一、https协议流程:
1、生成服务器证书:
1.1、生成秘钥文件mykey:
keytool -genkey -alias tomcat7.0 -keyalg RSA -keystore mykey -storepass Zyg15328420313 -keypass Zyg15328420313
1.2、利用秘钥文件mykey制作并生成服务器证书server.cer:
keytool -export -alias tomcat7.0 -storepass Zyg15328420313 -file server.cer -keystore mykey
2、把keytool制作的秘钥文件mykey和服务器证书文件server.cer转化成slb支持的pem格式(一种openssl生成的服务器证书文件格式)
2.1、准备工作:
2.1.1、下载安装版openssl。
2.1.2、下载java源代码:
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.util.Enumeration;
public class ConventPFX {
public static final String PKCS12 = "PKCS12";
public static final String JKS = "JKS";
public static final String PFX_KEYSTORE_FILE = "./test.pfx";//保存的文件名
public static final String KEYSTORE_PASSWORD = "Zyg15328420313";//mykey中的密码
public static final String JKS_KEYSTORE_FILE = "../mykey";//原文件名
public static void coverTokeyStore() {
try {
KeyStore inputKeyStore = KeyStore.getInstance("PKCS12");
FileInputStream fis = new FileInputStream(PFX_KEYSTORE_FILE);
char[] nPassword = null;
if ((KEYSTORE_PASSWORD == null)|| KEYSTORE_PASSWORD.trim().equals("")) {
nPassword = null;
} else {
nPassword = KEYSTORE_PASSWORD.toCharArray();
}
inputKeyStore.load(fis, nPassword);
fis.close();
KeyStore outputKeyStore = KeyStore.getInstance("JKS");
outputKeyStore.load(null, KEYSTORE_PASSWORD.toCharArray());
Enumeration enums = inputKeyStore.aliases();
while (enums.hasMoreElements()) { // we are readin just one certificate.
String keyAlias = (String) enums.nextElement();
System.out.println("alias=[" + keyAlias + "]");
if (inputKeyStore.isKeyEntry(keyAlias)) {
Key key = inputKeyStore.getKey(keyAlias, nPassword);
Certificate[] certChain = inputKeyStore.getCertificateChain(keyAlias);
outputKeyStore.setKeyEntry(keyAlias, key, KEYSTORE_PASSWORD.toCharArray(), certChain);
}
}
FileOutputStream out = new FileOutputStream(JKS_KEYSTORE_FILE);
outputKeyStore.store(out, nPassword);
out.close();
} catch (Exception e) {
e.printStackTrace();
}
}
public static void coverToPfx() {
try {
KeyStore inputKeyStore = KeyStore.getInstance("JKS");
FileInputStream fis = new FileInputStream(JKS_KEYSTORE_FILE);
char[] nPassword = null;
if ((KEYSTORE_PASSWORD == null)|| KEYSTORE_PASSWORD.trim().equals("")) {
nPassword = null;
} else {
nPassword = KEYSTORE_PASSWORD.toCharArray();
}
inputKeyStore.load(fis, nPassword);
fis.close();
KeyStore outputKeyStore = KeyStore.getInstance("PKCS12");
outputKeyStore.load(null, KEYSTORE_PASSWORD.toCharArray());
Enumeration enums = inputKeyStore.aliases();
while (enums.hasMoreElements()) { // we are readin just one certificate.
String keyAlias = (String) enums.nextElement();
System.out.println("alias=[" + keyAlias + "]");
if (inputKeyStore.isKeyEntry(keyAlias)) {
Key key = inputKeyStore.getKey(keyAlias, nPassword);
Certificate[] certChain = inputKeyStore.getCertificateChain(keyAlias);
outputKeyStore.setKeyEntry(keyAlias, key, KEYSTORE_PASSWORD.toCharArray(), certChain);
}
}
FileOutputStream out = new FileOutputStream(PFX_KEYSTORE_FILE);
outputKeyStore.store(out, nPassword);
out.close();
} catch (Exception e) {
e.printStackTrace();
}
}
public static void main(String[] args) {
coverToPfx();
}
}
编译后得到一个工具ConventPFX,运行这个java工具,没有参数。用于把mykey文件转换成pfx格式的文件,如test.pfx;
2.2、把keytool生成的mykey文件转化成pem格式
2.2.1、创建pfx文件:如test.pfx
java ConventPFX
2.2.2、把pfx文件转换成key文件:如server.key
openssl pkcs12 -in C:\Users\LV\test.pfx -nocerts -nodes -out server.key
2.2.3:、把server.key转换成pem文件:如serverkey.pem
openssl rsa -in server.key -out serverkey.pem
这样我们就得到了服务器证书的秘钥文件。
2.3、把keytool生成server.cer转化成server.pem
openssl x509 -inform der -in C:\Users\LV\server.cer -out C:\Users\LV\server.pem
3、结论:这样我们就完成了https服务器证书的制作,并且把keytool生成的证书和密码转换成了openssl能识别的证书和密码
