通常在Linux中命令行生成证书方便一些。一般ubuntu系统都装有OpenSSL,可使用命令openssl verson查看
wangyetao@wangyetao-Lenovo-G510:~$ openssl version
OpenSSL 1.1.1f 31 Mar 2020
1.OpenSSL选用des3加密算法生成私钥文件(命令行会提示输入自定义私钥密码,私钥密码须妥善保管)
openssl genrsa -des3 -out private-rsa.key 1024
生成的私钥样例为:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,8880532B9948C522
kaj7apUCfMkDLGFEHWfmqSNv923f8CKMKDs9GWT19E5x/tx0VwN+ozsNezljTDlc
rKs0gjv7yYfx4kAW1VCk6MNRxjiPbmiRk+Au3i91OX9aZjPlI2qH5nXD8fz+DH1o
+b+JMQI1xKAn2TMIFbtkxplsySeA/C2Z51zL4MXPGbn2Mj8Pmel/xUp5rOX80iNi
IibiwgVEI67roPZ9h81LcAq1+zOHbxvYo4/vY0ixUtLyHKGWbOUqoJEu2Wpi1/YH
1e5lvGecmPyu0CO7Zpe2y9t3GkENyc+O8xD/BOK72aYyJsgYIvhSmpUbIigxH+Xl
k79bM/E7MTcTMg9NbrmXB6Sx4vze3rvE4FiGEa3ND//7BxNAsR6wmPa8KAWGZ0VH
N74l7nP0KfbKUpzhPK8NSLnoYvW+uiO6md4Al3EIHAuQ6PH2wJlitbNVkeGZc78n
Z+vBfxPPAWWWy7fzj/8szn/ZySIvbygd5ifx6RmgahSiy+WU3VP19kAlaAhx2Ahv
CixjgyTK3hU8EeSRb1shMrIaKfD61c5W+zFkZpCrqH5y/LCUIJ5Z4gN5ylBkXXph
ydSGW5qU8COX4SDa2gwfz/i4syke1EUdrBbe4nFFg2hrt2ZKD2ADgjhUvdwP7Bnw
Wn6CHLlUdL6yBMAG2/mhtpnOjAcZENHhMxAvQX0mL7CALtDcVUHGk6vSo9C29Qkn
SW0paLtIrSUfHXs+Vt44DqQUo1TKIo67OhTFVH+SJQS0Vg2LiVKNgbM94XN4IGWi
gpoVo5zInQ5RY51pEs4Ce4KsAfyNhvCKh2++DUPcN+lc0IZomqWbbg==
-----END RSA PRIVATE KEY-----
2.OpenSSL用私钥文件生成cert证书文件(命令行会提示输入自定义证书各项子项信息)
openssl req -new -x509 -key private-rsa.key -days 750 -out public-rsa.cer
生成的证书文件样例为:
-----BEGIN CERTIFICATE-----
MIIC7jCCAlegAwIBAgIUZxa+7uhVP5KdFBtOowe8wXhDbmkwDQYJKoZIhvcNAQEL
BQAwgYgxCzAJBgNVBAYTAmRnMQswCQYDVQQIDAJnZDERMA8GA1UEBwwIZG9uZ2d1
YW4xDzANBgNVBAoMBmdvbmdzaTELMAkGA1UECwwCaXQxEjAQBgNVBAMMCXdhbmd5
ZXRhbzEnMCUGCSqGSIb3DQEJARYYd2FuZ3lldGFvX2JpbmFyeUAxMjYuY29tMB4X
DTIxMDgyNDExMDE0OVoXDTIzMDkxMzExMDE0OVowgYgxCzAJBgNVBAYTAmRnMQsw
CQYDVQQIDAJnZDERMA8GA1UEBwwIZG9uZ2d1YW4xDzANBgNVBAoMBmdvbmdzaTEL
MAkGA1UECwwCaXQxEjAQBgNVBAMMCXdhbmd5ZXRhbzEnMCUGCSqGSIb3DQEJARYY
d2FuZ3lldGFvX2JpbmFyeUAxMjYuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
iQKBgQC69Eju7YZDhy4G1z7n4tDnH7ZaHoXXlorhuu4216oxppzoD+VwTy2FKP/G
ErrmIRp3IysuIGGUF9VH8y3TZFRDbnFVAknSjCA8q/01fkzIwnVhqRr0/+tjx2/p
9+p0y3o9NSs66qgVmWfs0Z6SIrgzRKHCYr2dj2wU6sHrYoVvCQIDAQABo1MwUTAd
BgNVHQ4EFgQU8cvsGm5bzOWMhCawsiK4QvSUWuowHwYDVR0jBBgwFoAU8cvsGm5b
zOWMhCawsiK4QvSUWuowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOB
gQCE6EN5KE8RD4rpOPLP/0HogsHS4rukQhs0EGvcLYRqs73RYzbzEhPa0Tc/wu74
Kiag+wm9kFts4B6VVQuw6f6oNtGzLR2vHRpQEJ2CpGL82CdoCnBmd+R2nSBEzB/9
H5ZvI5jn7Bqri13qU1PTktDCgt1LkPPxOqP0x4oGHJqQWQ==
-----END CERTIFICATE-----
命令行完整记录:
wangyetao@wangyetao-Lenovo-G510:~/IdeaProjects/certest$ openssl version
OpenSSL 1.1.1f 31 Mar 2020
wangyetao@wangyetao-Lenovo-G510:~/IdeaProjects/certest$ openssl genrsa -des3 -out private-rsa.key 1024
Generating RSA private key, 1024 bit long modulus (2 primes)
..........................+++++
