使用JAVA的keytool生成jks证书,通过jks证书生成pfx证书,tomcat配置https

最新推荐文章于 2024-08-17 11:40:32 发布
最新推荐文章于 2024-08-17 11:40:32 发布
阅读量2.9k 收藏 6
点赞数 1
分类专栏: 个人笔记 文章标签: keytool keytool生成pfx tomcat配置https
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/bighuan/article/details/106279408
版权

本文使用JKD1.8版本。

keytool常用命令(来自网络)

-genkey      在用户主目录中创建一个默认文件".keystore",还会产生一个mykey的别名,mykey中包含用户的公钥、私钥和证书(在没有指定生成位置的情况下,keystore会存在用户系统默认目录)

-alias       产生别名,每个keystore都关联这一个独一无二的alias,这个alias通常不区分大小写

-keystore    指定密钥库的名称(产生的各类信息将不在.keystore文件中)

-keyalg      指定密钥的算法 (如 RSA  DSA(如果不指定默认采用DSA))

-validity    指定创建的证书有效期多少天

-keysize     指定密钥长度

-storepass   指定密钥库的密码(获取keystore信息所需的密码)

-keypass     指定别名条目的密码(私钥的密码)

-dname       指定证书拥有者信息 

-list        显示密钥库中的证书信息     

-v           显示密钥库中的证书详细信息

-export      将别名指定的证书导出到文件 

-file        参数指定导出到文件的文件名

-delete      删除密钥库中某条目 

-printcert   查看导出的证书信息  

-keypasswd   修改密钥库中指定条目口令   

-import      将已签名数字证书导入密钥库 


第一步,生成siyao.jks文件

cmd进入jdk的bin目录,执行下面命令:

keytool -genkey -alias siyao -keypass 你的密码 -keyalg RSA -sigalg sha256withrsa -keysize 1024 -validity 36500 -keystore d:/siyao.jks -storepass 你的密码

执行成功后,在d盘下可以看到siyao.jks文件。

第二步,基于siyao.jks文件生成siyao.pfx(代码来自网络)

public class MyTest {

    public static final String PKCS12 = "PKCS12";
    public static final String JKS = "JKS";
    public static final String PFX_KEYSTORE_FILE = "d://siyao.pfx";
    public static final String KEYSTORE_PASSWORD = "jxnu123";
    public static final String JKS_KEYSTORE_FILE = "d://siyao.jks";

    public static void coverToPfx() {
        try {
            KeyStore inputKeyStore = KeyStore.getInstance("JKS");
            FileInputStream fis = new FileInputStream(JKS_KEYSTORE_FILE);
            char[] nPassword = null;

            if ((KEYSTORE_PASSWORD == null)
                    || KEYSTORE_PASSWORD.trim().equals("")) {
                nPassword = null;
            } else {
                nPassword = KEYSTORE_PASSWORD.toCharArray();
            }

            inputKeyStore.load(fis, nPassword);
            fis.close();

            KeyStore outputKeyStore = KeyStore.getInstance("PKCS12");

            outputKeyStore.load(null, KEYSTORE_PASSWORD.toCharArray());

            Enumeration enums = inputKeyStore.aliases();

            while (enums.hasMoreElements()) { //   we   are   readin   just   one   certificate.

                String keyAlias = (String) enums.nextElement();

                System.out.println("alias=[" + keyAlias + "]");

                if (inputKeyStore.isKeyEntry(keyAlias)) {
                    Key key = inputKeyStore.getKey(keyAlias, nPassword);
                    Certificate[] certChain = inputKeyStore
                            .getCertificateChain(keyAlias);

                    outputKeyStore.setKeyEntry(keyAlias, key, KEYSTORE_PASSWORD
                            .toCharArray(), certChain);
                }
            }

            FileOutputStream out = new FileOutputStream(PFX_KEYSTORE_FILE);

            outputKeyStore.store(out, nPassword);
            out.close();
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
    public static void main(String[] args) {
        coverToPfx();
    }

执行成功后,在d盘下可以看见siyao.pfx文件。

第三步,配置tomcat8.0.33的conf/server.xml

<?xml version="1.0" encoding="UTF-8"?>
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
--><!-- Note:  A "Server" is not itself a "Container", so you may not
     define subcomponents such as "Valves" at this level.
     Documentation at /docs/config/server.html
 --><Server port="8005" shutdown="SHUTDOWN">
  <Listener className="org.apache.catalina.startup.VersionLoggerListener"/>
  <!-- Security listener. Documentation at /docs/config/listeners.html
  <Listener className="org.apache.catalina.security.SecurityListener" />
  -->
  <!--APR library loader. Documentation at /docs/apr.html -->
  <Listener SSLEngine="on" className="org.apache.catalina.core.AprLifecycleListener"/>
  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>

