jdk版本-JDK1.6以上版本
1.生成jks證書
在cmd命令中運行 cd %JAVA_HOME%/bin 轉到 jdk路徑
keytool工具說明:
keytool -genkey -alias test(別名)
-keypass 123123(私鑰密碼)
-keyalg RSA(算法)
-sigalg sha256withrsa(算法小類)
-keysize 1024(密鑰長度)
-validity 365(有效期)
-keystore d:/test.jks(生成路徑)
-storepass 123123(主密碼)
keytool -genkey -alias test -keypass 555555-keyalg RSA -sigalg sha256withrsa -keysize 1024 -validity 365 -keystore d:/test.jks -storepass 555555
至此jks格式證書生成完畢
2.生成pfx證書
運行一下代碼生成pfx證書(修改對應的 .jks路徑)
package key;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.util.Enumeration;
public class JKS2PFX {
public static final String PKCS12 = "PKCS12";
public static final String JKS = "JKS";
public static final String PFX_KEYSTORE_FILE = "e://na.pfx";
public static final String KEYSTORE_PASSWORD = "555555";
public static final String JKS_KEYSTORE_FILE = "e://na.jks";
public static void coverToPfx() {
try {
KeyStore inputKeyStore = KeyStore.getInstance("JKS");
FileInputStream fis = new FileInputStream(JKS_KEYSTORE_FILE);
char[] nPassword = null;
if ((KEYSTORE_PASSWORD == null)
|| KEYSTORE_PASSWORD.trim().equals("")) {
nPassword = null;
} else {
nPassword = KEYSTORE_PASSWORD.toCharArray();
}
inputKeyStore.load(fis, nPassword);
fis.close();
KeyStore outputKeyStore = KeyStore.getInstance("PKCS12");
outputKeyStore.load(null, KEYSTORE_PASSWORD.toCharArray());
Enumeration enums = inputKeyStore.aliases();
while (enums.hasMoreElements()) { // we are readin just one certificate.
String keyAlias = (String) enums.nextElement();
System.out.println("alias=[" + keyAlias + "]");
if (inputKeyStore.isKeyEntry(keyAlias)) {
Key key = inputKeyStore.getKey(keyAlias, nPassword);
Certificate[] certChain = inputKeyStore
.getCertificateChain(keyAlias);
outputKeyStore.setKeyEntry(keyAlias, key, KEYSTORE_PASSWORD
.toCharArray(), certChain);
}
}
FileOutputStream out = new FileOutputStream(PFX_KEYSTORE_FILE);
outputKeyStore.store(out, nPassword);
out.close();
} catch (Exception e) {
e.printStackTrace();
}
}
public static void main(String[] args) {
coverToPfx();
}
}
至此pfx證書已經生成,內含私鑰,通過創建時的密碼進行簽名調用
3.生成cer證書
雙擊生成的cer證書,安裝證書.(如果需要添加信任證書,看這裏 手動添加受信任證書)
打開瀏覽器(以chrome爲例)
設置 > 高級 > 管理證書 > 找到你要生成的證書 > 點擊導出 (一直點下一步就行了)
至此,就生成cer證書了
構建https服務器的話把對應的jks文件配置到對應的服務器上就行了