyStore;import javax.net.ssl.KeyManagerFactory;import javax.net.ssl.SSLContext;import javax.net.ssl.SSLServerSocket;import javax.net.ssl.SSLSocket;import javax.net.ssl.TrustManagerFactory;public class SecureServerDemo {public static void main(String[] args) {SSLServerSocket server = null;String hello = "Hello World!---shuangxiangrenzheng";try {server = getSSLServerSocket();// server.setNeedClientAuth(true);} catch (Exception e) {e.printStackTrace();System.exit(1);}while(true) {try {System.out.println("before accept...");SSLSocket cs = (SSLSocket)server.accept();System.out.println("begin accept...");OutputStream out = cs.getOutputStream();DataOutputStream dos = new DataOutputStream(out);dos.writeUTF(hello);out.close();cs.close();} catch (IOException e) {e.printStackTrace();}}}static SSLServerSocket getSSLServerSocket() throws Exception{ SSLContext ctx = SSLContext.getInstance("SSL"); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); KeyStore ks = KeyStore.getInstance("JKS"); KeyStore tks = KeyStore.getInstance("JKS"); ks.load(new FileInputStream("D:/ssl/jks2/skeystore.jks"), "123456".toCharArray()); tks.load(new FileInputStream("D:/ssl/jks2/truststore"), "123456".toCharArray()); kmf.init(ks, "123456".toCharArray()); tmf.init(tks); ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); SSLServerSocket serverSocket = (SSLServerSocket) ctx.getServerSocketFactory().createServerSocket(8090); serverSocket.setNeedClientAuth(true);// serverSocket.setn return serverSocket;}}
package socket.ssl.mutual;
import java.io.DataInputStream;import java.io.FileInputStream;import java.io.IOException;import java.io.InputStream;import java.net.UnknownHostException;import java.security.KeyStore;import javax.net.ssl.KeyManagerFactory;import javax.net.ssl.SSLContext;import javax.net.ssl.SSLSocket;import javax.net.ssl.SSLSocketFactory;import javax.net.ssl.TrustManagerFactory;public class SecureClientDemo {public static void main(String[] args) {try {SSLSocket s = getSSLSocket();InputStream in = null;in = s.getInputStream();DataInputStream dis = new DataInputStream(in);try{ String st = dis.readUTF(); System.out.println(st);} catch (Exception e) { e.printStackTrace(); }in.close();s.close();System.out.println("-------------------");} catch (Exception e) {e.printStackTrace();}}static SSLSocket getSSLSocket() throws Exception{ SSLContext ctx = SSLContext.getInstance("SSL"); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); KeyStore ks = KeyStore.getInstance("JKS"); KeyStore tks = KeyStore.getInstance("JKS");// ks.load(new FileInputStream("D:/ssl/jks2/ckeystore2.jks"), "123456".toCharArray());// tks.load(new FileInputStream("D:/ssl/jks2/ckeystore2.jks"), "123456".toCharArray()); ks.load(new FileInputStream("D:/ssl/jks2/ckeystore.jks"), "123456".toCharArray()); tks.load(new FileInputStream("D:/ssl/jks2/ckeystore.jks"), "123456".toCharArray()); kmf.init(ks, "123456".toCharArray()); tmf.init(tks); ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); SSLSocket sSLSocket = (SSLSocket)ctx.getSocketFactory().createSocket("127.0.0.1", 8090); sSLSocket.startHandshake(); return sSLSocket;}}
1,用回调syslof4j的getsocket,然后socket.handshake,会卡死
2,用这个测试,也会卡死,必须server端,先开始handshake才行,或者他们之间发送消息(这样测试就会多
一条记录不好),有待深入探讨原因。
阅读全文
0 0
- 制作SSL证书-keytool命令
- keytool生成SSL双向证书命令
- 制作SSL证书-openssl命令
- keytool生成ssl证书
- keytool 加密证书制作
- https Java制作证书的工具keytool用法总结 安装SSL证书
- 生成证书命令keytool
- openssl keytool 制作签名证书
- keytool生成证书与Tomcat SSL配置
- keytool生成证书与Tomcat SSL配置
- keytool--生成证书与Tomcat SSL配置
- keytool生成证书与Tomcat SSL配置
- 使用keytool命令生成证书:
- 自己制作ssl证书
- Java的KeyTool工具制作证书
- 制作证书的keytool工具用法总结
- Java制作证书工具keytool的总结
- 制作证书的keytool工具用法总结
- hibernate 把类输出成数据库表
- Python关键知识点整理(一)
- 我的摘抄
- BZOJ1231 [Usaco2008 Nov]mixup2 混乱的奶牛
- PowerDesigner 的反向工程
- 制作SSL证书-keytool命令
- CentOS Linux 从终端启动
- ss 命令
- JavaScript中sort方法分析
- 写给自己的JAVA工程师之路-网络体系结构
- Vmware vSphere(一)安装vSphere client 以及 ubuntu
- OneToOne annotation 双向关联
- Vmware vSphere(二)常见问题汇总
- Hibernate 双向关联