Java生成CSR创建证书

最新推荐文章于 2024-01-20 09:02:10 发布
最新推荐文章于 2024-01-20 09:02:10 发布
阅读量2.1w 收藏 14
点赞数 1
分类专栏: Security Java
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/jinhill/article/details/17612273
版权
Java生成CSR,签发证书 
package com.jinhill.cert;

import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.FileWriter;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.security.spec.RSAPublicKeySpec;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;

import javax.security.auth.x500.X500Principal;

import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.pkcs.CertificationRequest;
import org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.X509CertificateStructure;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMReader;
import org.bouncycastle.openssl.PEMWriter;
import org.bouncycastle.openssl.PasswordFinder;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.x509.X509V1CertificateGenerator;
import org.bouncycastle.x509.X509V3CertificateGenerator;
import org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure;
import org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure;

public class CA {
	public CA() {
		Security.addProvider(new BouncyCastleProvider());
	}

	public static String getSubjectDN(byte[] der) {
		String dn = "";
		try {
			ByteArrayInputStream bIn = new ByteArrayInputStream(der);
			// BouncyCastleProvider provider = new BouncyCastleProvider();
			// CertificateFactory cf = CertificateFactory.getInstance("X509",
			// provider);
			CertificateFactory cf = new CertificateFactory();
			X509Certificate cert = (X509Certificate) cf
					.engineGenerateCertificate(bIn);
			dn = cert.getSubjectDN().getName();
			bIn.close();
		} catch (CertificateException e) {
			e.printStackTrace();
		} catch (IOException e) {
			e.printStackTrace();
		}
		return dn;
	}

	public static String parseCertDN(String dn, String type) {
		type = type + "=";
		String[] split = dn.split(",");
		for (String x : split) {
			if (x.contains(type)) {
				x = x.trim();
				return x.substring(type.length());
			}
		}
		return null;
	}

	public String genCSR(String subject, String pemPath, String pemPassword)
			throws InvalidKeyException, NoSuchAlgorithmException,
			NoSuchProviderException, SignatureException {
		try {
			X509Name dn = new X509Name(subject);
			KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
			keyGen.initialize(1024);
			KeyPair kp = keyGen.generateKeyPair();
			PKCS10CSR p10 = new PKCS10CSR("SHA1WithRSA", dn, kp.getPublic(),
					new DERSet(), kp.getPrivate());
			// PKCS10CertificationRequest p10 = new
			// PKCS10CertificationRequest("SHA1WithRSA", dn, kp.getPublic(),
			// null,
			// kp.getPrivate());
			// PKCS10CertificationRequest p10 = new
			// PKCS10CertificationRequest("SHA1WithRSA", dn, kp.getPublic(), new
			// DERSet(),
			// kp.getPrivate());
			byte[] der = p10.getEncoded();
			String code = "-----BEGIN CERTIFICATE REQUEST-----\n";
			code += new String(Base64.encode(der));
			code += "\n-----END CERTIFICATE REQUEST-----\n";
			CertificationRequestInfo csrinfo = p10
					.getCertificationRequestInfo();

			savePEM(kp.getPrivate(), pemPassword, pemPath);

			return code;
		} catch (Exception e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
		return null;
	}

	public static void saveX509Certificate(X509Certificate certificate,
			String caCertPath) throws Exception {
		FileOutputStream stream = new FileOutputStream(caCertPath);
		stream.write(certificate.getEncoded());
		stream.close();
	}

	public static void savePEM(PrivateKey key, String pemPassword,
			String pemPath) throws Exception {
		PEMWriter writer = new PEMWriter(new FileWriter(pemPath));
		writer.writeObject(key, "DES-EDE3-CBC", pemPassword.toCharArray(),
				new SecureRandom());
		writer.close();
	}

	public static KeyPair getPrivateKey(String pemPath, final String pemPassword)
			throws Exception {
		PEMReader reader = new PEMReader(new InputStreamReader(
				new FileInputStream(pemPath)), new PasswordFinder() {
			public char[] getPassword() {
				// TODO Auto-generated method stub
				return pemPassword.toCharArray();
			}
		});
		KeyPair key = (KeyPair) reader.readObject();
		return key;
	}

