Java Keytool generate a digital certificate /.cer/.p12 file

Language 2019-05-29 01:01:50 views: null

Any organization or individual may apply for a digital certificate, and the use of digital certificates issued by the CA escort agencies for their own applications. Two common certificate management tool: KeyTool, OpenSSL ---> build CSR (Certificate Signing Request, digital certificate issuance application), referred to a CA issued a final digital certificate. P12 recently used files on the record about how to use jdk that comes with keytool to create a p12 file

Create a private key and certificate

1. Open cmd, switch to the bin directory jdk

2. Enter the command

keytool -genkeypair -alias serverkey -keyalg RSA -keysize 2048 -validity 3650 -keystore C:\Users\i343740\Desktop\p12test.keystore
复制代码

Parameter Description: storepass keystore file store passwords, without this parameter will later ask you to enter a password keypass private key encryption and decryption password alias alias entity (including certificate private key) dname personal information keyalg certificate using public key algorithm, the default is DSA, here using RSA keysize key length (the default algorithm corresponding to the algorithm is DSA SHA1withDSA, not the length of support 2048, at this time are required for RSA) validity period specified keystore keystore file storage location

3. The command line will ask you to enter some information, here is just a trial, free to lose some of it

What is your first and last name?
  [Unknown]:  xu
What is the name of your organizational unit?
  [Unknown]:  SAP
What is the name of your organization?
  [Unknown]:  SAP
What is the name of your City or Locality?
  [Unknown]:  ShangHai
What is the name of your State or Province?
  [Unknown]:  ShangHai
What is the two-letter country code for this unit?
  [Unknown]:  CN
Is CN=xu, OU=SAP, O=SAP, L=ShangHai, ST=ShangHai, C=CN correct?
  [no]:  Y
复制代码

4. The last line: Enter key password, because here we set up a key database password on it, so here is if the password and password settings as above, then you can directly enter like, if two passwords do not Like, we can enter a new password, enter

5. After the above operation, the secret key database has been created digital certificate (without CA certificate), but does not affect our use. We can export digital certificates, to send is encrypted interaction partners.

View keystore details

1. Enter the command

keytool -v -list -keystore C:\Users\i343740\Desktop\p12test.keystore
复制代码

Keystore can see the details:

Keystore type: jks
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: serverkey
Creation date: Sep 18, 2018
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=xu, OU=SAP, O=SAP, L=ShangHai, ST=ShangHai, C=CN
Issuer: CN=xu, OU=SAP, O=SAP, L=ShangHai, ST=ShangHai, C=CN
Serial number: 68a01736
Valid from: Tue Sep 18 15:29:16 CST 2018 until: Fri Sep 15 15:29:16 CST 2028
Certificate fingerprints:
         MD5:  6D:02:83:77:1D:8F:80:4A:7E:71:10:E5:D1:F7:DA:A1
         SHA1: 50:A7:46:DE:BC:9E:0E:22:AC:AD:85:63:3D:29:FB:FF:75:66:55:3E
         SHA256: 78:C4:65:71:A2:54:2B:56:2E:7B:8F:16:7D:EB:53:46:4E:9C:0C:AF:55:F8:3E:0C:37:FC:CD:A6:8C:04:9E:84
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
......(还有一些)
复制代码

Export the local certificate (.cer)

1. Enter the command

keytool -exportcert -keystore  C:\Users\i343740\Desktop\p12test.keystore -file C:\Users\i343740\Desktop\p12test.cer -alias serverkey
复制代码

Of parameters: -export export operation of certificate keys -keystore specified library export file path specified -file -storepass specified password -rfc Base64-encoded output

Printing digital certificate

1. Enter the command

Keytool -printcert -file C:\Users\i343740\Desktop\p12test.cer
复制代码

Converting the certificate .cer format for p12 certificate

1. Enter the command

keytool -importkeystore -srckeystore C:\Users\i343740\Desktop\p12test.keystore -destkeystore C:\Users\i343740\Desktop\p12test.p12 -srcalias serverkey -destalias serverkey -srcstoretype jks -deststoretype pkcs12 -noprompt
复制代码

2. Enter the target key source database password and key store password to (target key database password means that we want to set a password for the .p12 certificate, and the source keystore password, it means that we initially .cer set certificate key store password)

P12 two commands:

Generate a certificate:

keytool -genkey -v -alias client -keyalg RSA-storetype PKCS12 -keystore  C:\Users\i343740\Desktop\p12test.p12
复制代码

Export Certificate:

keytool -export -alias client -keystore  C:\Users\i343740\Desktop\p12test.p12-storetype PKCS12 -storepass 123456 -rfc -file C:\Users\i343740\Desktop\p12test.cer
复制代码

Guess you like

Origin juejin.im/post/5cecf74d6fb9a07eaa225cbd
Recommended
The United States plans to restrict the export of large AI models to China and Russia
Apple to reach agreement with OpenAI to bring ChatGPT to iPhone
Ranking
whisper-webui installation tutorial is silky and easy to use
[Base] Laravel concepts laravel basis, the custom service provider: Contracts, ServiceContainer, ServiceProvider, Facades relations
Import torchvision error problem solving DLL: module not found
observer & watch & notify = pub & sub
A small turntable program [HTML + CSS + JS]
CorelDRAW 2018 shortcuts Daquan
Supervise el botón de menú para lograr un gatillo de presión prolongada
JS将时间秒转换成天小时分钟秒的字符串
RIP basic configuration
[Deleted] solution to a problem a few questions (Noip1994)
Daily
More
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)

Code World

© 2018 codetd.com