程序博客网 > 知商金融安全吗

全面讲解Tomcat下SSL证书的配置(四)

来源:互联网 发布:知商金融安全吗 编辑:程序博客网 时间:2024/04/30 09:27

使用openssl管理证书

在上文中我们提到了openssl与keytool工具关于证书转换方面的衔接。下面将逐一讲述如何使用openssl 从pkcs12文件中提取文本格式证书、私钥、制作证书链证书文件,以及模拟在只有 证书及私钥的情况下,如何制作出完整的pkcs12文件。

从pkcs12文件中提取pem格式证书

以从www.yuanlangchao.p12中提取pem格式证书为例:

下面这种命令提出的pem格式证书,保留了pkcs12中的证书链,其实证书链就是建立起的本身的证书与CA证书之间的认证关系。

[root@oracle openssl]# openssl pkcs12 -nokeys  -in www.yuanlangchao.p12  -passin pass:yuanlangchao -out  www.yuanlangchao.com.pem.crtMAC verified OK[root@oracle openssl]# cat www.yuanlangchao.com.pem.crt Bag Attributes    friendlyName: server    localKeyID: 54 69 6D 65 20 31 34 34 32 39 35 34 37 32 30 39 33 38 subject=/C=cn/ST=shanghai/L=shanghai/O=YUAN/OU=YUANLANGCHAO/CN=www.yuanlangchao.comissuer=/C=CN/ST=SHANGHAI/L=SHANGHAI/O=YUAN/OU=YUANLANGCHAO/CN=YUANLANGCHAO-----BEGIN CERTIFICATE-----MIIDqDCCApCgAwIBAgIES2Au5zANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJDTjERMA8GA1UECBMIU0hBTkdIQUkxETAPBgNVBAcTCFNIQU5HSEFJMQ0wCwYDVQQKEwRZVUFOMRUwEwYDVQQLEwxZVUFOTEFOR0NIQU8xFTATBgNVBAMTDFlVQU5MQU5HQ0hBTzAeFw0xNTA5MjAyMDIyMjZaFw0yNTA5MTcyMDIyMjZaMHgxCzAJBgNVBAYTAmNuMREwDwYDVQQIEwhzaGFuZ2hhaTERMA8GA1UEBxMIc2hhbmdoYWkxDTALBgNVBAoTBFlVQU4xFTATBgNVBAsTDFlVQU5MQU5HQ0hBTzEdMBsGA1UEAxMUd3d3Lnl1YW5sYW5nY2hhby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCP8wEdwSQGo0sbwuG6gMBqwavRMBS1A0LpLoF4xl/2JcxYpU1KdDYmxMnCebnUwETRItdhQ1fQYXcV2JgjvioD02IzPZfeAxQqG9eRVfcCsS8p+L0Hs6cjRqi7DemkooRRmcJgiIoZLyz1IO2ggt8SpkvCy14Rnq5SiCGzDOQkmTwsrED4rqurOzBgVc5sMc1DugiUuRG0PUX97w1MMSdfzfmUpZpKDW40EiASzDCgaawvglVcKkC+UBZUnHIg/jHuLdOO5phIsUVSbnaYkHMiIeIrcG8wHAUMGmW57J4diXPhAz3pfPpHktx8pAbGCnkYucktrhWryYvnDKdR9zzVAgMBAAGjQjBAMB8GA1UdIwQYMBaAFOXsCop9WI4STblAU98od4yZS95QMB0GA1UdDgQWBBTt91vfyrevLVRndnHUm51jNT6AtzANBgkqhkiG9w0BAQsFAAOCAQEARyT6UsLiP+ZiRHAglRsXg+dZyj54+JhiZdKeoc5bXvNiwGD1pmZA/9XS73UNygXMaD01zPgWtZZz6vkHxg+QLZaUVsQTE0uSWZr7ADL+HJwVFt5pvA8f76FucQkOeHBQjdnaa3WLotEWowJc5f+DoMSu/CTc9LjzbjQjCTvW4pk9Zwrv2JNGQlzu4OIrGiqVkO9cwTZZMJwZ+5yXX8UNv1gaS+r7Rztr25nkBfLnhXyg7nGXUySr0HflEezRfzWZmXDrRwTF5O6wd6aJBusMUsZl7KG2UojMBhYcyqC+4mttTkFXxTQMwKmk6oZOmj3qmtn73dOzrbNPB4hnN/kJ0g==-----END CERTIFICATE-----Bag Attributes    friendlyName: CN=YUANLANGCHAO,OU=YUANLANGCHAO,O=YUAN,L=SHANGHAI,ST=SHANGHAI,C=CNsubject=/C=CN/ST=SHANGHAI/L=SHANGHAI/O=YUAN/OU=YUANLANGCHAO/CN=YUANLANGCHAOissuer=/C=CN/ST=SHANGHAI/L=SHANGHAI/O=YUAN_HOME/OU=YUAN/CN=YUAN_ROOTCA-----BEGIN CERTIFICATE-----MIIDrTCCApWgAwIBAgIEHC7zRzANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQGEwJDTjERMA8GA1UECBMIU0hBTkdIQUkxETAPBgNVBAcTCFNIQU5HSEFJMRIwEAYDVQQKDAlZVUFOX0hPTUUxDTALBgNVBAsTBFlVQU4xFDASBgNVBAMMC1lVQU5fUk9PVENBMB4XDTE1MDkyMDE5NDU1MFoXDTI1MDkxNzE5NDU1MFowcDELMAkGA1UEBhMCQ04xETAPBgNVBAgTCFNIQU5HSEFJMREwDwYDVQQHEwhTSEFOR0hBSTENMAsGA1UEChMEWVVBTjEVMBMGA1UECxMMWVVBTkxBTkdDSEFPMRUwEwYDVQQDEwxZVUFOTEFOR0NIQU8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCieng4vabG7lqylVzLgGUVaTReuVWNlur/s7jl2HRUchOtp2ItTqEM++ZxqMnh6KvzTglmYk6pxLDRBbDeH5Da6N+tw7awGm48VcCHjMJcGJIS007I2KvdumyOK8tNvCJ6BaM6SxkYHCfdTavZTy9FFl/2lS4IBvIXqMNQWc9J9mZ69VMU6WOqQKwwtkLDNMeinDRlclWNVGYha357evKG/wah+jYWFZyWrpUzzRBsuRdWFXaZOY7MvChnRCHrHm4U1ZI4O3eKNLH2XXxI5QhSnqdo7PH3bvPO0uDPaiqEXSZ2xxMAQdvkb5qxNz3Ew+obHHlZXjoT3suxEAcZQ1rDAgMBAAGjUzBRMB8GA1UdIwQYMBaAFKCyP52ihWWzOuLZvDLZ0K2duWv/MA8GA1UdEwQIMAYBAf8CAQMwHQYDVR0OBBYEFOXsCop9WI4STblAU98od4yZS95QMA0GCSqGSIb3DQEBCwUAA4IBAQAAWnxiwlJ2IqeHOeKxbPrwCMHiZrofjTfRW1EAaVYpObqNpzhMMl68gPoImxABz0DKusEoN3CHuK4KcQ/VRRKGgbDP5wBF4sfdZggn+zPE78W5GnajebE9+FD1v+I8h1LRrp967u2NhmB+uTrvbEZJsIj5Uzo7Pnc9u95gsUuntVHQ65pCy+RaAFbN8ostYuVJWa4jZHjlEnFCeJAHIO/GuvYGFPV/C7iHC5Kvoc3EYJJVhqoDra7EohtKPI+sh5oIplFn6dhY+eTsVDHNaRGN3zQKbB+78c5H8uZRXi1ziuywShxTaIi6FJ4UItzmRyGdyHKw8aCs5koPE837s+3J-----END CERTIFICATE-----