	public static X509Certificate getCertificate(String caCertPath)
			throws Exception {
		CertificateFactory factory = new CertificateFactory();
		FileInputStream inputStream = new FileInputStream(caCertPath);
		X509Certificate certificate = (X509Certificate) factory
				.engineGenerateCertificate(inputStream);
		return certificate;
	}

	public byte[] createRootCert(String dn, String snStr, int validate,
			String caCertPath, String caPemPath, String caPemPassword)
			throws Exception {
		KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
		keyGen.initialize(2048);
		KeyPair kp = keyGen.generateKeyPair();
		X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
		certGen.setSerialNumber(new BigInteger(snStr));
		certGen.setNotBefore(new Date(System.currentTimeMillis()));
		certGen.setNotAfter(new Date(System.currentTimeMillis() + validate * 24
				* 60 * 60 * 1000L));
		certGen.setSubjectDN(new X500Principal(dn));
		certGen.setPublicKey(kp.getPublic());
		certGen.setIssuerDN(new X500Principal(dn));
		certGen.setSignatureAlgorithm("SHA1WithRSA");
		X509Certificate certificate = certGen.generate(kp.getPrivate());
		saveX509Certificate(certificate, caCertPath);
		savePEM(kp.getPrivate(), caPemPassword, caPemPath);
		return certificate.getEncoded();
	}

	@SuppressWarnings("deprecation")
	public int createUserCert(String dn, String serialNumber, int validate,
			String userCertPath, String userPemPath, String userPemPassword,
			String caCertPath, String caPemPath, String caPemPassword) {

		try {
			KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
			keyGen.initialize(1024);
			KeyPair keyPair = keyGen.generateKeyPair();

			X509Certificate caCert = getCertificate(caCertPath);

			KeyPair caKey = getPrivateKey(caPemPath, caPemPassword);

			X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
			X500Principal subjectName = new X500Principal(dn);
			certGen.setSerialNumber(new BigInteger(serialNumber));
			certGen.setIssuerDN(caCert.getSubjectX500Principal());
			certGen.setNotBefore(new Date(System.currentTimeMillis()));
			certGen.setNotAfter(new Date(System.currentTimeMillis() + validate
					* 24 * 60 * 60 * 1000L));
			certGen.setSubjectDN(subjectName);
			certGen.setPublicKey(keyPair.getPublic());
			certGen.setSignatureAlgorithm("SHA1WithRSA");

			certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
					new AuthorityKeyIdentifierStructure(caCert));

			certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false,
					new SubjectKeyIdentifierStructure(keyPair.getPublic()));

			X509Certificate cert = certGen.generate(caKey.getPrivate(), "BC");
			saveX509Certificate(cert, userCertPath);
			savePEM(keyPair.getPrivate(), userPemPassword, userPemPath);
		} catch (CertificateParsingException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (InvalidKeyException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (CertificateEncodingException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (IllegalStateException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (NoSuchProviderException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (NoSuchAlgorithmException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (SignatureException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (Exception e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
		return 0;
	}

	public static X509Certificate signCert(String csrStr, String userCertPath,
			String caCertPath, String caPemPath, String caPemPassword)
			throws InvalidKeyException, NoSuchAlgorithmException,
			NoSuchProviderException, SignatureException, IOException,
			OperatorCreationException, CertificateException {

		try {
			csrStr = csrStr.replaceAll("-----BEGIN CERTIFICATE REQUEST-----\n",
					"");
			csrStr = csrStr.replaceAll("\n-----END CERTIFICATE REQUEST-----\n",
					"");
			byte[] der = Base64.decode(csrStr);

			KeyPair caPair;

			caPair = getPrivateKey(caPemPath, caPemPassword);

			X509Certificate caCert = getCertificate(caCertPath);
			// X500Principal subjectName = new
			// X500Principal(p10.getSubject().toString());
			PKCS10CertificationRequest p10CSR = new PKCS10CertificationRequest(
					der);

			AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder()
					.find("SHA1withRSA");
			AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder()
					.find(sigAlgId);

			AsymmetricKeyParameter foo = PrivateKeyFactory.createKey(caPair
					.getPrivate().getEncoded());

			SubjectPublicKeyInfo pkInfo = p10CSR.getSubjectPublicKeyInfo();
			RSAKeyParameters rsa = (RSAKeyParameters) PublicKeyFactory
					.createKey(pkInfo);
			RSAPublicKeySpec rsaSpec = new RSAPublicKeySpec(rsa.getModulus(),
					rsa.getExponent());
			KeyFactory kf = KeyFactory.getInstance("RSA");
			PublicKey rsaPub = kf.generatePublic(rsaSpec);

			SubjectPublicKeyInfo keyInfo = new SubjectPublicKeyInfo(
					ASN1Sequence.getInstance(rsaPub.getEncoded()));
			X509v3CertificateBuilder myCertificateGenerator = new X509v3CertificateBuilder(
					new X500Name(caCert.getIssuerDN().getName()),
					new BigInteger("1"), new Date(System.currentTimeMillis()),
					new Date(System.currentTimeMillis() + 30 * 365 * 24 * 60
							* 60 * 1000), p10CSR.getSubject(), keyInfo);

			ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId,
					digAlgId).build(foo);

			X509CertificateHolder holder = myCertificateGenerator.build(sigGen);
			
			Certificate eeX509CertificateStructure = holder.toASN1Structure();
		
			CertificateFactory cf = new CertificateFactory();

			// Read Certificate
			InputStream is1 = new ByteArrayInputStream(
					eeX509CertificateStructure.getEncoded());
			X509Certificate theCert = (X509Certificate) cf
					.engineGenerateCertificate(is1);
			is1.close();
			saveX509Certificate(theCert, userCertPath);
			return theCert;
		} catch (Exception e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}

		return null;
	}

	@SuppressWarnings("deprecation")
	public int createUserCertEx(String p10CSR, String serialNumber,
			int validate, String userCertPath, String caCertPath,
			String caPemPath, String caPemPassword) {
		try {
			p10CSR = p10CSR.replaceAll("-----BEGIN CERTIFICATE REQUEST-----\n",
					"");
			p10CSR = p10CSR.replaceAll("\n-----END CERTIFICATE REQUEST-----\n",
					"");
			byte[] der = Base64.decode(p10CSR);
			PKCS10CertificationRequest p10 = new PKCS10CertificationRequest(der);
			X509Certificate caCert = getCertificate(caCertPath);

			KeyPair caKey = getPrivateKey(caPemPath, caPemPassword);
			
			
			SubjectPublicKeyInfo pkInfo = p10.getSubjectPublicKeyInfo();
			RSAKeyParameters rsa = (RSAKeyParameters) PublicKeyFactory
					.createKey(pkInfo);
			RSAPublicKeySpec rsaSpec = new RSAPublicKeySpec(rsa.getModulus(),
					rsa.getExponent());
			KeyFactory kf = KeyFactory.getInstance("RSA");
			PublicKey rsaPub = kf.generatePublic(rsaSpec);
			

			X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
			X500Principal subjectName = new X500Principal(p10.getSubject()
					.toString());
			certGen.setSerialNumber(new BigInteger(serialNumber));
			certGen.setIssuerDN(caCert.getSubjectX500Principal());
			certGen.setNotBefore(new Date(System.currentTimeMillis()));
			certGen.setNotAfter(new Date(System.currentTimeMillis() + validate
					* 24 * 60 * 60 * 1000L));
			certGen.setSubjectDN(subjectName);
			// certGen.setPublicKey(p10.getSubjectPublicKeyInfo().getPublicKey().getEncoded());
			certGen.setSignatureAlgorithm("SHA1WithRSA");

			certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
					new AuthorityKeyIdentifierStructure(caCert));

			 certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false,
		 new SubjectKeyIdentifierStructure(rsaPub.getEncoded()));