  <!-- Global JNDI resources
       Documentation at /docs/jndi-resources-howto.html
  -->
  <GlobalNamingResources>
    <!-- Editable user database that can also be used by
         UserDatabaseRealm to authenticate users
    -->
    
     <Resource auth="Container" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" name="UserDatabase" pathname="conf/tomcat-users.xml" type="org.apache.catalina.UserDatabase"/>
    
    
<!--配置MySQL数据库的JNDI数据源-->
<!-- <Resource auth="Container" driverClassName="com.mysql.jdbc.Driver" maxActive="100" maxIdle="30" maxWait="10000" name="jdbc/mysql" password="1346798" type="javax.sql.DataSource" url="jdbc:mysql://192.168.1.144:3306/leadtest?useUnicode=true&amp;characterEncoding=utf-8" username="tangcao3021"/>
 -->            
     </GlobalNamingResources>

  <!-- A "Service" is a collection of one or more "Connectors" that share
       a single "Container" Note:  A "Service" is not itself a "Container",
       so you may not define subcomponents such as "Valves" at this level.
       Documentation at /docs/config/service.html
   -->
  <Service name="Catalina">

    <!--The connectors can use a shared executor, you can define one or more named thread pools-->
    <!--
    <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
        maxThreads="150" minSpareThreads="4"/>
    -->


    <!-- A "Connector" represents an endpoint by which requests are received
         and responses are returned. Documentation at :
         Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
         Java AJP  Connector: /docs/config/ajp.html
         APR (HTTP/AJP) Connector: /docs/apr.html
         Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
    -->
    <!--<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>  -->
    <Connector connectionTimeout="20000" port="9443" protocol="HTTP/1.1" redirectPort="8088"/>
    <!-- A "Connector" using the shared thread pool-->
    <!--
    <Connector executor="tomcatThreadPool"
               port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />
    -->
    <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
         This connector uses the NIO implementation that requires the JSSE
         style configuration. When using the APR/native implementation, the
         OpenSSL style configuration is required as described in the APR/native
         documentation -->
    <!--
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />
    -->

    <!-- Define an AJP 1.3 Connector on port 8009 
    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>-->
	
	<Connector port="8088" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
		keystoreFile="cert/siyao.pfx"
		    keystoreType="PKCS12"
		        keystorePass="你的密码"
		         maxHttpHeaderSize="10240"
		 />


    <!-- An Engine represents the entry point (within Catalina) that processes
         every request.  The Engine implementation for Tomcat stand alone
         analyzes the HTTP headers included with the request, and passes them
         on to the appropriate Host (virtual host).
         Documentation at /docs/config/engine.html -->

    <!-- You should set jvmRoute to support load-balancing via AJP ie :
    <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
    -->
    <Engine defaultHost="localhost" name="Catalina">

      <!--For clustering, please take a look at documentation at:
          /docs/cluster-howto.html  (simple how to)
          /docs/config/cluster.html (reference documentation) -->
      <!--
      <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
      -->

      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
           via a brute-force attack -->
      <Realm className="org.apache.catalina.realm.LockOutRealm">
        <!-- This Realm uses the UserDatabase configured in the global JNDI
             resources under the key "UserDatabase".  Any edits
             that are performed against this UserDatabase are immediately
             available for use by the Realm.  -->
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
      </Realm>

      <Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true">

        <!-- SingleSignOn valve, share authentication between web applications
             Documentation at: /docs/config/valve.html -->
        <!--
        <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
        -->

        <!-- Access log processes all example.
             Documentation at: /docs/config/valve.html
             Note: The pattern used is equivalent to using pattern="common" -->
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" pattern="%h %l %u %t &quot;%r&quot; %s %b" prefix="localhost_access_log" suffix=".txt"/>