而下面这种命令提出的pem格式证书,保留了pkcs12中的证书。

[root@oracle openssl]# openssl pkcs12 -nokeys -clcerts  -in www.yuanlangchao.p12  -passin pass:yuanlangchao -out  www.yuanlangchao.com.pem_nochain.crtMAC verified OK[root@oracle openssl]# cat www.yuanlangchao.com.pem_nochain.crt Bag Attributes    friendlyName: server    localKeyID: 54 69 6D 65 20 31 34 34 32 39 35 34 37 32 30 39 33 38 subject=/C=cn/ST=shanghai/L=shanghai/O=YUAN/OU=YUANLANGCHAO/CN=www.yuanlangchao.comissuer=/C=CN/ST=SHANGHAI/L=SHANGHAI/O=YUAN/OU=YUANLANGCHAO/CN=YUANLANGCHAO-----BEGIN CERTIFICATE-----MIIDqDCCApCgAwIBAgIES2Au5zANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJDTjERMA8GA1UECBMIU0hBTkdIQUkxETAPBgNVBAcTCFNIQU5HSEFJMQ0wCwYDVQQKEwRZVUFOMRUwEwYDVQQLEwxZVUFOTEFOR0NIQU8xFTATBgNVBAMTDFlVQU5MQU5HQ0hBTzAeFw0xNTA5MjAyMDIyMjZaFw0yNTA5MTcyMDIyMjZaMHgxCzAJBgNVBAYTAmNuMREwDwYDVQQIEwhzaGFuZ2hhaTERMA8GA1UEBxMIc2hhbmdoYWkxDTALBgNVBAoTBFlVQU4xFTATBgNVBAsTDFlVQU5MQU5HQ0hBTzEdMBsGA1UEAxMUd3d3Lnl1YW5sYW5nY2hhby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCP8wEdwSQGo0sbwuG6gMBqwavRMBS1A0LpLoF4xl/2JcxYpU1KdDYmxMnCebnUwETRItdhQ1fQYXcV2JgjvioD02IzPZfeAxQqG9eRVfcCsS8p+L0Hs6cjRqi7DemkooRRmcJgiIoZLyz1IO2ggt8SpkvCy14Rnq5SiCGzDOQkmTwsrED4rqurOzBgVc5sMc1DugiUuRG0PUX97w1MMSdfzfmUpZpKDW40EiASzDCgaawvglVcKkC+UBZUnHIg/jHuLdOO5phIsUVSbnaYkHMiIeIrcG8wHAUMGmW57J4diXPhAz3pfPpHktx8pAbGCnkYucktrhWryYvnDKdR9zzVAgMBAAGjQjBAMB8GA1UdIwQYMBaAFOXsCop9WI4STblAU98od4yZS95QMB0GA1UdDgQWBBTt91vfyrevLVRndnHUm51jNT6AtzANBgkqhkiG9w0BAQsFAAOCAQEARyT6UsLiP+ZiRHAglRsXg+dZyj54+JhiZdKeoc5bXvNiwGD1pmZA/9XS73UNygXMaD01zPgWtZZz6vkHxg+QLZaUVsQTE0uSWZr7ADL+HJwVFt5pvA8f76FucQkOeHBQjdnaa3WLotEWowJc5f+DoMSu/CTc9LjzbjQjCTvW4pk9Zwrv2JNGQlzu4OIrGiqVkO9cwTZZMJwZ+5yXX8UNv1gaS+r7Rztr25nkBfLnhXyg7nGXUySr0HflEezRfzWZmXDrRwTF5O6wd6aJBusMUsZl7KG2UojMBhYcyqC+4mttTkFXxTQMwKmk6oZOmj3qmtn73dOzrbNPB4hnN/kJ0g==-----END CERTIFICATE-----

