首页 > 代码库 > SSL通关之keytool 命令(三)
SSL通关之keytool 命令(三)
关于命令的详细介绍,后期补上。时间紧迫,见谅。
单向验证成功:
1、生产服务器端证书:keytool -validity 365 -genkey -v -alias server -keyalg RSA -keystore D:\ssl\bks\server.jks -dname "CN=10.100.100.24,OU=sengled,O=sengled,L=Haidian,ST=Beijing,c=cn" -storepass 123456 -keypass 123456
2、导出证书
keytool -exportcert -v -alias server -keystore D:\ssl\bks\server.jks -storepass 123456 -rfc -file D:\ssl\bks\server.cert
3、生产Android可用的客户端证书
keytool -importcert -keystore D:\ssl\bks\client.bks -file D:\ssl\bks\server.cert -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider -storepass 123456
四、同一个server,两份不同的client证书,双向认证成功:
双向(Android)验证成功
keytool -validity 365 -genkey -v -alias server -keyalg RSA -keystore D:\ssl\server.keystore -dname "CN=10.100.100.24,OU=sengled,O=sengled,L=Haidian,ST=Beijing,c=cn" -storepass 123456 -keypass 123456
keytool -validity 365 -genkeypair -v -alias client-bks -keyalg RSA -storetype BKS -keystore D:\ssl\client-bks.bks -dname "CN=client,OU=sengled,O=sengled,L=Haidian,ST=Beijing,c=cn" -storepass 123456 -keypass 123456
keytool -export -v -alias client-bks -keystore D:\ssl\client-bks.bks -storetype BKS -storepass 123456 -rfc -file D:\ssl\client-bks.crt
keytool -export -v -alias server -keystore D:\ssl\server.keystore -storepass 123456 -rfc -file D:\ssl\server.crt
keytool -importcert -keystore D:\ssl\client-bks-trust.bks -file D:\ssl\server.crt -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider -storepass 123456
keytool -import -v -alias client-bks -file D:\ssl\client-bks.crt -keystore D:\ssl\server.keystore -storepass 123456
ios:双向验证成功
keytool -validity 365 -genkeypair -v -alias client-ios -keyalg RSA -storetype PKCS12 -keystore D:\ssl\client-ios.p12 -dname "CN=client-ios,OU=sengled,O=sengled,L=Haidian,ST=Beijing,c=cn" -storepass 123456 -keypass 123456
keytool -export -v -alias client-ios -keystore D:\ssl\client-ios.p12 -storetype PKCS12 -storepass 123456 -rfc -file D:\ssl\client-ios.cer -provider org.bouncycastle.jce.provider.BouncyCastleProvider -storepass 123456
keytool -export -v -alias server -keystore D:\ssl\server.keystore -storepass 123456 -rfc -file D:\ssl\server-ios.cer
keytool -import -v -alias server -file D:\ssl\server-ios.cer -keystore D:\ssl\client-ios.truststore -storepass 123456
keytool -import -v -alias client-ios -file D:\ssl\client-ios.cer -keystore D:\ssl\server.keystore -storepass 123456
五、
ios-jks:双向成功
keytool -validity 365 -genkey -v -alias server -keyalg RSA -keystore D:\ssl\ios-jks\server.keystore -dname "CN=10.100.100.24,OU=sengled,O=sengled,L=Haidian,ST=Beijing,c=cn" -storepass 123456 -keypass 123456
keytool -validity 365 -genkeypair -v -alias client -keyalg RSA -storetype PKCS12 -keystore D:\ssl\ios-jks\client.p12 -dname "CN=client,OU=sengled,O=sengled,L=Haidian,ST=Beijing,c=cn" -storepass 123456 -keypass 123456
keytool -export -v -alias client -keystore D:\ssl\ios-jks\client.p12 -storetype PKCS12 -storepass 123456 -rfc -file D:\ssl\ios-jks\client.cer -provider org.bouncycastle.jce.provider.BouncyCastleProvider -storepass 123456
keytool -export -v -alias server -keystore D:\ssl\ios-jks\server.keystore -storepass 123456 -rfc -file D:\ssl\ios-jks\server.cer
keytool -import -v -alias server -file D:\ssl\ios-jks\server.cer -keystore D:\ssl\ios-jks\client.truststore -storepass 123456
keytool -import -v -alias client -file D:\ssl\ios-jks\client.cer -keystore D:\ssl\ios-jks\server.keystore -storepass 123456
SSL通关之keytool 命令(三)
声明:以上内容来自用户投稿及互联网公开渠道收集整理发布,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任,若内容有误或涉及侵权可进行投诉: 投诉/举报 工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。