OpenSSL
1、生成CA证书:
openssl req -new -x509 -newkey rsa:1024 -keyout ca.key.pem -out ca.cer -config openssl.cfg -outform PEM -subj "/C=CN/ST=ChongQing/L=ChongQing/O=yiji/OU=yiji/CN=*.yiji.com"
Keytool
2、生成KeyPair
keytool -genkey -alias yiji -validity 365 -keyalg RSA -keysize 2048 -keypass changeit -storepass changeit -keystore keystore -dname="CN=paycore.yiji.com,OU=yiji.com,O=yiji,L=ChongQing,S=ChongQing,C=CN" pause
3、生成服务器证书请求文件
keytool -certreq -alias tomcat -sigalg MD5withRSA -file server.csr -keypass changeit -keystore keystore -storepass changeit
OpenSSL
4、签发证书
openssl x509 -req -days 3650 -sha1 -extensions v3_req -CA ca.cer -CAkey ca.key -CAcreateserial -in server.csr -out server.cer
Keytool
5、导入服务器证书到keystore
keytool -import -v -trustcacerts -storepass changeit -alias tomcatpub -file server.cer -keystore keystore