First, the source keystore is in the JKS format of the JSSE specification, and there is only a self-signed certificate;
Secondly, obtain the private key and self-signed certificate in openssl format for nginx to open ssl test;
1. Generate a JKS format keystore with a self-signed certificate:
keytool -genkey -v -alias merrick -keyalg RSA -storetype JKS -keystore test1.jks -dname "CN=localhost,OU=merrick,O=COMPANY,L=CZ,ST=JS,C=CN" -storepass 123456 -keypass 123456 -validity 3650
2. Convert the keystore in JKS format to the keystore in PKCS12 format:
keytool -importkeystore -srckeystore test1.jks -destkeystore test1.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass 123456 -deststorepass 123456 -srcalias merrick -destalias merrick -srckeypass 123456 -destkeypass 123456 -noprompt
查看:keytool -list -v -keystore test1.p12
3. Export the binary der certificate:
keytool -export -alias merrick -keystore test1.p12 -storepass 123456 -file test1.cer
View: keytool -printcert -v -file test1.cer
4. openssl generates a private key in text format without password:
openssl pkcs12 -in test1.p12 -nocerts -nodes -out test1.key -passin pass:123456
5, openssl generates a certificate in text format:
openssl x509 -inform der -in test1.cer -out test1.crt
6, nginx related https configuration:
nginx.conf配置:
ssl_certificate test1.crt;
ssl_certificate_key test1.key;
7. The above steps do not apply to the actual commercial deployment that requires a third-party certificate certification authority to issue a process.