The First Article.
https://blog.csdn.net/l964289880/article/details/84919664
Tomcat添加HTTPS单向认证和双向认证
https://www.cnblogs.com/kevinshen/p/7015891.html
用openssl、keytool创建数字证书颁发二级证书
https://github.com/shenzewen/LearningRecord/blob/master/other/openssl_keytool.md
Java安全通信:HTTPS与SSL
http://www.cnblogs.com/devinzhang/archive/2012/02/28/2371631.html
https单向认证和双向认证区别
https://blog.csdn.net/xiejunna/article/details/71157984
SSL单向认证Java实现 Tomcat篇
https://firefly.iteye.com/blog/667196
单向验证,客户机只验证服务器的证书,服务器不验证客户机的证书。所以只需要生成服务器端的keystore.
-
以jks格式生成服务器端包含Public key和Private Key的keystore文件,keypass与storepass务必要一样,因为在tomcat server.xml中只配置一个password.
keytool -genkey -alias server -keystore e:\serverKeystore.jks -keypass 123456 -storepass 123456 -keyalg RSA -keysize 512 -validity 365 -v -dname “CN = W03GCA01A,O = ABC BANK,DC = Server Https,DC = ABC,OU = Firefly Technology And Operation” -
从keystore中导出别名为server的服务端证书.
keytool -export -alias server -keystore e:\serverKeystore.jks -storepass 123456 -file e:\server.cer -
将server.cer导入客户端的信任证书库clientTruststore.jks
keytool -import -alias trustServer -file e:\server.cer -keystore e:\clientTruststore.jks -storepass 123456
服务器端: serverKeystore.jks
客户端: clientTruststore.jks
genkeypair和genseckey的区别
官方的说明文档中对于选项【keyalg】的默认值有这样的说明:
-keyalg
“DSA” (when using -genkeypair)
“DES” (when using -genseckey)
由此推测,这2个选项所创建的密钥的加密算法不一样,【genkeypair】用于创建非对称加密,默认算法是【DSA】,【genseckey】用于创建对称加密,默认算法是【DES】
参考资料:https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html
Java 枚举(enum) 详解7种常见的用法
https://blog.csdn.net/testcs_dn/article/details/78604547