#查看私钥,需要输入私钥密码
openssl rsa -in rsa.key
#证书校验
openssl verify -CAfile trust.cer server.pem
#用openssl导出证书和key
openssl pkcs12 -in server.keystore.pkcs12 -clcerts -nokeys -out cert.pem
openssl pkcs12 -in server.keystore.pkcs12 -nocerts -out key.pem
#对私钥进行加密
openssl rsa -aes256 -in ca_key.pem -passout pass:$passwd -out ca_key.pem_tmp
#去除私钥的保护密码
openssl rsa -in /tmp/cert/server.key -out /tmp/cert/server_nopwd.key -passin file:/tmp/cert/pass.txt
#用户提供的证书转为pkcs12文件
openssl pkcs12 -export -in ./client.pem -out ./client.p12
#转换jks为pkcs12格式
keytool -importkeystore -srckeystore server.keystore.jks -destkeystore server.keystore.pkcs12 -deststoretype pkcs12
#pkcs12文件转为server的jks文件
keytool -importkeystore -srckeystore ./client.p12 -destkeystore ./clientKeyStore -srcstoretype pkcs12
#jks提取CA证书
keytool -list -rfc -keystore server.truststore.jks -storepass GSn7ecZ_xSy9afd8
keytool -list -rfc -keystore server.keystore.jks -storepass Pbnls_md4Nttjktg
#修改别名
keytool -changealias -keystore KarafKeystore -alias ac_common -destalias tomcat -storepass $passwd
#打印pem证书内容
openssl x509 -in cert.pem -noout -text
#pem格式的ca证书转换成truststone
keytool -importcert -trustcacerts -file ./CA.pem -keystore ./trustStone -storepass ${password} -alias CA
#查看jks证书内容
#keytool -list -v -keystore trustStone -storepass ${password}
#修改jks证书的别名
keytool -changealias -keystore ./clientKeyStore -alias my_name -destalias androiddebugkey
#keytool也可以直接生成证书
keytool -genkey -alias test -dname CN=test,OU=share,O=share,L=sz,S=gd,C=CN -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -validity 36500 -keypass yourkeypass -storepass yourstorepass -keystore keystore.keystore