使用ＯpenSSL生成cert证书并在程序中读取其公钥与证书信息

通常在Linux中命令行生成证书方便一些。一般ubuntu系统都装有OpenSSL，可使用命令openssl verson查看

wangyetao@wangyetao-Lenovo-G510:~$ openssl version
OpenSSL 1.1.1f  31 Mar 2020

1.ＯpenSSL选用des3加密算法生成私钥文件(命令行会提示输入自定义私钥密码,私钥密码须妥善保管)

openssl genrsa -des3 -out private-rsa.key 1024

生成的私钥样例为： 

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,8880532B9948C522

kaj7apUCfMkDLGFEHWfmqSNv923f8CKMKDs9GWT19E5x/tx0VwN+ozsNezljTDlc
rKs0gjv7yYfx4kAW1VCk6MNRxjiPbmiRk+Au3i91OX9aZjPlI2qH5nXD8fz+DH1o
+b+JMQI1xKAn2TMIFbtkxplsySeA/C2Z51zL4MXPGbn2Mj8Pmel/xUp5rOX80iNi
IibiwgVEI67roPZ9h81LcAq1+zOHbxvYo4/vY0ixUtLyHKGWbOUqoJEu2Wpi1/YH
1e5lvGecmPyu0CO7Zpe2y9t3GkENyc+O8xD/BOK72aYyJsgYIvhSmpUbIigxH+Xl
k79bM/E7MTcTMg9NbrmXB6Sx4vze3rvE4FiGEa3ND//7BxNAsR6wmPa8KAWGZ0VH
N74l7nP0KfbKUpzhPK8NSLnoYvW+uiO6md4Al3EIHAuQ6PH2wJlitbNVkeGZc78n
Z+vBfxPPAWWWy7fzj/8szn/ZySIvbygd5ifx6RmgahSiy+WU3VP19kAlaAhx2Ahv
CixjgyTK3hU8EeSRb1shMrIaKfD61c5W+zFkZpCrqH5y/LCUIJ5Z4gN5ylBkXXph
ydSGW5qU8COX4SDa2gwfz/i4syke1EUdrBbe4nFFg2hrt2ZKD2ADgjhUvdwP7Bnw
Wn6CHLlUdL6yBMAG2/mhtpnOjAcZENHhMxAvQX0mL7CALtDcVUHGk6vSo9C29Qkn
SW0paLtIrSUfHXs+Vt44DqQUo1TKIo67OhTFVH+SJQS0Vg2LiVKNgbM94XN4IGWi
gpoVo5zInQ5RY51pEs4Ce4KsAfyNhvCKh2++DUPcN+lc0IZomqWbbg==
-----END RSA PRIVATE KEY-----

2.ＯpenSSL用私钥文件生成cert证书文件(命令行会提示输入自定义证书各项子项信息)

openssl req -new -x509 -key private-rsa.key -days 750 -out public-rsa.cer

生成的证书文件样例为： 

-----BEGIN CERTIFICATE-----
MIIC7jCCAlegAwIBAgIUZxa+7uhVP5KdFBtOowe8wXhDbmkwDQYJKoZIhvcNAQEL
BQAwgYgxCzAJBgNVBAYTAmRnMQswCQYDVQQIDAJnZDERMA8GA1UEBwwIZG9uZ2d1
YW4xDzANBgNVBAoMBmdvbmdzaTELMAkGA1UECwwCaXQxEjAQBgNVBAMMCXdhbmd5
ZXRhbzEnMCUGCSqGSIb3DQEJARYYd2FuZ3lldGFvX2JpbmFyeUAxMjYuY29tMB4X
DTIxMDgyNDExMDE0OVoXDTIzMDkxMzExMDE0OVowgYgxCzAJBgNVBAYTAmRnMQsw
CQYDVQQIDAJnZDERMA8GA1UEBwwIZG9uZ2d1YW4xDzANBgNVBAoMBmdvbmdzaTEL
MAkGA1UECwwCaXQxEjAQBgNVBAMMCXdhbmd5ZXRhbzEnMCUGCSqGSIb3DQEJARYY
d2FuZ3lldGFvX2JpbmFyeUAxMjYuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
iQKBgQC69Eju7YZDhy4G1z7n4tDnH7ZaHoXXlorhuu4216oxppzoD+VwTy2FKP/G
ErrmIRp3IysuIGGUF9VH8y3TZFRDbnFVAknSjCA8q/01fkzIwnVhqRr0/+tjx2/p
9+p0y3o9NSs66qgVmWfs0Z6SIrgzRKHCYr2dj2wU6sHrYoVvCQIDAQABo1MwUTAd
BgNVHQ4EFgQU8cvsGm5bzOWMhCawsiK4QvSUWuowHwYDVR0jBBgwFoAU8cvsGm5b
zOWMhCawsiK4QvSUWuowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOB
gQCE6EN5KE8RD4rpOPLP/0HogsHS4rukQhs0EGvcLYRqs73RYzbzEhPa0Tc/wu74
Kiag+wm9kFts4B6VVQuw6f6oNtGzLR2vHRpQEJ2CpGL82CdoCnBmd+R2nSBEzB/9
H5ZvI5jn7Bqri13qU1PTktDCgt1LkPPxOqP0x4oGHJqQWQ==
-----END CERTIFICATE-----

