jdk版本-JDK1.6以上版本
1.生成jks证书
在cmd命令中运行 cd %JAVA_HOME%/bin 转到 jdk路径
keytool工具说明:
keytool -genkey -alias test(别名)
-keypass 123123(私钥密码)
-keyalg RSA(算法)
-sigalg sha256withrsa(算法小类)
-keysize 1024(密钥长度)
-validity 365(有效期)
-keystore d:/test.jks(生成路径)
-storepass 123123(主密码)
keytool -genkey -alias test -keypass 555555 -keyalg RSA -sigalg sha256withrsa -keysize 1024 -validity 365 -keystore d:/test.jks -storepass 555555
至此jks格式证书生成完毕
2.生成pfx证书
运行一下代码生成pfx证书(修改对应的 .jks路径)
package key;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.util.Enumeration;
public class JKS2PFX {
public static final String PKCS12 = "PKCS12";
public static final String JKS = "JKS";
public static final String PFX_KEYSTORE_FILE = "e://na.pfx";
public static final String KEYSTORE_PASSWORD = "555555";
public static final String JKS_KEYSTORE_FILE = "e://na.jks";
public static void coverToPfx() {
try {
KeyStore inputKeyStore = KeyStore.getInstance("JKS");
FileInputStream fis = new FileInputStream(JKS_KEYSTORE_FILE);
char[] nPassword = null;
if ((KEYSTORE_PASSWORD == null)
|| KEYSTORE_PASSWORD.trim().equals("")) {
nPassword = null;
} else {
nPassword = KEYSTORE_PASSWORD.toCharArray();
}
inputKeyStore.load(fis, nPassword);
fis.close();
KeyStore outputKeyStore = KeyStore.getInstance("PKCS12");
outputKeyStore.load(null, KEYSTORE_PASSWORD.toCharArray());
Enumeration enums = inputKeyStore.aliases();
while (enums.hasMoreElements()) { // we are readin just one certificate.
String keyAlias = (String) enums.nextElement();
System.out.println("alias=[" + keyAlias + "]");
if (inputKeyStore.isKeyEntry(keyAlias)) {
Key key = inputKeyStore.getKey(keyAlias, nPassword);
Certificate[] certChain = inputKeyStore
.getCertificateChain(keyAlias);
outputKeyStore.setKeyEntry(keyAlias, key, KEYSTORE_PASSWORD
.toCharArray(), certChain);
}
}
FileOutputStream out = new FileOutputStream(PFX_KEYSTORE_FILE);
outputKeyStore.store(out, nPassword);
out.close();
} catch (Exception e) {
e.printStackTrace();
}
}
public static void main(String[] args) {
coverToPfx();
}
}
至此pfx证书已经生成,内含私钥,通过创建时的密码进行签名调用
3.生成cer证书
双击生成的cer证书,安装证书.(如果需要添加信任证书,看这里 手动添加受信任证书)
打开浏览器(以chrome为例)
设置 > 高级 > 管理证书 > 找到你要生成的证书 > 点击导出 (一直点下一步就行了)
至此,就生成cer证书了
构建https服务器的话把对应的jks文件配置到对应的服务器上就行了