...........+++++
e is 65537 (0x010001)
Enter pass phrase for private-rsa.key:
Verifying - Enter pass phrase for private-rsa.key:
wangyetao@wangyetao-Lenovo-G510:~/IdeaProjects/certest$ l
private-rsa.key
wangyetao@wangyetao-Lenovo-G510:~/IdeaProjects/certest$ openssl req -new -x509 -key private-rsa.key -days 750 -out public-rsa.cer
Enter pass phrase for private-rsa.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:dg
State or Province Name (full name) [Some-State]:gd
Locality Name (eg, city) []:dongguan
Organization Name (eg, company) [Internet Widgits Pty Ltd]:gongsi
Organizational Unit Name (eg, section) []:it
Common Name (e.g. server FQDN or YOUR name) []:wangyetao
Email Address []:[email protected]
wangyetao@wangyetao-Lenovo-G510:~/IdeaProjects/certest$
wangyetao@wangyetao-Lenovo-G510:~/IdeaProjects/certest$ l
commandslog.txt private-rsa.key public-rsa.cer
wangyetao@wangyetao-Lenovo-G510:~/IdeaProjects/certest$
目录下会生成两个文件:
private-rsa.key
public-rsa.cer
3.在程序中读取其(public-rsa.cer)公钥与证书信息,原Demo如下:
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.PublicKey;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.Base64;
import java.util.Date;
/**
* cert数字证书信息读取-Demo
*/
public class P20 {
public static void main(String[] args) throws Exception {
String keyStorePath = "/home/wangyetao/IdeaProjects/certest/public-rsa.cer";
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) cf.generateCertificate(new FileInputStream(keyStorePath));
PublicKey publicKey = cert.getPublicKey();
Base64.Encoder encoder = Base64.getEncoder();
String publicKeyString = encoder.encodeToString(publicKey.getEncoded());
System.out.println("-----------------公钥--------------------");
System.out.println(publicKeyString);
System.out.println("-----------------公钥--------------------");
System.out.println("\n-----------------证书信息--------------------");
testReadX509CerFile();
System.out.println("-----------------证书信息--------------------");
}
/***
* 读取*.cer公钥证书文件, 获取公钥证书信息
* @author xgh
*/
public static void testReadX509CerFile() throws Exception {
try {
// 读取证书文件
File file = new File("/home/wangyetao/IdeaProjects/certest/public-rsa.cer");
InputStream inStream = new FileInputStream(file);
// 创建X509工厂类
CertificateFactory cf = CertificateFactory.getInstance("X.509");
//CertificateFactory cf = CertificateFactory.getInstance("X509");
// 创建证书对象
X509Certificate oCert = (X509Certificate) cf.generateCertificate(inStream);
inStream.close();
SimpleDateFormat dateformat = new SimpleDateFormat("yyyy/MM/dd");
String info = null;
// 获得证书版本
info = String.valueOf(oCert.getVersion());
System.out.println("证书版本:" + info);
// 获得证书序列号
info = oCert.getSerialNumber().toString(16);
System.out.println("证书序列号:" + info);
// 获得证书有效期
Date beforedate = oCert.getNotBefore();