命令行完整记录：

wangyetao@wangyetao-Lenovo-G510:~/IdeaProjects/certest$ openssl version
OpenSSL 1.1.1f  31 Mar 2020
wangyetao@wangyetao-Lenovo-G510:~/IdeaProjects/certest$ openssl genrsa -des3 -out private-rsa.key 1024
Generating RSA private key, 1024 bit long modulus (2 primes)
..........................+++++
...........+++++
e is 65537 (0x010001)
Enter pass phrase for private-rsa.key:
Verifying - Enter pass phrase for private-rsa.key:
wangyetao@wangyetao-Lenovo-G510:~/IdeaProjects/certest$ l
private-rsa.key
wangyetao@wangyetao-Lenovo-G510:~/IdeaProjects/certest$ openssl req -new -x509 -key private-rsa.key -days 750 -out public-rsa.cer
Enter pass phrase for private-rsa.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:dg
State or Province Name (full name) [Some-State]:gd
Locality Name (eg, city) []:dongguan
Organization Name (eg, company) [Internet Widgits Pty Ltd]:gongsi
Organizational Unit Name (eg, section) []:it
Common Name (e.g. server FQDN or YOUR name) []:wangyetao
Email Address []:[email protected]
wangyetao@wangyetao-Lenovo-G510:~/IdeaProjects/certest$ 
wangyetao@wangyetao-Lenovo-G510:~/IdeaProjects/certest$ l
commandslog.txt  private-rsa.key  public-rsa.cer
wangyetao@wangyetao-Lenovo-G510:~/IdeaProjects/certest$ 

目录下会生成两个文件：

private-rsa.key

public-rsa.cer

3.在程序中读取其(public-rsa.cer)公钥与证书信息，原Demo如下：

import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.PublicKey;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.Base64;
import java.util.Date;

/**
 * cert数字证书信息读取-Demo
 */
public class P20 {
    public static void main(String[] args) throws Exception {
        String keyStorePath = "/home/wangyetao/IdeaProjects/certest/public-rsa.cer";
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        X509Certificate cert = (X509Certificate) cf.generateCertificate(new FileInputStream(keyStorePath));
        PublicKey publicKey = cert.getPublicKey();
        Base64.Encoder encoder = Base64.getEncoder();
        String publicKeyString = encoder.encodeToString(publicKey.getEncoded());
        System.out.println("-----------------公钥--------------------");
        System.out.println(publicKeyString);
        System.out.println("-----------------公钥--------------------");


        System.out.println("\n-----------------证书信息--------------------");
        testReadX509CerFile();
        System.out.println("-----------------证书信息--------------------");
    }