下面这种命令达到了将pkcs12转换为pem格式的效果。

[root@oracle openssl]# openssl pkcs12 -in www.yuanlangchao.p12 -passin pass:yuanlangchao -out www.yuanlangchao.com.pem -passout pass:yuanlangchaoMAC verified OK[root@oracle openssl]# cat www.yuanlangchao.com.pemBag Attributes    friendlyName: server    localKeyID: 54 69 6D 65 20 31 34 34 32 39 35 34 37 32 30 39 33 38 Key Attributes: <No Attributes>-----BEGIN ENCRYPTED PRIVATE KEY-----MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIu2pte4XBAXcCAggAMBQGCCqGSIb3DQMHBAiXELBgx1TNzwSCBMjKxpaTJG5JulQ5D6wjLbC/UXGgEHSIl/37Sz0luALk7UoGLmbpeZnWv+9yJ9Dzy7tEi9wwdhqq5abc/Ea+EJDneCocpQYtHfDQJumF6jJDO4O87VpTVlmJrsNXWEkLiSXkFWJhxJrnwwA3KuKA1UqBiVtEN/Q5/mw5w7Kgi3eqzdNh2uzkQyfP+bSMIMeELxLwweQfotLNixANyee1ZMDUVK+SymZUvmA7LDMQ0nijimslXm7QNIvkWsKTVSEKYXNUhO08jOsc9crJIziYq/C37blwTyQkMWx6ttz/dmhkR2TEaJShLo0CR+ut2CePJ3EGj8w/XdHA2QIAy1rEbIzmFM0l/iQnciG9xGwYcULV476XQ4S4BqKMq1e9/GSL56SB84kzMkH3KyO529rs2i8slrcfaqPoWaAOkCv81DpDu7zm+az/C+gh6URc5tsVwF5YsdTrPBLLBAZecOAXFuGGY/EH5A2hV790J5dmuiJpuWkl6GPAj2GCj9iy0cTGfLAIAROmbNrMSEZFTEZhlzXanVUn97Z20ENKtehu7PMfEng0EbdOP3fu/rzeYqGKAJN1HcOP7FXmUOaJiPvqMmAsi1sGzv9dL1DDXx4NQKEsG1LthM8I7Fh/NOMcoUXDYigAF+AK9iDlkjuT2321v7QmUdnPjv/0s18NF5DlxRHkTZewKRKomBpt8Ls0acyWdeqzQce6aEXPk8f1yA9OMecc3RXWlOwMePl9q7jDscqLwdttvs3nQjNqIKx6RgvZcRG8DZIBYluSdA9kAZ5eEWQoqGe7ZcjJOzG7G9sMBcgOVo4kdA0qt1/mXzbEqmn701feORy2Ft6SLQknEqZQVcp8GH37a+91830qX6oILaBZ445/tOb/NssZWx4tJITzsZorcXH/Z92Ey3so6tRL9v/8LdRccrZ6nlfPzAvcQVDig+9E5VXH3N6np45VTFKetyeK7EWlMZ+KXI9ZFyMQmJDNblOMwm+YqefjO7r+Li4EildSvqKIlTpe1pSSO50JRQm9l0un5liCgGezjUqx5911ZuBcyFLm95ogzqdRwvFXq8Eu6KCZO8buP2q/tkkQgfwHRuf3ATbH8CPquQKrnDdIqOC1hIFBoATSdRnarC96CYT4MIDlDF00fvjsZMkZoLhsUbripxQDL0PcD24OhbTv7poL6bAd0uA0SX5xcZVBtCQyxnh1qF25AjQKBa0cl+WXGEHlyEqZ2nlb9qYXGUewZzAYUOkiZkZMN0H37iCEOGkEuJ6HGU/MnWdNwRWmE2kKYNJiG7rRUSstz9WahonasYk70NFGW1mHcahZIQAnfPGVtpjO0lRD0Nl9PJNbtCmB4og5sP9jA+zo468ddztb3nVWITeGV7sPwjK9+Wl3Bj6I5iZcfjByeh38PlWbOTFfoVrGnV+77rzrByRSEs8nKFuBllh61LYM5zNuvc3FFmhXKQPAs2dbvFrMGJLxK4672vMe/oTqqst4JFfoS5r68zkWjpwYY6ZfdRx9voS4REzvOWGWNjarX+CcBNxboVy+a9dIf17geiZuaZaqAwEwjXn75TexHRdROaNNBhPGeH2UPzoB11/e/C/UOnD1uHUVKEO5RWRGTd+TEQDXTvTUyxSSMtp+sp8=-----END ENCRYPTED PRIVATE KEY-----Bag Attributes    friendlyName: server    localKeyID: 54 69 6D 65 20 31 34 34 32 39 35 34 37 32 30 39 33 38 subject=/C=cn/ST=shanghai/L=shanghai/O=YUAN/OU=YUANLANGCHAO/CN=www.yuanlangchao.comissuer=/C=CN/ST=SHANGHAI/L=SHANGHAI/O=YUAN/OU=YUANLANGCHAO/CN=YUANLANGCHAO-----BEGIN