			X509Certificate cert = certGen.generate(caKey.getPrivate(), "BC");
			saveX509Certificate(cert, userCertPath);
		} catch (CertificateParsingException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (InvalidKeyException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (CertificateEncodingException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (IllegalStateException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (NoSuchProviderException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (NoSuchAlgorithmException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (SignatureException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (Exception e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
		return 0;
	}

	// public static void createUserCert(String subjectDN, String snStr,
	// int validate, String caCertPath, String caPemPath,
	// String caPemPassword, String userCertPath, String userPemPath,
	// String userPenPassword) throws Exception {
	// X509Certificate CA = getCertificate(caCertPath);
	// KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
	// keyGen.initialize(1024);
	// KeyPair pair = keyGen.generateKeyPair();
	//
	// X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
	// certGen.setSerialNumber(new BigInteger(snStr));
	// certGen.setNotBefore(new Date(System.currentTimeMillis()));
	// certGen.setNotAfter(new Date(System.currentTimeMillis() + validate * 24
	// * 60 * 60 * 1000L));
	// certGen.setSubjectDN(new X500Principal(subjectDN));
	// certGen.setPublicKey(pair.getPublic());
	// certGen.setIssuerDN(CA.getIssuerX500Principal());
	// certGen.setSignatureAlgorithm("SHA1WithRSA");
	//
	// X509Certificate certificate = certGen.generate(pair.getPrivate());
	// byte[] src = certificate.getEncoded();
	// KeyPair key = getPrivateKey(caPemPath, caPemPassword);
	// // byte[] b = HongAnUtils.RSASign(key.getPrivate(), src);
	// X509CertImpl newcert = new X509CertImpl(src);
	// X509CertInfo info = (X509CertInfo) newcert.get(newcert.getName() + "."
	// + newcert.INFO);
	// X509CertImpl export = new X509CertImpl(info);
	// export.sign(key.getPrivate(), "SHA1WithRSA");
	// savePEM(pair.getPrivate(), userPenPassword, userPemPath);
	// DEROutputStream stream = new DEROutputStream(new FileOutputStream(
	// userCertPath));
	// stream.write(export.getEncoded());
	// stream.close();
	// }

	public java.security.cert.Certificate certToX509Cert(X509Certificate cert) {
		try {
			CertificateFactory cf = new CertificateFactory();
			InputStream is = new ByteArrayInputStream(cert.getEncoded());
			Collection coll = cf.engineGenerateCertificates(is);
			java.security.cert.Certificate jcrt = null;
			Iterator it = coll.iterator(); 
			if (it.hasNext()) {
				jcrt = (java.security.cert.Certificate) it.next(); 
				return jcrt;
			}
		} catch (CertificateEncodingException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (CertificateException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
		return null;
	}

	public int storeP12(String caCertPath, String certPath, String pemPath, String pemPassword,
			String p12Path, String p12Password) {
		KeyPair kp;
		try {
			kp = getPrivateKey(pemPath, pemPassword);
			X509Certificate caCert = getCertificate(caCertPath);
			X509Certificate cert = getCertificate(certPath);
			java.security.cert.Certificate[] chain = new java.security.cert.Certificate[2];
			chain[0] = certToX509Cert(cert);
			chain[1] = certToX509Cert(caCert);
			KeyStore ks = KeyStore.getInstance("PKCS12", "BC");
			ks.load(null, null);
			ks.setKeyEntry(parseCertDN(cert.getSubjectDN().getName(), "CN"),
					kp.getPrivate(), null, chain);
			FileOutputStream fOut = new FileOutputStream(p12Path);
			ks.store(fOut, p12Password.toCharArray());
		} catch (Exception e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
		return 0;
	}