    /***
     * 读取*.cer公钥证书文件， 获取公钥证书信息
     * @author xgh
     */
    public static void testReadX509CerFile() throws Exception {
        try {
            // 读取证书文件
            File file = new File("/home/wangyetao/IdeaProjects/certest/public-rsa.cer");
            InputStream inStream = new FileInputStream(file);
            // 创建X509工厂类
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            //CertificateFactory cf = CertificateFactory.getInstance("X509");
            // 创建证书对象
            X509Certificate oCert = (X509Certificate) cf.generateCertificate(inStream);
            inStream.close();
            SimpleDateFormat dateformat = new SimpleDateFormat("yyyy/MM/dd");
            String info = null;
            // 获得证书版本
            info = String.valueOf(oCert.getVersion());
            System.out.println("证书版本:" + info);
            // 获得证书序列号
            info = oCert.getSerialNumber().toString(16);
            System.out.println("证书序列号:" + info);
            // 获得证书有效期
            Date beforedate = oCert.getNotBefore();
            info = dateformat.format(beforedate);
            System.out.println("证书生效日期:" + info);
            Date afterdate = oCert.getNotAfter();
            info = dateformat.format(afterdate);
            System.out.println("证书失效日期:" + info);
            // 获得证书主体信息
            info = oCert.getSubjectDN().getName();
            System.out.println("证书拥有者:" + info);
            // 获得证书颁发者信息
            info = oCert.getIssuerDN().getName();
            System.out.println("证书颁发者:" + info);
            // 获得证书签名算法名称
            info = oCert.getSigAlgName();
            System.out.println("证书签名算法:" + info);

        } catch (Exception e) {
            System.out.println("解析证书出错！");
            e.printStackTrace();
        }
    }

