如何生成密钥库和信任库 [英] How to generate keystore and truststore
问题描述
方法:
- 生成密钥库
- 生成信任库
要使SSL在客户端和服务器之间工作,我仅需要生成密钥库和信任库,以通过终端命令(Keytool和openssl)进行相互认证的逐步指南.
To make SSL work between client and server, I need help in only Generation of keystore and truststore for mutual authentication step-by-step guide with terminal commands(Keytool and openssl).
推荐答案
我关注了此链接.
1.生成密钥库(在服务器上):
1.Generate keystore(At server):
keytool -genkey -alias bmc -keyalg RSA -keystore KeyStore.jks -keysize 2048
2.生成新的ca-cert和ca-key:
2.Generate new ca-cert and ca-key:
openssl req -new -x509 -keyout ca-key -out ca-cert
3.提取证书/创建证书签名req(csr):
3.Extracting cert/creating cert sign req(csr):
keytool -keystore KeyStore.jks -alias bmc -certreq -file cert-file
4.对"cert-file"进行签名,并且证书签名将是新证书:
4.Sign the "cert-file" and cert-signed wil be the new cert:
openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file -out
cert-signed -days 365 -CAcreateserial -passin pass:yourpass
5.将ca-cert导入密钥库文件:
5.importing the ca-cert to keystore file:
keytool -keystore KeyStore.jks -alias CARoot -import -file ca-cert
6.将证书签名的证书导入密钥库:
6.import cert-signed to keystore:
keytool -keystore KeyStore.jks -alias bmc -import -file cert-signed
7.将ca-cert复制到客户端计算机并生成信任库:(在客户端)
7.Copy ca-cert into client machine and generate truststore: (At client)
keytool -keystore truststore.jks -alias bmc -import -file ca-cert
8.将ca-cert复制到客户端计算机并生成信任库:(在服务器上)
8.Copy ca-cert into client machine and generate truststore: (At server)
keytool -keystore truststore.jks -alias bmc -import -file ca-cert-c
**在客户端重复步骤(1-6),并通过导入客户端的ca-cert在服务器端生成信任库(步骤8)
**Repeat the step(1-6) at client side and generate truststore at server side by importing ca-cert of client(step 8)
在第6步之后重命名了ca-cert.
Renamed ca-cert after step 6.
Ex:在服务器端生成的ca-cert-s和在客户端生成的ca-cert-c,彼此交换以生成信任库.
Ex: ca-cert-s generated at server side and ca-cert-c at client and exchanged each other for generating truststore.
这篇关于如何生成密钥库和信任库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!