CERTIFICATE-----MIIDqDCCApCgAwIBAgIES2Au5zANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJDTjERMA8GA1UECBMIU0hBTkdIQUkxETAPBgNVBAcTCFNIQU5HSEFJMQ0wCwYDVQQKEwRZVUFOMRUwEwYDVQQLEwxZVUFOTEFOR0NIQU8xFTATBgNVBAMTDFlVQU5MQU5HQ0hBTzAeFw0xNTA5MjAyMDIyMjZaFw0yNTA5MTcyMDIyMjZaMHgxCzAJBgNVBAYTAmNuMREwDwYDVQQIEwhzaGFuZ2hhaTERMA8GA1UEBxMIc2hhbmdoYWkxDTALBgNVBAoTBFlVQU4xFTATBgNVBAsTDFlVQU5MQU5HQ0hBTzEdMBsGA1UEAxMUd3d3Lnl1YW5sYW5nY2hhby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCP8wEdwSQGo0sbwuG6gMBqwavRMBS1A0LpLoF4xl/2JcxYpU1KdDYmxMnCebnUwETRItdhQ1fQYXcV2JgjvioD02IzPZfeAxQqG9eRVfcCsS8p+L0Hs6cjRqi7DemkooRRmcJgiIoZLyz1IO2ggt8SpkvCy14Rnq5SiCGzDOQkmTwsrED4rqurOzBgVc5sMc1DugiUuRG0PUX97w1MMSdfzfmUpZpKDW40EiASzDCgaawvglVcKkC+UBZUnHIg/jHuLdOO5phIsUVSbnaYkHMiIeIrcG8wHAUMGmW57J4diXPhAz3pfPpHktx8pAbGCnkYucktrhWryYvnDKdR9zzVAgMBAAGjQjBAMB8GA1UdIwQYMBaAFOXsCop9WI4STblAU98od4yZS95QMB0GA1UdDgQWBBTt91vfyrevLVRndnHUm51jNT6AtzANBgkqhkiG9w0BAQsFAAOCAQEARyT6UsLiP+ZiRHAglRsXg+dZyj54+JhiZdKeoc5bXvNiwGD1pmZA/9XS73UNygXMaD01zPgWtZZz6vkHxg+QLZaUVsQTE0uSWZr7ADL+HJwVFt5pvA8f76FucQkOeHBQjdnaa3WLotEWowJc5f+DoMSu/CTc9LjzbjQjCTvW4pk9Zwrv2JNGQlzu4OIrGiqVkO9cwTZZMJwZ+5yXX8UNv1gaS+r7Rztr25nkBfLnhXyg7nGXUySr0HflEezRfzWZmXDrRwTF5O6wd6aJBusMUsZl7KG2UojMBhYcyqC+4mttTkFXxTQMwKmk6oZOmj3qmtn73dOzrbNPB4hnN/kJ0g==-----END CERTIFICATE-----Bag Attributes    friendlyName: CN=YUANLANGCHAO,OU=YUANLANGCHAO,O=YUAN,L=SHANGHAI,ST=SHANGHAI,C=CNsubject=/C=CN/ST=SHANGHAI/L=SHANGHAI/O=YUAN/OU=YUANLANGCHAO/CN=YUANLANGCHAOissuer=/C=CN/ST=SHANGHAI/L=SHANGHAI/O=YUAN_HOME/OU=YUAN/CN=YUAN_ROOTCA-----BEGIN CERTIFICATE-----MIIDrTCCApWgAwIBAgIEHC7zRzANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQGEwJDTjERMA8GA1UECBMIU0hBTkdIQUkxETAPBgNVBAcTCFNIQU5HSEFJMRIwEAYDVQQKDAlZVUFOX0hPTUUxDTALBgNVBAsTBFlVQU4xFDASBgNVBAMMC1lVQU5fUk9PVENBMB4XDTE1MDkyMDE5NDU1MFoXDTI1MDkxNzE5NDU1MFowcDELMAkGA1UEBhMCQ04xETAPBgNVBAgTCFNIQU5HSEFJMREwDwYDVQQHEwhTSEFOR0hBSTENMAsGA1UEChMEWVVBTjEVMBMGA1UECxMMWVVBTkxBTkdDSEFPMRUwEwYDVQQDEwxZVUFOTEFOR0NIQU8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCieng4vabG7lqylVzLgGUVaTReuVWNlur/s7jl2HRUchOtp2ItTqEM++ZxqMnh6KvzTglmYk6pxLDRBbDeH5Da6N+tw7awGm48VcCHjMJcGJIS007I2KvdumyOK8tNvCJ6BaM6SxkYHCfdTavZTy9FFl/2lS4IBvIXqMNQWc9J9mZ69VMU6WOqQKwwtkLDNMeinDRlclWNVGYha357evKG/wah+jYWFZyWrpUzzRBsuRdWFXaZOY7MvChnRCHrHm4U1ZI4O3eKNLH2XXxI5QhSnqdo7PH3bvPO0uDPaiqEXSZ2xxMAQdvkb5qxNz3Ew+obHHlZXjoT3suxEAcZQ1rDAgMBAAGjUzBRMB8GA1UdIwQYMBaAFKCyP52ihWWzOuLZvDLZ0K2duWv/MA8GA1UdEwQIMAYBAf8CAQMwHQYDVR0OBBYEFOXsCop9WI4STblAU98od4yZS95QMA0GCSqGSIb3DQEBCwUAA4IBAQAAWnxiwlJ2IqeHOeKxbPrwCMHiZrofjTfRW1EAaVYpObqNpzhMMl68gPoImxABz0DKusEoN3CHuK4KcQ/VRRKGgbDP5wBF4sfdZggn+zPE78W5GnajebE9+FD1v+I8h1LRrp967u2NhmB+uTrvbEZJsIj5Uzo7Pnc9u95gsUuntVHQ65pCy+RaAFbN8ostYuVJWa4jZHjlEnFCeJAHIO/GuvYGFPV/C7iHC5Kvoc3EYJJVhqoDra7EohtKPI+sh5oIplFn6dhY+eTsVDHNaRGN3zQKbB+78c5H8uZRXi1ziuywShxTaIi6FJ4UItzmRyGdyHKw8aCs5koPE837s+3J-----END CERTIFICATE-----