1、生成服务器证书:
1.1、生成秘钥文件mykey:
keytool -genkey -alias tomcat7.0 -keyalg RSA -keystore mykey -storepass Zyg15328420313 -keypass Zyg15328420313
1.2、利用秘钥文件mykey制作并生成服务器证书server.cer:
keytool -export -alias tomcat7.0 -storepass Zyg15328420313 -file server.cer -keystore mykey
2、把keytool制作的秘钥文件mykey和服务器证书文件server.cer转化成slb支持的pem格式(一种openssl生成的服务器证书文件格式)
2.1、准备工作:
2.1.1、下载安装版openssl。
2.1.2、下载java源代码:
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.util.Enumeration;
public class ConventPFX {
public static final String PKCS12 = "PKCS12";
public static final String JKS = "JKS";
public static final String PFX_KEYSTORE_FILE = "./test.pfx";//保存的文件名
public static final String KEYSTORE_PASSWORD = "Zyg15328420313";//mykey中的密码
public static final String JKS_KEYSTORE_FILE = "../mykey";//原文件名
public static void coverTokeyStore() {
try {
KeyStore inputKeyStore = KeyStore.getInstance("PKCS12");
FileInputStream fis = new FileInputStream(PFX_KEYSTORE_FILE);
char[] nPassword = null;
if ((KEYSTORE_PASSWORD == null)|| KEYSTORE_PASSWORD.trim().equals("")) {
nPassword = null;
} else {
nPassword = KEYSTORE_PASSWORD.toCharArray();
}
inputKeyStore.load(fis, nPassword);
fis.close();
KeyStore outputKeyStore = KeyStore.getInstance("JKS");
outputKeyStore.load(null, KEYSTORE_PASSWORD.toCharArray());
Enumeration enums = inputKeyStore.aliases();
while (enums.hasMoreElements()) { // we are readin just one certificate.
String keyAlias = (String) enums.nextElement();
System.out.println("alias=[" + keyAlias + "]");
if (inputKeyStore.isKeyEntry(keyAlias)) {
Key key = inputKeyStore.getKey(keyAlias, nPassword);
Certificate[] certChain = inputKeyStore.getCertificateChain(keyAlias);
outputKeyStore.setKeyEntry(keyAlias, key, KEYSTORE_PASSWORD.toCharArray(), certChain);
}
}
FileOutputStream out = new FileOutputStream(JKS_KEYSTORE_FILE);
outputKeyStore.store(out, nPassword);
out.close();
} catch (Exception e) {
e.printStackTrace();
}
}
public static void coverToPfx() {
try {
KeyStore inputKeyStore = KeyStore.getInstance("JKS");
FileInputStream fis = new FileInputStream(JKS_KEYSTORE_FILE);
char[] nPassword = null;
if ((KEYSTORE_PASSWORD == null)|| KEYSTORE_PASSWORD.trim().equals("")) {
nPassword = null;
} else {
nPassword = KEYSTORE_PASSWORD.toCharArray();
}
inputKeyStore.load(fis, nPassword);
fis.close();
KeyStore outputKeyStore = KeyStore.getInstance("PKCS12");
outputKeyStore.load(null, KEYSTORE_PASSWORD.toCharArray());
Enumeration enums = inputKeyStore.aliases();
while (enums.hasMoreElements()) { // we are readin just one certificate.
String keyAlias = (String) enums.nextElement();
System.out.println("alias=[" + keyAlias + "]");
if (inputKeyStore.isKeyEntry(keyAlias)) {
Key key = inputKeyStore.getKey(keyAlias, nPassword);
Certificate[] certChain = inputKeyStore.getCertificateChain(keyAlias);
outputKeyStore.setKeyEntry(keyAlias, key, KEYSTORE_PASSWORD.toCharArray(), certChain);
}
}
FileOutputStream out = new FileOutputStream(PFX_KEYSTORE_FILE);
outputKeyStore.store(out, nPassword);
out.close();
} catch (Exception e) {
e.printStackTrace();
}
}
public static void main(String[] args) {
coverToPfx();
}
}
编译后得到一个工具ConventPFX,运行这个java工具,没有参数。用于把mykey文件转换成pfx格式的文件,如test.pfx;
2.2、把keytool生成的mykey文件转化成pem格式
2.2.1、创建pfx文件:如test.pfx
java ConventPFX
2.2.2、把pfx文件转换成key文件:如server.key
openssl pkcs12 -in C:\Users\LV\test.pfx -nocerts -nodes -out server.key
2.2.3:、把server.key转换成pem文件:如serverkey.pem
openssl rsa -in server.key -out serverkey.pem
这样我们就得到了服务器证书的秘钥文件。
2.3、把keytool生成server.cer转化成server.pem
openssl x509 -inform der -in C:\Users\LV\server.cer -out C:\Users\LV\server.pem
3、结论:这样我们就完成了https服务器证书的制作,并且把keytool生成的证书和密码转换成了openssl能识别的证书和密码