一、生成一个含有一个私钥的keystore文件
user@ae01:~$ keytool -genkey -keystore keystore -alias jetty-azkaban -keyalg RSA Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: azkaban What is the name of your organizational unit? [Unknown]: Jetty What is the name of your organization? [Unknown]: Aug What is the name of your City or Locality? [Unknown]: SH What is the name of your State or Province? [Unknown]: SH What is the two-letter country code for this unit? [Unknown]: 86 Is CN=azkaban, OU=Jetty, O=Aug, L=SH, ST=SH, C=86 correct? [no]: yes Enter key password for <jetty-azkaban2> (RETURN if same as keystore password):
二、验证生成的keystore文件
keytool -list -v -keystore keystore.jks
Enter keystore password:
Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry Alias name: jetty-azkaban Creation date: Jul 9, 2014 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=azkaban, OU=Jetty, O=Aug, L=SH, ST=SH, C=86 Issuer: CN=azkaban, OU=Jetty, O=Aug, L=SH, ST=SH, C=86 Serial number: 5f84c457 Valid from: Wed Jul 09 15:09:41 CST 2014 until: Tue Oct 07 15:09:41 CST 2014 Certificate fingerprints: MD5: 2F:D3:D9:61:0E:DD:B5:CD:96:E0:5F:C0:C5:87:54:FD SHA1: FD:0B:B4:57:37:CE:7A:40:02:DF:43:2A:A0:2A:70:A5:AE:AE:45:51 SHA256: D5:EE:99:BF:E6:31:FC:4E:B3:B4:CD:8B:07:1D:D1:44:D0:CD:91:D8:83:15:F8:9D:D9:5E:41:E1:AA:FB:45:CB Signature algorithm name: SHA256withRSA Version: 3 Extensions: #1: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: B5 97 26 95 F0 F5 D4 9E 4C 28 84 28 D4 B0 21 90 ..&.....L(.(..!. 0010: 6E A7 1E E0 n... ] ] ******************************************* *******************************************
三、导出凭证文件
user@ae01:~$ keytool -export -alias jetty-azkaban -keystore keystore.jks -rfc -file selfsignedcert.cer Enter keystore password:
生成的cer文件内容如下:
user@ae01:~$ cat selfsignedcert.cer -----BEGIN CERTIFICATE----- MIIDTTCCAjWgAwIBAgIEX4TEVzANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwI4NjELMAkGA1UE CBMCU0gxCzAJBgNVBAcTAlNIMQwwCgYDVQQKEwNBdWcxDjAMBgNVBAsTBUpldHR5MRAwDgYDVQQD EwdhemthYmFuMB4XDTE0MDcwOTA3MDk0MVoXDTE0MTAwNzA3MDk0MVowVzELMAkGA1UEBhMCODYx CzAJBgNVBAgTAlNIMQswCQYDVQQHEwJTSDEMMAoGA1UEChMDQXVnMQ4wDAYDVQQLEwVKZXR0eTEQ MA4GA1UEAxMHYXprYWJhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALtFxXjvwjfM W10cs1f35eeswYGKghZXcIbUmGY1SiWhwsw0ZgajTPf9sXCK6wMkN83XO1JOE2x3g3BVdN51CMZ6 XvEr5cvjOn15t3vUIsWJoBi1Bk2D25fDS3GDVr8qF/ghOMcQXo+Ut6vLMVTrrNzbs7ifB6UNiPMP gSfGJwrfoEL9cSTCmsXq4Dx1HxEcgd4+KxOgbKPHx9Q4Iv6+HV091IWGdIElmUxaWgasD7mArdmi DvLd7kQzWWXiky0RVde/LX0Z4zH9RVtuuN7dvK433gnBIYZJeOzoo3J2gIepzwmBl3q2HHNMfDhu paGsKYYx5vAtzSAFQmATeRf8b2kCAwEAAaMhMB8wHQYDVR0OBBYEFLWXJpXw9dSeTCiEKNSwIZBu px7gMA0GCSqGSIb3DQEBCwUAA4IBAQCAnuL1Wkfx+bPSyPPlqysMcjTc1pvv8hDU+8V4BV1u5f/v +etJ4gIdv9d6f4phkvBtoxEgQIq1VqONhdJrWL+J0h4W05Cy0AR/tkLA19VjhkIQvh7ZFBfJ6G/K 7JbmH0/f1oplrkQ9jMUdji7gE8OINNRynJGdgH9xd8Mm1I6+IBjUVUY7jKoVxKzkwJaH06fKUTp3 oPqmfyW7ZekzvVXQhqADEpsmZ6Hd30dmzJWkI2lwbsQNE9vf3dG7qKLDeWi78A7KZc3qtBvDUmyh eztUpmAM/PCoO+vmCgZALkaQ1sTWORqQOsylSBY2ZDul0si+rI0nZ9Y6dTxhgFxe9QoB -----END CERTIFICATE-----
四、导入认凭证件cer文件到truststore文件
user@ae01:~$ keytool -import -alias certificatekey -file selfsignedcert.cer -keystore truststore.jks Enter keystore password:
查看生成的truststore文件
user@ae01:~$ keytool -list -v -keystore truststore.jks Enter keystore password: Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry Alias name: jetty-azkaban Creation date: Jul 9, 2014 Entry type: trustedCertEntry Owner: CN=azkaban, OU=Jetty, O=Aug, L=SH, ST=SH, C=86 Issuer: CN=azkaban, OU=Jetty, O=Aug, L=SH, ST=SH, C=86 Serial number: 5f84c457 Valid from: Wed Jul 09 15:09:41 CST 2014 until: Tue Oct 07 15:09:41 CST 2014 Certificate fingerprints: MD5: 2F:D3:D9:61:0E:DD:B5:CD:96:E0:5F:C0:C5:87:54:FD SHA1: FD:0B:B4:57:37:CE:7A:40:02:DF:43:2A:A0:2A:70:A5:AE:AE:45:51 SHA256: D5:EE:99:BF:E6:31:FC:4E:B3:B4:CD:8B:07:1D:D1:44:D0:CD:91:D8:83:15:F8:9D:D9:5E:41:E1:AA:FB:45:CB Signature algorithm name: SHA256withRSA Version: 3 Extensions: #1: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: B5 97 26 95 F0 F5 D4 9E 4C 28 84 28 D4 B0 21 90 ..&.....L(.(..!. 0010: 6E A7 1E E0 n... ] ] ******************************************* *******************************************