从pkcs12文件中提取私钥

有的时候我们需要单独使用到证书的私钥,下面使用openssl工具从www.yuanlangchao.p12中提取私钥。

[root@oracle openssl]# openssl pkcs12 -nodes -nocerts -in www.yuanlangchao.p12 -passin pass:yuanlangchao -out www.yuanlangchao.com.keyMAC verified OK[root@oracle openssl]# cat www.yuanlangchao.com.keyBag Attributes    friendlyName: server    localKeyID: 54 69 6D 65 20 31 34 34 32 39 35 34 37 32 30 39 33 38 Key Attributes: <No Attributes>-----BEGIN PRIVATE KEY-----MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCP8wEdwSQGo0sbwuG6gMBqwavRMBS1A0LpLoF4xl/2JcxYpU1KdDYmxMnCebnUwETRItdhQ1fQYXcV2JgjvioD02IzPZfeAxQqG9eRVfcCsS8p+L0Hs6cjRqi7DemkooRRmcJgiIoZLyz1IO2ggt8SpkvCy14Rnq5SiCGzDOQkmTwsrED4rqurOzBgVc5sMc1DugiUuRG0PUX97w1MMSdfzfmUpZpKDW40EiASzDCgaawvglVcKkC+UBZUnHIg/jHuLdOO5phIsUVSbnaYkHMiIeIrcG8wHAUMGmW57J4diXPhAz3pfPpHktx8pAbGCnkYucktrhWryYvnDKdR9zzVAgMBAAECggEAJpv9DqgBK66ctKN+u/FQqtGrbf5Bb5OiXLzWiThcAL9+ocAkjPXCmH9rxjez+jZfvuBjeHkBkqixsjBYDi4xQrltu2Sn2SpmPC0fkqHGEPjJN665tNkg2TtYgmNm6XuVlfVxx0aYE80td8oPMmAnyO7Fn0fAwWUYSJauw0GP56ivRgkouvMyalTmLQRN+ODfHyVbpIWdixfEwLh1xPjG3iZs2lzSUsCRfvTIL2uUcZvXzMv6OqcBZ6PmkzrbrLRLQHPg5IgswBPOQcqiqIhnbOJwElyr6FJx1TNFRMiyWbqB3z1UF00A0m34KVQ/HqHy0GsYrY38hU+kafV8YbgPuQKBgQD79LoPp/8BLgAUG/nAgvb+d+7UADUuRsdNT8Rwof/LcdDZfM98q7jj117/c1dDeqikryfcVDpJal98bXtKABD21r/OSxx00YZH97H1opBvhHfTSyE6Kqxs2wD/bKe3Rm/A58ZnnYbMhVzpUrLPYbpVS/yfmgb0rwDHQWNWRAYRrwKBgQCSQnvdxsT3oAxLoRgOiN1AN7QYj7hRDXAl7+OfHqo9ZAXgybi+0LUfgDsiqKoV8AKLlZ6doob2GFsACTAHE1Mea1u1ghtEwR01I51NRaXWKJMQDwxEw7+pyjSZAv63rUpKD4gcoUnrAdAzFFLnIh7G78BSQhYwsoHY3gYy3GtOuwKBgQCCz/rSKhzhleqAhk3TP6vRTp92/myeDC1p3GJXQCS4ke0nHf/z8Ixb7vPpmQ7TgBmS90WwxSJF/653wbfjIcms/q4zAxhRJn+bWeTRbYej/pjf4P/tXT6MfeA0vUsOgsl+1FdUcJsOEKe+lCs2NL0zj/InQycdXsb+rNpQbZzhDQKBgQCDSF36wdJHG0guEpmPYlaGr/leGpMtXcyOoPdF+raAiGmmTisgTCJn9igeghq5ukfulwxbHmnaOB5mt9h+YWA4a9FT6UckvdrDugYWODAVPTJUNc2jY7mEZFY2CjQtFsUaGTrpx/Sbl3MUhmerxDqwAsA0ldFpQLHAwfn6aVOAxQKBgQDwDvaend/5EexYS/TthmhSlW7wA+D/OevmFA6yKCoxVlZmuvbQjEy0quQILw2nhQspUVtcyDINUfJXX+Yz3blmAFoNGfh22YoweRpCfvRhN52KORYxFrcpSifRZ/lPtkebScOctzxTyNdqcec95xtYStiqfWCpPl7rh9p5CdMqcg==-----END PRIVATE KEY-----[root@oracle openssl]# openssl rsa -in www.yuanlangchao.com.key -out www.yuanlangchao.com.private.keywriting RSA key[root@oracle openssl]# cat www.yuanlangchao.com.private.key -----BEGIN RSA PRIVATE KEY-----MIIEpQIBAAKCAQEAj/MBHcEkBqNLG8LhuoDAasGr0TAUtQNC6S6BeMZf9iXMWKVNSnQ2JsTJwnm51MBE0SLXYUNX0GF3FdiYI74qA9NiMz2X3gMUKhvXkVX3ArEvKfi9B7OnI0aouw3ppKKEUZnCYIiKGS8s9SDtoILfEqZLwsteEZ6uUoghswzkJJk8LKxA+K6rqzswYFXObDHNQ7oIlLkRtD1F/e8NTDEnX835lKWaSg1uNBIgEswwoGmsL4JVXCpAvlAWVJxyIP4x7i3TjuaYSLFFUm52mJBzIiHiK3BvMBwFDBplueyeHYlz4QM96Xz6R5LcfKQGxgp5GLnJLa4Vq8mL5wynUfc81QIDAQABAoIBACab/Q6oASuunLSjfrvxUKrRq23+QW+Toly81ok4XAC/fqHAJIz1wph/a8Y3s/o2X77gY3h5AZKosbIwWA4uMUK5bbtkp9kqZjwtH5KhxhD4yTeuubTZINk7WIJjZul7lZX1ccdGmBPNLXfKDzJgJ8juxZ9HwMFlGEiWrsNBj+eor0YJKLrzMmpU5i0ETfjg3x8lW6SFnYsXxMC4dcT4xt4mbNpc0lLAkX70yC9rlHGb18zL+jqnAWej5pM626y0S0Bz4OSILMATzkHKoqiIZ2zicBJcq+hScdUzRUTIslm6gd89VBdNANJt+ClUPx6h8tBrGK2N/IVPpGn1fGG4D7kCgYEA+/S6D6f/AS4AFBv5wIL2/nfu1AA1LkbHTU/EcKH/y3HQ2XzPfKu449de/3NXQ3qopK8n3FQ6SWpffG17SgAQ9ta/zkscdNGGR/ex9aKQb4R300shOiqsbNsA/2ynt0ZvwOfGZ52GzIVc6VKyz2G6VUv8n5oG9K8Ax0FjVkQGEa8CgYEAkkJ73cbE96AMS6EYDojdQDe0GI+4UQ1wJe/jnx6qPWQF4Mm4vtC1H4A7IqiqFfACi5WenaKG9hhbAAkwBxNTHmtbtYIbRMEdNSOdTUWl1iiTEA8MRMO/qco0mQL+t61KSg+IHKFJ6wHQMxRS5yIexu/AUkIWMLKB2N4GMtxrTrsCgYEAgs/60ioc4ZXqgIZN0z+r0U6fdv5sngwtadxiV0AkuJHtJx3/8/CMW+7z6ZkO04AZkvdFsMUiRf+ud8G34yHJrP6uMwMYUSZ/m1nk0W2Ho/6Y3+D/7V0+jH3gNL1LDoLJftRXVHCbDhCnvpQrNjS9M4/yJ0MnHV7G/qzaUG2c4Q0CgYEAg0hd+sHSRxtILhKZj2JWhq/5XhqTLV3MjqD3Rfq2gIhppk4rIEwiZ/YoHoIaubpH7pcMWx5p2jgeZrfYfmFgOGvRU+lHJL3aw7oGFjgwFT0yVDXNo2O5hGRWNgo0LRbFGhk66cf0m5dzFIZnq8Q6sALANJXRaUCxwMH5+mlTgMUCgYEA8A72np3f+RHsWEv07YZoUpVu8APg/znr5hQOsigqMVZWZrr20IxMtKrkCC8Np4ULKVFbXMgyDVHyV1/mM925ZgBaDRn4dtmKMHkaQn70YTedijkWMRa3KUon0Wf5T7ZHm0nDnLc8U8jXanHnPecbWErYqn1gqT5e64faeQnTKnI=-----END RSA PRIVATE KEY-----