      </Host>
    </Engine>
  </Service>
</Server>

主要配置在<Contector port="8088"...../>这块。不通版本的tomcat配置还是有差别的,需要注意。

一、使用JDK的keytool生成JKS以及获取JKS的信息
TangMu的博客
06-19 5002
使用JDK的keytool生成JKS以及获取JKS的信息
jdk keytool.exe生成keystore https证书,利用jks2pfx转换nginx证书,nginx配置证书
qq445829096的博客
04-21 619
jdk keytool.exe生成keystore https证书,利用jks2pfx转换nginx证书,nginx配置证书
pfx证书生成 工具
09-28
开发技术使用RSA非对称加密,一键生成pfx证书工具,内附 文档说明。
java证书相关
最新发布
datalover的专栏
08-17 719
Java 支持多种证书和密钥存储格式。
keytool工具生成JKS证书
不积跬步,无以至千里
09-20 1888
使用jdk keytool生成证书自建证书不受CA信任,仅适合学习使用,如果需要用到服务中,建议使用由CA颁发的可信证书。如果仅是内部使用,也可以安装自己生成证书到本机。
使用JAVAkeytool生成,jks证书,pfx证书,cer证书,搭建https服务器用
Site_Dave的博客
05-30 7560
jdk版本-JDK1.6以上版本 1.生成jks证书 在cmd命令中运行 cd %JAVA_HOME%/bin 转到 jdk路径 keytool工具说明: keytool -genkey -alias test(别名) -keypass 123123(私钥密码) -keyalg RSA(算法) -sigalg sha256withrsa(算法小类) -keysize 1024(密钥长度)...
java keytool生成jks_Java KEYTOOL 線上生成合成 JKS
weixin_42554042的博客
02-16 234
密鑰文檔(KEY文檔)的示例如下:-----BEGIN RSA PRIVATE KEY-----ImcaJjXQsihqkuohYcWh2QuijBgXZC+o9IUl+2SNhw6OYXSJTuuD09VFQFAaUC41AoGAfusLj179P1QYNJKo5a+Jqg4O0Uc3wgjYRlZdkBQ7BJ6O+nKeZaXM7wTlALwmZ9RKyKbvzR9AGvqHgPxUn0xT...
KeyTool生成安全证书
biaoming
01-08 377
详细请见:Tomcat的帮助文档,:https://localhost:8080/tomcat-docs/ssl-howto.html  。 1、用keytool 生成证书:         keytool -genkey -alias tomcat -keyalg RSA -keystore c:/tomcat/mykey 说明:     这里-alias tomcat 是表示生成的这个证书...
javakeytool支持的类型及如何将证书导入jks中.docx
09-30
Java Keytool 支持的类型及将证书导入 JKSJava KeytoolJava 自带的一个密钥和证书管理工具,能够管理自己的公钥/私钥对及相关证书,用于自我认证、数据完整性以及认证服务。Keytool 将密钥和证书储存在一个...
Tomcat更换SSL证书方法(jkspfx转换)
07-22
### Tomcat更换SSL证书方法(JKSPFX转换) 在IT行业中,为了保障网络通信的安全性,使用SSL证书加密已经成为了一种标准做法。对于使用Tomcat作为应用服务器的企业或个人来说,有时候会遇到需要更换SSL证书的情况,...
Tomcat9.0安装JKS格式SSL证书.rar
04-28
2. **转换PFXJKS**:由于Tomcat默认使用JKS格式,我们需要将PFX格式的证书转换为JKS。这可以通过Javakeytool工具完成,命令类似于: ``` keytool -importkeystore -deststorepass <JKS_password> -destkeypass...
java keystore导出.pfx .key .crt 私钥
06-22
Java KeyStore文件转换为微软的.pfx文件和OpenSSL的PEM格式文件(.key + .crt) 运行方式: JKS2PFX [Java Runtime的目录] Java Runtime的目录,指包含Java.exe和keytool.exe的目录,如: c:\progra~1\Java\jre1.5.0_06\bin 例如: JKS2PFX server.jks 123456 tomcat exportfile c:\progra~1\Java\jre1.5.0_06\bin
利用keytool生成数字证书
08-30
利用keytool生成数字证书。.bat文件。配置java环境变量后,直接运行即可。非常简单。
jkspfxjks导出pfx证书
09-21
使用keytool.exe,将jks格式证书转换成pfx格式证书。由于本工具未包括keytool.exe 需要安装jdk 才能够正常运行。 没有积分的用户可以根据以下命令行手动导出(keytool.exe 可以在jdk安装目录中找到): keytool.exe ...
使用JDK的keytool工具生成JKS证书
程序员云帆哥的博客
09-15 2673
使用JDK的keytool工具生成JKS证书
利用keytool、openssl生成证书文件
weixin_30539835的博客
08-16 256
转载请标明出处:http://blog.csdn.net/shensky711/article/details/52225073 本文出自: 【HansChen的博客】 用openssl指令逐步生成各个文件 生成服务器密钥:openssl genrsa -out server_private.key 2048 从密钥生成公钥(非必须):openssl rsa...
利用jdk自带keytool工具生成jks签名文件注意事项
Android
07-26 280
结论:生成签名文件,建议使用jdk1.8。
生成tomcat ssl证书jks格式
apple2417的博客
04-15 357
打开网站http://web.chacuo.net/netcreatecrt 生成server.key和server.crt 导出p12: openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name server 导入到jks格式: keytool -importkeystore -srckeystore server.p12 -srcstoretype PKCS12 -destkeystore s.
keytool工具生成jks证书
freedom
06-10 4137
输入命令 keytool -genkeypair -alias server_https -keypass oukele -keyalg RSA -keysize 1024 -validity 365 -keystore D:/server_https.keystore -storepass oukele -alias 别名 -keypass 指定生成密钥的密码 -keyalg 指定密钥使用的加密算法(如 RSA) -keysize 密钥大小 -validity 过期时间,单位:天 -keystore 指
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值