一、生成配置cert
1.1生成 server keystore
[root@iZbp19pf0xgaj0oo0041u6Z cert]# keytool -keystore server.keystore.jks -alias kafka-server -validity 365 -keyalg RSA -genkey
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: hanwan
What is the name of your organizational unit?
[Unknown]: kafka
What is the name of your organization?
[Unknown]: kafka
What is the name of your City or Locality?
[Unknown]: HZ
What is the name of your State or Province?
[Unknown]: ZJ
What is the two-letter country code for this unit?
[Unknown]: CN
Is CN=hanwan, OU=kafka, O=kafka, L=HZ, ST=ZJ, C=CN correct?
[no]: YES^H^H
Enter key password for <kafka-server>
(RETURN if same as keystore password):
Re-enter new password:
Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore server.keystore.jks -destkeystore server.keystore.jks -deststoretype pkcs12".
[root@iZbp19pf0xgaj0oo0041u6Z cert]# keytool -list server.keystore.jks -v
Illegal option: server.keystore.jks
keytool -list [OPTION]...
Lists entries in a keystore
Options:
-rfc output in RFC style
-alias <alias> alias name of the entry to process
-keystore <keystore> keystore name
-storepass <arg> keystore password
-storetype <storetype> keystore type
-providername <providername> provider name
-providerclass <providerclass> provider class name
-providerarg <arg> provider argument
-providerpath <pathlist> provider classpath
-v verbose output
-protected password through protected mechanism
Use "keytool -help" for all available commands
[root@iZbp19pf0xgaj0oo0041u6Z cert]# keytool -list -keystore server.keystore.jks -v
Enter keystore password:
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: kafka-server
Creation date: Aug 30, 2018
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=hanwan, OU=kafka, O=kafka, L=HZ, ST=ZJ, C=CN
Issuer: CN=hanwan, OU=kafka, O=kafka, L=HZ, ST=ZJ, C=CN
Serial number: 1a0a5446
Valid from: Thu Aug 30 09:13:14 CST 2018 until: Fri Aug 30 09:13:14 CST 2019
Certificate fingerprints:
MD5: DF:79:13:05:23:4F:56:FB:7C:E4:F1:33:C0:9F:53:61
SHA1: CD:AE:2F:5B:F9:A1:11:4B:D5:8C:E2:52:2E:3E:0A:59:A2:F2:8A:64
SHA256: 30:B1:0B:39:C1:AB:FC:AD:DD:86:C8:F8:F6:04:0C:71:A6:10:61:7D:37:91:2F:72:53:4C:A0:FC:57:7E:A9:2A
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: AB 31 16 F2 62 95 41 F2 2E C0 A2 49 A1 85 61 C1 .1..b.A....I..a.
0010: 0C C6 A1 83 ....
]
]
*******************************************
*******************************************
Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore server.keystore.jks -destkeystore server.keystore.jks -deststoretype pkcs12".
1.2生成client keystore
[root@iZbp19pf0xgaj0oo0041u6Z cert]# keytool -keystore client.keystore.jks -alias kafka-client -validity 365 -keyalg RSA -genkey
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: hanwan
What is the name of your organizational unit?
[Unknown]: kafka
What is the name of your organization?
[Unknown]: kafka
What is the name of your City or Locality?
[Unknown]: HZ
What is the name of your State or Province?