之前一个证书导入的问题搞了很久,发现国内的文章都是你抄抄我我抄抄你,长篇大论但有不完整,从国外论坛找到一个简洁明了的,解决了我的问题。特在此分享:
Java Keytool is a key and certificate management utility. It allows users to manage their own public/private key pairs and certificates. It also allows users to cache certificates. Java Keytool stores the keys and certificates in what is called a keystore. By default the Java keystore is implemented as a file. It protects private keys with a password. A Keytool keystore contains the private key and any certificatesnecessary to complete a chain of trust and establish the trustworthiness of the primary certificate.
Each certificate in a Java keystore is associated with a unique alias. When creating a Java keystore you will first create the .jks file that will initially only contain the private key. You will then generate a CSR and have a certificate generated from it. Then you will import the certificate to the keystore including any root certificates. Java Keytool also several other functions that allow you to view the details of a certificate or list the certificates contained in a keystore or export a certificate.
Below, we have listed the most common Java Keytool keystore commands and their usage:
Java Keytool Commands for Creating and Importing
These commands allow you to generate a new Java Keytool keystore file, create a CSR, and import certificates. Any root or intermediate certificates will need to be imported before importing the primary certificate for your domain.
-
Generate a Java keystore and key pair
keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048
-
Generate a certificate signing request (CSR) for an existing Java keystore
keytool -certreq -alias mydomain -keystore keystore.jks -file mydomain.csr
-
Import a root or intermediate CA certificate to an existing Java keystore
keytool -import -trustcacerts -alias root -file Thawte.crt -keystore keystore.jks
-
Import a signed primary certificate to an existing Java keystore
keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore keystore.jks
-
Generate a keystore and self-signed certificate (see How to Create a Self Signed Certificate using Java Keytool for more info)
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048
Java Keytool Commands for Checking
If you need to check the information within a certificate, or Java keystore, use these commands.
-
Check a stand-alone certificate
keytool -printcert -v -file mydomain.crt
-
Check which certificates are in a Java keystore
keytool -list -v -keystore keystore.jks
-
Check a particular keystore entry using an alias
keytool -list -v -keystore keystore.jks -alias mydomain
Other Java Keytool Commands
-
Delete a certificate from a Java Keytool keystore
keytool -delete -alias mydomain -keystore keystore.jks
-
Change a Java keystore password
keytool -storepasswd -new new_storepass -keystore keystore.jks
-
Export a certificate from a keystore
keytool -export -alias mydomain -file mydomain.crt -keystore keystore.jks
-
List Trusted CA Certs
keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts
-
Import New CA into Trusted Certs
keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias CA_ALIAS -keystore $JAVA_HOME/jre/lib/security/cacerts
相关推荐
服务器证书安装配置指南 SSL数据传输加密
"网证通" 服务器证书安装配置指南系列之 Apache1.3.20-16服务器证书安装配置指南
WebLogic8.1服务器证书安装配置指南.pdf
服务器证书安装配置指南.doc
服务器证书安装配置指南.docx
服务器证书安装配置的指南.doc
很好的指导材料,入门必备,一步一步跟着做,能够成功。
图文并茂,详细讲述如何在Windows server 2003系统上安装配置CA服务器安装和配置,适用于安全机制的配置。
主要介绍了IIS7.5 服务器证书安装配置指南,需要的朋友可以参考下
服务器 SSL 证书安装配置指南
进入服务器证书配置页面,并选择“创建证书申请”,填写相关信息,点击“下一步”。 选择加密服务提供程序,并设置证书密钥长度,EV证书需选择位长2048,点击“下一步”。 保存证书请求文件到.txt文件(如申请证书...
apche服务器ssl证书安装配置指南,有需要的朋友可以看看.
windows2003证书服务器安装与配置
学习目标 证书服务的基本概念 安装与配置证书服务器 客户端证书安装与使用 公钥基础设施PKI是目前实施网络安全应用的主要技术,其核心技术即使用公钥数字证书实现主体身份和公钥的绑定,制成各种安全机制的应用。...
windows server 2012CA证书服务器安装和配置
劫色数字证书服务器的配置应用过程,内容简单,可以初步了解一下。
网络安全之,PKI、CA和数字证书的原理和应用,安装和配置证书服务
一步一步在windows server 2003上配置微软CA的图文教程。
这是关于iis与vs2013相关联的配置,及OpenSSL制作过程需要注意的事项