#Generate certificate container file abc.jks Alias china Password length 2048 Valid for 3 years Container password 123456
keytool -genkey -alias china -keyalg RSA -keysize 2048 -keystore D:\abc.jks -storepass 123456 -validity 1095 #Generate
digital certificate signature Request file
keytool -certreq -keyalg RSA -alias fft -file certreq.csr -keystore D:\abc.jks #Generate
a certificate container according to the certificate DN (there are spaces in the certificate DN, remember to add double quotes, as follows)
keytool -genkey -alias china -keyalg RSA -keysize 2048 -keystore D:\abc.jks -dname "CN=123,OU=Organizational-1,OU=ABC,O=CFCA RSA OCA31,C=CN"
#cer to pem (ps certificate is der format, if it is base64 format, it needs to be downloaded)
openssl x509 -inform der -in server.cer -out server.pem #Get
the private key from jks, and then convert it to pem without password format (jks to pfx [conversion code see Attachment], and then use the following command line to obtain the private key)
openssl pkcs12 -in server.pfx -nocerts -nodes -out server.key
#nginx https configuration
ssl_certificate /home/server.pem;
ssl_certificate_key /home/fft-server.key;
the attachment is the keytool graphical tool for easy use
Command line keytool uses certificate DN to generate digital certificate container spaces
Guess you like
Origin http://43.154.161.224:23101/article/api/json?id=326283222&siteId=291194637
Recommended
Ranking