制作证书链证书文件

证书链文件实际上是所有有关的CA的集合,所以我们只需要将YUANLANGCHAO.p12导出不包含证书链、私钥的证书为pem格式,然后合并即可。

[root@oracle openssl]# openssl pkcs12  -nokeys -clcerts -in YUANLANGCHAO.p12 -passin pass:yuanlc123456 -out yuanlangchao.crtMAC verified OK[root@oracle openssl]# openssl pkcs12  -nokeys -clcerts -in YUANCA.p12 -passin pass:yuan123456 -out yuanca.crtMAC verified OK[root@oracle openssl]# cat yuanlangchao.crt yuanca.crt > yuan_bundle.crt[root@oracle openssl]# cat yuan_bundle.crt Bag Attributes    friendlyName: yuanlangchao    localKeyID: 54 69 6D 65 20 31 34 34 32 39 35 36 31 34 38 30 30 32 subject=/C=CN/ST=SHANGHAI/L=SHANGHAI/O=YUAN/OU=YUANLANGCHAO/CN=YUANLANGCHAOissuer=/C=CN/ST=SHANGHAI/L=SHANGHAI/O=YUAN_HOME/OU=YUAN/CN=YUAN_ROOTCA-----BEGIN CERTIFICATE-----MIIDrTCCApWgAwIBAgIEHC7zRzANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQGEwJDTjERMA8GA1UECBMIU0hBTkdIQUkxETAPBgNVBAcTCFNIQU5HSEFJMRIwEAYDVQQKDAlZVUFOX0hPTUUxDTALBgNVBAsTBFlVQU4xFDASBgNVBAMMC1lVQU5fUk9PVENBMB4XDTE1MDkyMDE5NDU1MFoXDTI1MDkxNzE5NDU1MFowcDELMAkGA1UEBhMCQ04xETAPBgNVBAgTCFNIQU5HSEFJMREwDwYDVQQHEwhTSEFOR0hBSTENMAsGA1UEChMEWVVBTjEVMBMGA1UECxMMWVVBTkxBTkdDSEFPMRUwEwYDVQQDEwxZVUFOTEFOR0NIQU8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCieng4vabG7lqylVzLgGUVaTReuVWNlur/s7jl2HRUchOtp2ItTqEM++ZxqMnh6KvzTglmYk6pxLDRBbDeH5Da6N+tw7awGm48VcCHjMJcGJIS007I2KvdumyOK8tNvCJ6BaM6SxkYHCfdTavZTy9FFl/2lS4IBvIXqMNQWc9J9mZ69VMU6WOqQKwwtkLDNMeinDRlclWNVGYha357evKG/wah+jYWFZyWrpUzzRBsuRdWFXaZOY7MvChnRCHrHm4U1ZI4O3eKNLH2XXxI5QhSnqdo7PH3bvPO0uDPaiqEXSZ2xxMAQdvkb5qxNz3Ew+obHHlZXjoT3suxEAcZQ1rDAgMBAAGjUzBRMB8GA1UdIwQYMBaAFKCyP52ihWWzOuLZvDLZ0K2duWv/MA8GA1UdEwQIMAYBAf8CAQMwHQYDVR0OBBYEFOXsCop9WI4STblAU98od4yZS95QMA0GCSqGSIb3DQEBCwUAA4IBAQAAWnxiwlJ2IqeHOeKxbPrwCMHiZrofjTfRW1EAaVYpObqNpzhMMl68gPoImxABz0DKusEoN3CHuK4KcQ/VRRKGgbDP5wBF4sfdZggn+zPE78W5GnajebE9+FD1v+I8h1LRrp967u2NhmB+uTrvbEZJsIj5Uzo7Pnc9u95gsUuntVHQ65pCy+RaAFbN8ostYuVJWa4jZHjlEnFCeJAHIO/GuvYGFPV/C7iHC5Kvoc3EYJJVhqoDra7EohtKPI+sh5oIplFn6dhY+eTsVDHNaRGN3zQKbB+78c5H8uZRXi1ziuywShxTaIi6FJ4UItzmRyGdyHKw8aCs5koPE837s+3J-----END CERTIFICATE-----Bag Attributes    friendlyName: yuan_rootca    localKeyID: 54 69 6D 65 20 31 34 34 32 39 35 35 39 39 31 38 39 33 subject=/C=CN/ST=SHANGHAI/L=SHANGHAI/O=YUAN_HOME/OU=YUAN/CN=YUAN_ROOTCAissuer=/C=CN/ST=SHANGHAI/L=SHANGHAI/O=YUAN_HOME/OU=YUAN/CN=YUAN_ROOTCA-----BEGIN CERTIFICATE-----MIIDdzCCAl+gAwIBAgIEHjF9GjANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQGEwJDTjERMA8GA1UECBMIU0hBTkdIQUkxETAPBgNVBAcTCFNIQU5HSEFJMRIwEAYDVQQKDAlZVUFOX0hPTUUxDTALBgNVBAsTBFlVQU4xFDASBgNVBAMMC1lVQU5fUk9PVENBMB4XDTE1MDkyMDE5MjIxMVoXDTI1MDkxNzE5MjIxMVowbDELMAkGA1UEBhMCQ04xETAPBgNVBAgTCFNIQU5HSEFJMREwDwYDVQQHEwhTSEFOR0hBSTESMBAGA1UECgwJWVVBTl9IT01FMQ0wCwYDVQQLEwRZVUFOMRQwEgYDVQQDDAtZVUFOX1JPT1RDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAISGfoPZ+GGVq67hdKXL+2WuVvKi6acv6haEzAvX4atBRCPQPM156Wc288LEAvniW+Re29xxdKjH2GLRvkQ0XMwtO7eNExOLbICD3ZorPSmOJiWfRj3V/mqKO53xAKPgr55ySxs9kDFBB1uYCEgWJd4qHBuzoi5rrBo0nCEVz4tbeT9lgkKxHsy/fR6pt2Pl5EkbuVCiJBlr0j38Uw9cu19+B2TKMibBNhh90ZmgW4WTAzNzqs+lENiZOGzEUl0OL5SH7UxKKpDDpqrRgC+6tjMMAXAkvN7LkP+7r7iX+B7myYjGYyeYCj/yY7F/Mm7o5McqyklmilvOwNNjbkhpsxUCAwEAAaMhMB8wHQYDVR0OBBYEFKCyP52ihWWzOuLZvDLZ0K2duWv/MA0GCSqGSIb3DQEBCwUAA4IBAQA65f6cqcv/S4Bg6WxY8lfUo9mNk+2NKeoC0h5qvgKf+45aJ0ygIbimkpvxgdabPyOlBK4nsrp+PA0j952G5DEzCmwyzhlxvGgcAMvTW7RlQbxiogiSW+LMh2LEAYVhitYEPyHe/fYA+31HbI7GMLzPa8vzAldcxCw44RL3K7MUUQ2drWcgwbKhkldovyBVzzGx+iVN4L4bDf/L1JumOLXN+NscH6kmeeeqavr6KLfyCZ46aca50UgRM1/HmQEso5BLKTmE39u4nGj109iehiJZ8so39rgQObkAO1W40Wbn7d7WfTKqxziK8TM2nDcPz76/p/guqspJXaqfl0OBTG4j-----END CERTIFICATE-----