info = dateformat.format(beforedate);
System.out.println("证书生效日期:" + info);
Date afterdate = oCert.getNotAfter();
info = dateformat.format(afterdate);
System.out.println("证书失效日期:" + info);
// 获得证书主体信息
info = oCert.getSubjectDN().getName();
System.out.println("证书拥有者:" + info);
// 获得证书颁发者信息
info = oCert.getIssuerDN().getName();
System.out.println("证书颁发者:" + info);
// 获得证书签名算法名称
info = oCert.getSigAlgName();
System.out.println("证书签名算法:" + info);
} catch (Exception e) {
System.out.println("解析证书出错!");
e.printStackTrace();
}
}
}
输出结果:
/opt/jdk1.8.0_191/bin/java -javaagent:/opt/ideaIU-2018.3/idea-IU-183.4284.148/lib/idea_rt.jar=36959:/opt/ideaIU-2018.3/idea-IU-183.4284.148/bin -Dfile.encoding=UTF-8 -classpath /opt/jdk1.8.0_191/jre/lib/charsets.jar:/opt/jdk1.8.0_191/jre/lib/deploy.jar:/opt/jdk1.8.0_191/jre/lib/ext/cldrdata.jar:/opt/jdk1.8.0_191/jre/lib/ext/dnsns.jar:/opt/jdk1.8.0_191/jre/lib/ext/jaccess.jar:/opt/jdk1.8.0_191/jre/lib/ext/jfxrt.jar:/opt/jdk1.8.0_191/jre/lib/ext/localedata.jar:/opt/jdk1.8.0_191/jre/lib/ext/nashorn.jar:/opt/jdk1.8.0_191/jre/lib/ext/sunec.jar:/opt/jdk1.8.0_191/jre/lib/ext/sunjce_provider.jar:/opt/jdk1.8.0_191/jre/lib/ext/sunpkcs11.jar:/opt/jdk1.8.0_191/jre/lib/ext/zipfs.jar:/opt/jdk1.8.0_191/jre/lib/javaws.jar:/opt/jdk1.8.0_191/jre/lib/jce.jar:/opt/jdk1.8.0_191/jre/lib/jfr.jar:/opt/jdk1.8.0_191/jre/lib/jfxswt.jar:/opt/jdk1.8.0_191/jre/lib/jsse.jar:/opt/jdk1.8.0_191/jre/lib/management-agent.jar:/opt/jdk1.8.0_191/jre/lib/plugin.jar:/opt/jdk1.8.0_191/jre/lib/resources.jar:/opt/jdk1.8.0_191/jre/lib/rt.jar:/home/wangyetao/IdeaProjects/psimple/out/production/psimple:/home/wangyetao/IdeaProjects/itextpdf-5.4.4.jar:/home/wangyetao/.m2/repository/junit/junit/4.12/junit-4.12.jar:/home/wangyetao/.m2/repository/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar:/home/wangyetao/.m2/repository/org/jboss/arquillian/junit/arquillian-junit-container/1.7.0.Alpha10/arquillian-junit-container-1.7.0.Alpha10.jar:/home/wangyetao/.m2/repository/org/jboss/arquillian/junit/arquillian-junit-core/1.7.0.Alpha10/arquillian-junit-core-1.7.0.Alpha10.jar:/home/wangyetao/.m2/repository/org/jboss/arquillian/test/arquillian-test-api/1.7.0.Alpha10/arquillian-test-api-1.7.0.Alpha10.jar:/home/wangyetao/.m2/repository/org/jboss/arquillian/core/arquillian-core-api/1.7.0.Alpha10/arquillian-core-api-1.7.0.Alpha10.jar:/home/wangyetao/.m2/repository/org/jboss/arquillian/test/arquillian-test-spi/1.7.0.Alpha10/arquillian-test-spi-1.7.0.Alpha10.jar:/home/wangyetao/.m2/repository/org/jboss/arquillian/core/arquillian-core-spi/1.7.0.Alpha10/arquillian-core-spi-1.7.0.Alpha10.jar:/home/wangyetao/.m2/repository/org/jboss/arquillian/container/arquillian-container-test-api/1.7.0.Alpha10/arquillian-container