一、生成一个含有一个私钥的keystore文件
user@ae01:~$ keytool -genkey -keystore keystore -alias jetty-azkaban -keyalg RSA
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: azkaban
What is the name of your organizational unit?
[Unknown]: Jetty
What is the name of your organization?
[Unknown]: Aug
What is the name of your City or Locality?
[Unknown]: SH
What is the name of your State or Province?
[Unknown]: SH
What is the two-letter country code for this unit?
[Unknown]:
Is CN=azkaban, OU=Jetty, O=Aug, L=SH, ST=SH, C= correct?
[no]: yes
Enter key password for <jetty-azkaban2>
(RETURN if same as keystore password):
二、验证生成的keystore文件
keytool -list -v -keystore keystore.jks
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN Your keystore contains entry Alias name: jetty-azkaban
Creation date: Jul ,
Entry type: PrivateKeyEntry
Certificate chain length:
Certificate[]:
Owner: CN=azkaban, OU=Jetty, O=Aug, L=SH, ST=SH, C=
Issuer: CN=azkaban, OU=Jetty, O=Aug, L=SH, ST=SH, C=
Serial number: 5f84c457
Valid from: Wed Jul :: CST until: Tue Oct :: CST
Certificate fingerprints:
MD5: 2F:D3:D9::0E:DD:B5:CD::E0:5F:C0:C5:::FD
SHA1: FD:0B:B4:::CE:7A:::DF::2A:A0:2A::A5:AE:AE::
SHA256: D5:EE::BF:E6::FC:4E:B3:B4:CD:8B::1D:D1::D0:CD::D8:::F8:9D:D9:5E::E1:AA:FB::CB
Signature algorithm name: SHA256withRSA
Version: Extensions: #: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
: B5 F0 F5 D4 9E 4C D4 B0 ..&.....L(.(..!.
: 6E A7 1E E0 n...
]
] *******************************************
*******************************************
三、导出凭证文件
user@ae01:~$ keytool -export -alias jetty-azkaban -keystore keystore.jks -rfc -file selfsignedcert.cer
Enter keystore password:
生成的cer文件内容如下:
user@ae01:~$ cat selfsignedcert.cer
-----BEGIN CERTIFICATE-----
MIIDTTCCAjWgAwIBAgIEX4TEVzANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwI4NjELMAkGA1UE
CBMCU0gxCzAJBgNVBAcTAlNIMQwwCgYDVQQKEwNBdWcxDjAMBgNVBAsTBUpldHR5MRAwDgYDVQQD
EwdhemthYmFuMB4XDTE0MDcwOTA3MDk0MVoXDTE0MTAwNzA3MDk0MVowVzELMAkGA1UEBhMCODYx
CzAJBgNVBAgTAlNIMQswCQYDVQQHEwJTSDEMMAoGA1UEChMDQXVnMQ4wDAYDVQQLEwVKZXR0eTEQ
MA4GA1UEAxMHYXprYWJhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALtFxXjvwjfM
W10cs1f35eeswYGKghZXcIbUmGY1SiWhwsw0ZgajTPf9sXCK6wMkN83XO1JOE2x3g3BVdN51CMZ6
XvEr5cvjOn15t3vUIsWJoBi1Bk2D25fDS3GDVr8qF/ghOMcQXo+Ut6vLMVTrrNzbs7ifB6UNiPMP
gSfGJwrfoEL9cSTCmsXq4Dx1HxEcgd4+KxOgbKPHx9Q4Iv6+HV091IWGdIElmUxaWgasD7mArdmi
DvLd7kQzWWXiky0RVde/LX0Z4zH9RVtuuN7dvK433gnBIYZJeOzoo3J2gIepzwmBl3q2HHNMfDhu
paGsKYYx5vAtzSAFQmATeRf8b2kCAwEAAaMhMB8wHQYDVR0OBBYEFLWXJpXw9dSeTCiEKNSwIZBu
px7gMA0GCSqGSIb3DQEBCwUAA4IBAQCAnuL1Wkfx+bPSyPPlqysMcjTc1pvv8hDU+8V4BV1u5f/v
+etJ4gIdv9d6f4phkvBtoxEgQIq1VqONhdJrWL+J0h4W05Cy0AR/tkLA19VjhkIQvh7ZFBfJ6G/K
7JbmH0/f1oplrkQ9jMUdji7gE8OINNRynJGdgH9xd8Mm1I6+IBjUVUY7jKoVxKzkwJaH06fKUTp3
oPqmfyW7ZekzvVXQhqADEpsmZ6Hd30dmzJWkI2lwbsQNE9vf3dG7qKLDeWi78A7KZc3qtBvDUmyh
eztUpmAM/PCoO+vmCgZALkaQ1sTWORqQOsylSBY2ZDul0si+rI0nZ9Y6dTxhgFxe9QoB
-----END CERTIFICATE-----
四、导入认凭证件cer文件到truststore文件
user@ae01:~$ keytool -import -alias certificatekey -file selfsignedcert.cer -keystore truststore.jks
Enter keystore password:
查看生成的truststore文件
user@ae01:~$ keytool -list -v -keystore truststore.jks
Enter keystore password: Keystore type: JKS
Keystore provider: SUN Your keystore contains entry Alias name: jetty-azkaban
Creation date: Jul ,
Entry type: trustedCertEntry Owner: CN=azkaban, OU=Jetty, O=Aug, L=SH, ST=SH, C=
Issuer: CN=azkaban, OU=Jetty, O=Aug, L=SH, ST=SH, C=
Serial number: 5f84c457
Valid from: Wed Jul :: CST until: Tue Oct :: CST
Certificate fingerprints:
MD5: 2F:D3:D9::0E:DD:B5:CD::E0:5F:C0:C5:::FD
SHA1: FD:0B:B4:::CE:7A:::DF::2A:A0:2A::A5:AE:AE::
SHA256: D5:EE::BF:E6::FC:4E:B3:B4:CD:8B::1D:D1::D0:CD::D8:::F8:9D:D9:5E::E1:AA:FB::CB
Signature algorithm name: SHA256withRSA
Version: Extensions: #: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
: B5 F0 F5 D4 9E 4C D4 B0 ..&.....L(.(..!.
: 6E A7 1E E0 n...
]
] *******************************************
*******************************************