模拟演练

在只有证书(未建立证书链)及私钥的情况下,如何制作出完整的pkcs12文件

笔者在实际的项目中遇到过此类情况:客户技术人员通过其他平台生成的认证请求 向Go Daddy CA机构申请了通配符域名SSL证书 比如 *.yuanlangchao.com
客户技术人员实际给的文件有以下5个,目的是要让证书可以在tomcat上应用。
这里写图片描述
由于当时笔者对keytool、openssl工具的使用,各证书格式的转换还不熟悉,就通过一些证书网站提供的在线转换工具提交了 crt 及 key 转换成了jks格式的证书,但转换过来的服务器证书因为证书链的问题导致部分浏览器及移动设备无法正常访问。当时迫于研究的时间有限,最后的处理方式是使用tomcat扩展的native包调用openssl通过分开指定 证书、私钥、证书链文件 来达到效果(下篇文章中将详细介绍这种方法)。

先来讲讲如何利用上图中的5个文件来制作出完整的pkcs12文件:(笔者为了方便演示,对后面两个文件重命名了)其实你会发现 没有证书链的证书 _.yuanlangchaochao.crt跟CA返回的 第一个证书文件5bc06******.crt是一样的。也就是说真正可能有用的文件只有下面4个。
其中 gd_bundle-g2-g1.crt、gdig2.crt是ca的证书文件,也就是证书链文件, gd_bundle-g2-g1.crt是包含了g2证书文件的,也就是说真正有用的文件只有3个了;
_.yuanlangchao.key是私钥。
要生成有效完整的pkcs12文件,就必须充分利用这三个文件:
_.yuanlangchao.key
_.yuanlangchao.crt
gd_bundle-g2-g1.crt
这三个文件对应篇中的文件便是:
www.yuanlangchao.com.private.key
www.yuanlangchao.com.pem_nochain.crt
yuan_bundle.crt
具体操作

