使用keytool生成密钥和证书 [英] generate key and certificate using keytool

问题描述

我想生成一个自签名的受信任证书和一个csr，并用创建的受信任证书对csr进行签名.我正在尝试使用keytool.使用以下命令创建受信任证书的第一步

I want to generate a self signed trusted certificate and a csr and sign the csr with trusted certificate created. I am trying it with keytool. In the first step of creating a trusted certificate using the below command

keytool -genkey -alias mytrustCA -keyalg RSA -keystore keystore.jks -keysize 1024

keytool -genkey -alias mytrustCA -keyalg RSA -keystore keystore.jks -keysize 1024

它将证书放入密钥库的位置.如何将其存储到文件中?当我使用

where it puts the certificate into keystore. How can I store it to a file ? and when I list the contents using

keytool -list -v -keystore cert/test.keystore

keytool -list -v -keystore cert/test.keystore

使用上述"genkey"命令创建的证书创建条目类型为"PrivateKeyEntry"的证书，如何创建受信任的证书条目?

Certificate created with above "genkey" command creates with entry type as "PrivateKeyEntry", how can create a trusted Cert Entry ?

推荐答案

在第一个命令中，您已使用-genkey选项生成名为keystore.jks的密钥库.

In your first command, you have used the -genkey option to generate the keystore named keystore.jks.

要以.CER格式文件导出证书，您将需要使用keytool的-export选项.

To export the certificate in .CER format file, you will need to use the -export option of the keytool.

一个例子是:

keytool -v -export -file mytrustCA.cer -keystore keystore.jks -alias mytrustCA

这将生成一个名为mytrustCA.cer

要生成证书请求以发送到CA以获取签名证书，您将需要使用keytool的-certreq选项.

To generate a certificate request to send to a CA for obtaining a signed certificate, you will need to use the -certreq option of keytool.

一个例子是:

keytool -v -certreq -keystore keystore.jks -alias mytrustCA

这将要求密钥库密码，并且在成功通过身份验证后，将显示如下所示的证书请求(示例).

This will ask for the keystore password and on successful authentication, it will show the certificate request as given below (a sample).

-----BEGIN NEW CERTIFICATE REQUEST-----
MIIBtDCCAR0CAQAwdDELMAkGA1UEBhMCSU4xFDASBgNVBAgTC01haGFyYXNodHJhMQ8wDQYDVQQH
EwZNdW1iYWkxEjAQBgNVBAoTCU1pbmRzdG9ybTEUMBIGA1UECxMLRW5naW5lZXJpbmcxFDASBgNV
BAMTC1JvbWluIElyYW5pMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqOLEumwLHlzIUAPD6
Ab1pVp84mhSNCCcUKInZbSdiDYnKSr46EjEw0PtZOVPJbM4ZG3bZsOboYr0YfViJi41o4yJICFAZ
8wCQQxPK/4N8MPV7C5WDH28kRKGH/Pc2e7CxV+as573I34QmkINk7fEyERMDwP/WgmrcKZgL0sfy
ewIDAQABoAAwDQYJKoZIhvcNAQEFBQADgYEAlcpjOUZFP9ixskXSA7HNlioWwjbL9f9rQskJ9rK8
kGLJ1td+mqqm20yo/JrKCzZjOMqr/aL6Zw2dkoyU34T9HnR2Bs3SgKn6wlYsYEVvVBk71Ec6PeTi
e+fhfNQEHsj4wuB4qixO3s1jtsLDy+DpTzYguszczwxXGFVNuk+y2VY=
-----END NEW CERTIFICATE REQUEST-----

您将需要发送此证书请求或将其粘贴到数字证书签名者"网页中.或者，您甚至可以按以下方式将此输出重定向到文件而不是控制台:

You will need to send this Certificate REquest or paste it into the Digital Certificate signer webpage. Alternately, you can even redirect this output to a file instead of the console as follows:

keytool -v -certreq -keystore keystore.jks -alias mytrustCA > mycertreq.txt

这篇关于使用keytool生成密钥和证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！