-test-api-1.7.0.Alpha10.jar:/home/wangyetao/.m2/repository/org/jboss/shrinkwrap/shrinkwrap-api/1.2.6/shrinkwrap-api-1.2.6.jar:/home/wangyetao/.m2/repository/org/jboss/shrinkwrap/descriptors/shrinkwrap-descriptors-api-base/2.0.0/shrinkwrap-descriptors-api-base-2.0.0.jar:/home/wangyetao/.m2/repository/org/jboss/arquillian/container/arquillian-container-test-spi/1.7.0.Alpha10/arquillian-container-test-spi-1.7.0.Alpha10.jar:/home/wangyetao/.m2/repository/org/jboss/arquillian/container/arquillian-container-spi/1.7.0.Alpha10/arquillian-container-spi-1.7.0.Alpha10.jar:/home/wangyetao/.m2/repository/org/jboss/arquillian/core/arquillian-core-impl-base/1.7.0.Alpha10/arquillian-core-impl-base-1.7.0.Alpha10.jar:/home/wangyetao/.m2/repository/org/jboss/arquillian/test/arquillian-test-impl-base/1.7.0.Alpha10/arquillian-test-impl-base-1.7.0.Alpha10.jar:/home/wangyetao/.m2/repository/org/jboss/arquillian/container/arquillian-container-impl-base/1.7.0.Alpha10/arquillian-container-impl-base-1.7.0.Alpha10.jar:/home/wangyetao/.m2/repository/org/jboss/arquillian/config/arquillian-config-api/1.7.0.Alpha10/arquillian-config-api-1.7.0.Alpha10.jar:/home/wangyetao/.m2/repository/org/jboss/arquillian/config/arquillian-config-impl-base/1.7.0.Alpha10/arquillian-config-impl-base-1.7.0.Alpha10.jar:/home/wangyetao/.m2/repository/org/jboss/arquillian/config/arquillian-config-spi/1.7.0.Alpha10/arquillian-config-spi-1.7.0.Alpha10.jar:/home/wangyetao/.m2/repository/org/jboss/shrinkwrap/descriptors/shrinkwrap-descriptors-spi/2.0.0/shrinkwrap-descriptors-spi-2.0.0.jar:/home/wangyetao/.m2/repository/org/jboss/arquillian/container/arquillian-container-test-impl-base/1.7.0.Alpha10/arquillian-container-test-impl-base-1.7.0.Alpha10.jar:/home/wangyetao/.m2/repository/org/jboss/shrinkwrap/shrinkwrap-impl-base/1.2.6/shrinkwrap-impl-base-1.2.6.jar:/home/wangyetao/.m2/repository/org/jboss/shrinkwrap/shrinkwrap-spi/1.2.6/shrinkwrap-spi-1.2.6.jar:/home/wangyetao/IdeaProjects/json-20201115.jar:/home/wangyetao/IdeaProjects/jackson-databind-2.12.0.jar P20
-----------------公钥--------------------
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC69Eju7YZDhy4G1z7n4tDnH7ZaHoXXlorhuu4216oxppzoD+VwTy2FKP/GErrmIRp3IysuIGGUF9VH8y3TZFRDbnFVAknSjCA8q/01fkzIwnVhqRr0/+tjx2/p9+p0y3o9NSs66qgVmWfs0Z6SIrgzRKHCYr2dj2wU6sHrYoVvCQIDAQAB
-----------------公钥--------------------
-----------------证书信息--------------------
证书版本:3
证书序列号:6716beeee8553f929d141b4ea307bcc178436e69
证书生效日期:2021/08/24
证书失效日期:2023/09/13
证书拥有者:[email protected], CN=wangyetao, OU=it, O=gongsi, L=dongguan, ST=gd, C=dg
证书颁发者:[email protected], CN=wangyetao, OU=it, O=gongsi, L=dongguan, ST=gd, C=dg
证书签名算法:SHA256withRSA
-----------------证书信息--------------------
Process finished with exit code 0