//  先将上述三个文件合成类openssl可识别的pem格式的文件[root@oracle openssl]# cat www.yuanlangchao.com.private.key  www.yuanlangchao.com.pem_nochain.crt  yuan_bundle.crt > wwww.yuanlangchao.com.pem//  通过不规范的pem格式的文件 导出规范的pkcs12格式的文件,这是openssl工具的强大之处[root@oracle openssl]# openssl pkcs12 -export -in www.yuanlangchao.com.pem -passin pass:yuanlangchao -out www.yuanlangchao.com.p12 -passout pass:yuanlangchao//  最后我们看到的www.yuanlangchao.com.p12文件[root@oracle openssl]# keytool -list -rfc -keystore www.yuanlangchao.com.p12 -storepass yuanlangchaoKeystore type: JKSKeystore provider: SUNYour keystore contains 1 entryAlias name: 1Creation date: Sep 22, 2015Entry type: PrivateKeyEntryCertificate chain length: 2Certificate[1]:-----BEGIN CERTIFICATE-----MIIDqDCCApCgAwIBAgIES2Au5zANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJDTjERMA8GA1UECBMIU0hBTkdIQUkxETAPBgNVBAcTCFNIQU5HSEFJMQ0wCwYDVQQKEwRZVUFOMRUwEwYDVQQLEwxZVUFOTEFOR0NIQU8xFTATBgNVBAMTDFlVQU5MQU5HQ0hBTzAeFw0xNTA5MjAyMDIyMjZaFw0yNTA5MTcyMDIyMjZaMHgxCzAJBgNVBAYTAmNuMREwDwYDVQQIEwhzaGFuZ2hhaTERMA8GA1UEBxMIc2hhbmdoYWkxDTALBgNVBAoTBFlVQU4xFTATBgNVBAsTDFlVQU5MQU5HQ0hBTzEdMBsGA1UEAxMUd3d3Lnl1YW5sYW5nY2hhby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCP8wEdwSQGo0sbwuG6gMBqwavRMBS1A0LpLoF4xl/2JcxYpU1KdDYmxMnCebnUwETRItdhQ1fQYXcV2JgjvioD02IzPZfeAxQqG9eRVfcCsS8p+L0Hs6cjRqi7DemkooRRmcJgiIoZLyz1IO2ggt8SpkvCy14Rnq5SiCGzDOQkmTwsrED4rqurOzBgVc5sMc1DugiUuRG0PUX97w1MMSdfzfmUpZpKDW40EiASzDCgaawvglVcKkC+UBZUnHIg/jHuLdOO5phIsUVSbnaYkHMiIeIrcG8wHAUMGmW57J4diXPhAz3pfPpHktx8pAbGCnkYucktrhWryYvnDKdR9zzVAgMBAAGjQjBAMB8GA1UdIwQYMBaAFOXsCop9WI4STblAU98od4yZS95QMB0GA1UdDgQWBBTt91vfyrevLVRndnHUm51jNT6AtzANBgkqhkiG9w0BAQsFAAOCAQEARyT6UsLiP+ZiRHAglRsXg+dZyj54+JhiZdKeoc5bXvNiwGD1pmZA/9XS73UNygXMaD01zPgWtZZz6vkHxg+QLZaUVsQTE0uSWZr7ADL+HJwVFt5pvA8f76FucQkOeHBQjdnaa3WLotEWowJc5f+DoMSu/CTc9LjzbjQjCTvW4pk9Zwrv2JNGQlzu4OIrGiqVkO9cwTZZMJwZ+5yXX8UNv1gaS+r7Rztr25nkBfLnhXyg7nGXUySr0HflEezRfzWZmXDrRwTF5O6wd6aJBusMUsZl7KG2UojMBhYcyqC+4mttTkFXxTQMwKmk6oZOmj3qmtn73dOzrbNPB4hnN/kJ0g==-----END CERTIFICATE-----Certificate[2]:-----BEGIN CERTIFICATE-----MIIDrTCCApWgAwIBAgIEHC7zRzANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQGEwJDTjERMA8GA1UECBMIU0hBTkdIQUkxETAPBgNVBAcTCFNIQU5HSEFJMRIwEAYDVQQKDAlZVUFOX0hPTUUxDTALBgNVBAsTBFlVQU4xFDASBgNVBAMMC1lVQU5fUk9PVENBMB4XDTE1MDkyMDE5NDU1MFoXDTI1MDkxNzE5NDU1MFowcDELMAkGA1UEBhMCQ04xETAPBgNVBAgTCFNIQU5HSEFJMREwDwYDVQQHEwhTSEFOR0hBSTENMAsGA1UEChMEWVVBTjEVMBMGA1UECxMMWVVBTkxBTkdDSEFPMRUwEwYDVQQDEwxZVUFOTEFOR0NIQU8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCieng4vabG7lqylVzLgGUVaTReuVWNlur/s7jl2HRUchOtp2ItTqEM++ZxqMnh6KvzTglmYk6pxLDRBbDeH5Da6N+tw7awGm48VcCHjMJcGJIS007I2KvdumyOK8tNvCJ6BaM6SxkYHCfdTavZTy9FFl/2lS4IBvIXqMNQWc9J9mZ69VMU6WOqQKwwtkLDNMeinDRlclWNVGYha357evKG/wah+jYWFZyWrpUzzRBsuRdWFXaZOY7MvChnRCHrHm4U1ZI4O3eKNLH2XXxI5QhSnqdo7PH3bvPO0uDPaiqEXSZ2xxMAQdvkb5qxNz3Ew+obHHlZXjoT3suxEAcZQ1rDAgMBAAGjUzBRMB8GA1UdIwQYMBaAFKCyP52ihWWzOuLZvDLZ0K2duWv/MA8GA1UdEwQIMAYBAf8CAQMwHQYDVR0OBBYEFOXsCop9WI4STblAU98od4yZS95QMA0GCSqGSIb3DQEBCwUAA4IBAQAAWnxiwlJ2IqeHOeKxbPrwCMHiZrofjTfRW1EAaVYpObqNpzhMMl68gPoImxABz0DKusEoN3CHuK4KcQ/VRRKGgbDP5wBF4sfdZggn+zPE78W5GnajebE9+FD1v+I8h1LRrp967u2NhmB+uTrvbEZJsIj5Uzo7Pnc9u95gsUuntVHQ65pCy+RaAFbN8ostYuVJWa4jZHjlEnFCeJAHIO/GuvYGFPV/C7iHC5Kvoc3EYJJVhqoDra7EohtKPI+sh5oIplFn6dhY+eTsVDHNaRGN3zQKbB+78c5H8uZRXi1ziuywShxTaIi6FJ4UItzmRyGdyHKw8aCs5koPE837s+3J-----END CERTIFICATE-----**************************************************************************************

这样一个可用的www.yuanlangchao.com.p12文件就被制作出来了。

0 0
知商金融安全吗 知商金融安全吗
原创粉丝点击
热门IT博客
蓝牙适配器csr4.0 mac蓝牙适配器csr4.0 mac
浙江自考网络助学平台浙江自考网络助学平台
蜂窝数据网络怎么设置
ubuntu vim离线安装包
华扬资本长期动态优化
中广电网络机顶盒
c语言调用函数大全
o2o系统源码平台
兰州新区知豆租赁中心
java ee 在线拍卖系统
网络钳使用方法
单片机和软件编程方式
融华财富网络借贷
baidu软件器
电脑qq炫舞开挂软件
json解析listview展示
徐州华道数据要加班吗
网络认证系统
淘宝商城女装新款冬装
导入到mac的照片在哪里
热门问题 老师的惩罚 人脸识别 我在镇武司摸鱼那些年 重生之率土为王 我在大康的咸鱼生活 盘龙之生命进化 天生仙种 凡人之先天五行 春回大明朝 姑娘不必设防,我是瞎子 新娘妆定妆液 什么散粉定妆效果好 定妆用散粉还是粉饼 粉饼怎么定妆 婚纱照定妆液 华胥引定妆照 粉饼可以定妆吗 什么定妆液好用 定妆散粉好还是粉饼好 定妆用粉饼好还是散粉好 贝玲妃定妆液 定妆液什么时候用 妆前乳可以定妆吗 粉饼能定妆吗 孕妇可以用定妆液吗 公主嫁到定妆照 什么是定妆照 定妆蜜粉怎么用 什么样的定妆液好 定妆散粉和粉饼的区别 粉饼是定妆的吗 定妆用散粉还是粉饼好 定妆粉饼哪个牌子好 定妆是什么意思 定妆粉饼怎么用 安瓶和定妆液的区别 定妆粉怎么用 什么样的定妆粉好用 哪种定妆粉好用 悦诗风吟定妆粉 哪个定妆粉好用 植村秀定妆粉 散粉和定妆粉 矿物质定妆粉 定妆粉哪个好用 定妆粉哪个好 定妆粉价格 散粉是定妆粉吗 定妆粉怎样用 蜜粉和定妆粉的区别 定妆粉好还是粉饼好

程序博客网,程序员的互联网技术博客家园。csdn论坛精品 msdn技术资料都在这里