}

 输出结果：

/opt/jdk1.8.0_191/bin/java -javaagent:/opt/ideaIU-2018.3/idea-IU-183.4284.148/lib/idea_rt.jar=36959:/opt/ideaIU-2018.3/idea-IU-183.4284.148/bin -Dfile.encoding=UTF-8 -classpath /opt/jdk1.8.0_191/jre/lib/charsets.jar:/opt/jdk1.8.0_191/jre/lib/deploy.jar:/opt/jdk1.8.0_191/jre/lib/ext/cldrdata.jar:/opt/jdk1.8.0_191/jre/lib/ext/dnsns.jar:/opt/jdk1.8.0_191/jre/lib/ext/jaccess.jar:/opt/jdk1.8.0_191/jre/lib/ext/jfxrt.jar:/opt/jdk1.8.0_191/jre/lib/ext/localedata.jar:/opt/jdk1.8.0_191/jre/lib/ext/nashorn.jar:/opt/jdk1.8.0_191/jre/lib/ext/sunec.jar:/opt/jdk1.8.0_191/jre/lib/ext/sunjce_provider.jar:/opt/jdk1.8.0_191/jre/lib/ext/sunpkcs11.jar:/opt/jdk1.8.0_191/jre/lib/ext/zipfs.jar:/opt/jdk1.8.0_191/jre/lib/javaws.jar:/opt/jdk1.8.0_191/jre/lib/jce.jar:/opt/jdk1.8.0_191/jre/lib/jfr.jar:/opt/jdk1.8.0_191/jre/lib/jfxswt.jar:/opt/jdk1.8.0_191/jre/lib/jsse.jar:/opt/jdk1.8.0_191/jre/lib/management-agent.jar:/opt/jdk1.8.0_191/jre/lib/plugin.jar:/opt/jdk1.8.0_191/jre/lib/resources.jar:/opt/jdk1.8.0_191/jre/lib/rt.jar:/home/wangyetao/IdeaProjects/psimple/out/production/psimple:/home/wangyetao/IdeaProjects/itextpdf-5.4.4.jar:/home/wangyetao/.m2/repository/junit/junit/4.12/junit-4.12.jar:/home/wangyetao/.m2/repository/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar:/home/wangyetao/.m2/repository/org/jboss/arquillian/junit/arquillian-junit-container/1.7.0.Alpha10/arquillian-junit-container-1.7.0.Alpha10.jar:/home/wangyetao/.m2/repository/org/jboss/arquillian/junit/arquillian-junit-core/1.7.0.Alpha10/arquillian-junit-core-1.7.0.Alpha10.jar:/home/wangyetao/.m2/repository/org/jboss/arquillian/test/arquillian-test-api/1.7.0.Alpha10/arquillian-test-api-1.7.0.Alpha10.jar:/home/wangyetao/.m2/repository/org/jboss/arquillian/core/arquillian-core-api/1.7.0.Alpha10/arquillian-core-api-1.7.0.Alpha10.jar:/home/wangyetao/.m2/repository/org/jboss/arquillian/test/arquillian-test-spi/1.7.0.Alpha10/arquillian-test-spi-1.7.0.Alpha10.jar:/home/wangyetao/.m2/repository/org/jboss/arquillian/core/arquillian-core-spi/1.7.0.Alpha10/arquillian-core-spi-1.7.0.Alpha10.jar:/home/wangyetao/.m2/repository/org/jboss/arquillian/container/arquillian-container-test-api/1.7.0.Alpha10/arquillian-container-test-api-1.7.0.Alpha10.jar:/home/wangyetao/.m2/repository/org/jboss/shrinkwrap/shrinkwrap-api/1.2.6/shrinkwrap-api-1.2.6.jar:/home/wangyetao/.m2/repository/org/jboss/shrinkwrap/descriptors/shrinkwrap-descriptors-api-base/2.0.0/shrinkwrap-descriptors-api-base-2.0.0.jar:/home/wangyetao/.m2/repository/org/jboss/arquillian/container/arquillian-container-test-spi/1.7.0.Alpha10/arquillian-container-test-spi-1.7.0.Alpha10.jar:/home/wangyetao/.m2/repository/org/jboss/arquillian/container/arquillian-container-spi/1.7.0.Alpha10/arquillian-container-spi-1.7.0.Alpha10.jar:/home/wangyetao/.m2/repository/org/jboss/arquillian/core/arquillian-core-impl-base/1.7.0.Alpha10/arquillian-core-impl-base-1.7.0.Alpha10.jar:/home/wangyetao/.m2/repository/org/jboss/arquillian/test/arquillian-test-impl-base/1.7.0.Alpha10/arquillian-test-impl-base-1.7.0.Alpha10.jar:/home/wangyetao/.m2/repository/org/jboss/arquillian/container/arquillian-container-impl-base/1.7.0.Alpha10/arquillian-container-impl-base-1.7.0.Alpha10.jar:/home/wangyetao/.m2/repository/org/jboss/arquillian/config/arquillian-config-api/1.7.0.Alpha10/arquillian-config-api-1.7.0.Alpha10.jar:/home/wangyetao/.m2/repository/org/jboss/arquillian/config/arquillian-config-impl-base/1.7.0.Alpha10/arquillian-config-impl-base-1.7.0.Alpha10.jar:/home/wangyetao/.m2/repository/org/jboss/arquillian/config/arquillian-config-spi/1.7.0.Alpha10/arquillian-config-spi-1.7.0.Alpha10.jar:/home/wangyetao/.m2/repository/org/jboss/shrinkwrap/descriptors/shrinkwrap-descriptors-spi/2.0.0/shrinkwrap-descriptors-spi-2.0.0.jar:/home/wangyetao/.m2/repository/org/jboss/arquillian/container/arquillian-container-test-impl-base/1.7.0.Alpha10/arquillian-container-test-impl-base-1.7.0.Alpha10.jar:/home/wangyetao/.m2/repository/org/jboss/shrinkwrap/shrinkwrap-impl-base/1.2.6/shrinkwrap-impl-base-1.2.6.jar:/home/wangyetao/.m2/repository/org/jboss/shrinkwrap/shrinkwrap-spi/1.2.6/shrinkwrap-spi-1.2.6.jar:/home/wangyetao/IdeaProjects/json-20201115.jar:/home/wangyetao/IdeaProjects/jackson-databind-2.12.0.jar P20
-----------------公钥--------------------
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC69Eju7YZDhy4G1z7n4tDnH7ZaHoXXlorhuu4216oxppzoD+VwTy2FKP/GErrmIRp3IysuIGGUF9VH8y3TZFRDbnFVAknSjCA8q/01fkzIwnVhqRr0/+tjx2/p9+p0y3o9NSs66qgVmWfs0Z6SIrgzRKHCYr2dj2wU6sHrYoVvCQIDAQAB
-----------------公钥--------------------

-----------------证书信息--------------------
证书版本:3
证书序列号:6716beeee8553f929d141b4ea307bcc178436e69
证书生效日期:2021/08/24
证书失效日期:2023/09/13
证书拥有者:[email protected], CN=wangyetao, OU=it, O=gongsi, L=dongguan, ST=gd, C=dg
证书颁发者:[email protected], CN=wangyetao, OU=it, O=gongsi, L=dongguan, ST=gd, C=dg
证书签名算法:SHA256withRSA
-----------------证书信息--------------------

Process finished with exit code 0