最近项目上有关于同时生产openssl和keystore证书的需求。于是简单的了解了一下。以下是生成证书步骤:
生成ca证书认证中心的公钥证书和私钥1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 [root@localcert]# opensslreq-newkeyrsa:2048-x509-keyoutca.key-outca.crt Generatinga2048bitRSAprivatekey ....................................................+++ ........................+++ writingnewprivatekeyto'ca.key' EnterPEMpassphrase:输入CA密码 Verifying-EnterPEMpassphrase:再次输入CA密码 ----- Youareabouttobeaskedtoenterinformationthatwillbeincorporated intoyourcertificaterequest. WhatyouareabouttoenteriswhatiscalledaDistinguishedNameoraDN. Therearequiteafewfieldsbutyoucanleavesomeblank Forsomefieldstherewillbeadefaultvalue, Ifyouenter'.',thefieldwillbeleftblank. ----- CountryName(2lettercode)[XX]:CN StateorProvinceName(fullname)[]:BeiJing LocalityName(eg,city)[DefaultCity]:BeiJing OrganizationName(eg,company)[DefaultCompanyLtd]:BankOfMobile OrganizationalUnitName(eg,section)[]:Inc CommonName(eg,yournameoryourserver\'shostname)[]:BankOfCA EmailAddress[]:394806487@qq.com
生成keystore文件1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 [root@localcert]# keytool-genkey-aliasbank_server-validity3650-keyalgRSA -keysize2048-keypass123456-storepass123456-keystoreserver_keystore 您的名字与姓氏是什么? [Unknown]:liu.weihua 您的组织单位名称是什么? [Unknown]:BankOfMobile 您的组织名称是什么? [Unknown]:Inc 您所在的城市或区域名称是什么? [Unknown]:BeiJing 您所在的省/市/自治区名称是什么? [Unknown]:BeiJing 该单位的双字母国家/地区代码是什么? [Unknown]:CN CN=liu.weihua,OU=BankOfMobile,O=Inc,L=BeiJing,ST=BeiJing,C=CN是否正确? [否]:是