NOTE:已安装的jdk(gnu jdk 1.5)默认keystore类型是gkr,而下面代码要求keystore类型是jks,故产生invalid keystore format错误。解决方法:用sun jdk产生keystore。
1. 生成CA密钥对
在sun jdk 1.6 bin下执行
./keytool -genkey -alias caroot -keyalg RSA -keysize 1024 -keystore /root.keystore
(CA的DN: CN=caroot, OU=CS, O=HUST, L=Wuhan, ST=Hubei, C=CN)
2. chmod a+w /root/.keystore
3. Generate user certificate signed by ca private key.
(源码可以gnu jdk下编译通过)
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Date;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.x509.X509V3CertificateGenerator;
public class CertificateChainDemo {
public String caName = "caroot";
public String caPasswd = "******";
public String keyStorePasswd = "******";
public String keyStorePath = "/root/.keystore";
public String userDN = "CN=loong, OU=CS, O=HUST ,L=Wuhan, ST=Hubei, C=CN";
public String userAlias = "loong"; // 用户别名
public CertificateChainDemo() {
}
public boolean generateX509Certificate(String userCertPath) {
try {
FileInputStream in = new FileInputStream(keyStorePath);
KeyStore ks = KeyStore.getInstance("
1. 生成CA密钥对
在sun jdk 1.6 bin下执行
./keytool -genkey -alias caroot -keyalg RSA -keysize 1024 -keystore /root.keystore
(CA的DN: CN=caroot, OU=CS, O=HUST, L=Wuhan, ST=Hubei, C=CN)
2. chmod a+w /root/.keystore
3. Generate user certificate signed by ca private key.
(源码可以gnu jdk下编译通过)
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Date;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.x509.X509V3CertificateGenerator;
public class CertificateChainDemo {
public String caName = "caroot";
public String caPasswd = "******";
public String keyStorePasswd = "******";
public String keyStorePath = "/root/.keystore";
public String userDN = "CN=loong, OU=CS, O=HUST ,L=Wuhan, ST=Hubei, C=CN";
public String userAlias = "loong"; // 用户别名
public CertificateChainDemo() {
}
public boolean generateX509Certificate(String userCertPath) {
try {
FileInputStream in = new FileInputStream(keyStorePath);
KeyStore ks = KeyStore.getInstance("