	public static void main(String[] args) {
		// TODO Auto-generated method stub

	}

}

Jinhill
关注
  • 1
    点赞
  • 14
    收藏
    觉得还不错? 一键收藏
  • 13
    评论
专栏目录
Windows下证书私钥和证书请求CSR生成工具
12-05
Windows下证书私钥和证书请求CSR生成工具,一键生成私钥和CSR文件,直接发给证书供应商或者自签名就可以了
使用 generateCertificate(InputStream inStream) 通过String生成x.509证书的两种情况
楞次定律
10-15 5681
使用 java.security.cert.CertificateFactory.generateCertificate(InputStream inStream) 通过String生成x.509证书实体的两种情况 证书实体certEntityString如下 -----BEGIN CERTIFICATE----- MIIDsjCCApqgAwIBAgIERqyYvTANBgkqhkiG9w0BA...
Java校验.CER、.pem证书格式以及获取证书有效期
AXibaaa的博客
05-08 2330
public static void main(String[] args) throws CertificateException, FileNotFoundException { CertificateFactory cf = CertificateFactory.getInstance("X.509"); FileInputStream in = new FileInputStream("/Users/name/Downloads/cert.pem"); .
Java根据模板图片自定义生成获奖证书图片
最新发布
liao3399084的博客
01-20 688
在一些教学系统中,经常会用到一些证书自定义生成,提供一个模板,写入不同姓名、获得的奖项、描述等,本篇文章就是处理这类需求的。
java 生成证书_在java生成证书
weixin_42601608的博客
02-12 864
问题是如何在Java中以编程方式生成证书链.换句话说,我想在java中执行这里详述的操作:http://fusesource.com/docs/broker/5.3/security/i382664.html通常,我可以为新客户创建RSA密钥:private KeyPair genRSAKeyPair(){// Get RSA key factory:KeyPairGenerator kpg = ...
Java环境下用SM2或者RSA格式生成P10
醉梦洛的博客
11-19 5373
背景: 需要要求,生成P10时用的私钥不能暴露出来,为了安全起见,将需要用户自己用私钥进行签名后,将私钥签名当参数传入生成P10的接口中。 1.生成P10的工具类 ①该方法是需要使用者传入用户公钥,签名算法,私钥签名,才能生成P10 /** * 生成 P10 * @param pubKey 用户公钥 * @param signAlg 签名算法 * @param signer 私钥签名 对象 * @return p10 */
java generate()_java-当generateCertificate()时出现CertificateExcept...
weixin_33138675的博客
02-20 486
我正在开发我的Android应用程序.我正在尝试从我的证??书文件流生成X509Certificate实例,但是获取CertificateException,这是我的简单代码:import java.security.cert.CertificateException;import java.security.cert.CertificateFactory;import java.security...
通过 Java 代码生成请求 CSR证书
xiangzhihong8的专栏
09-27 410
在 PKI(Public Key Infrastructure,公开密钥基础建设)体系中,证书签名请求(也称为 CSR证书请求)是由客户端提交给 CA(Certificate Authority)用于申请数字证书的信息。其中 PKCS#10 规范是 CSR 中最常见的格式。比如,张三和李四通过互联网进行信息传输,他们两者都希望接受到的信息就是对方发送的原始内容,没有被任何篡改,且不能被抵赖。要实现这个目的,其中一个方法就是使用 PKI。在 PKI 中,他们双方都需要生成密钥对,即公钥和私钥。
Generate certificate in Java -- Self signed certificate
stay hungry,stay foolish !
01-07 687
This is the first post in this series which I will show you how to generate SSL certificate in Java programmatically. Certificates are frequently used in SSL communication which requires the authentic
cer证书生成以及签名验签详细篇(keytool 命令)
生命不息,bug不止,一起探讨下写bug的技术吧
03-22 8701
我们用cmd命令进行生成cer证书 生成管理工具 Keytool是一个Java数据证书的管理工具 ,Keytool将密钥(key)和证书certificates)存在一个称为keystore的文件中 生成命令: keytool -genkey -alias mykey -keyalg RSA -keystore C:/mykeystore.keystore -keysize 1024 -validity 365 命令解析: -genkey:生成一对非对称密钥 -alias: 指定一个别名 -keyalg
java 产生p10证书_证书应用学习(二)——PKCS10生成证书请求
weixin_36099549的博客
02-16 5433
申请证书就需要产生证书请求,生成PKCS#10的证书请求就需要准备1. 选择秘钥对的生成厂商(一般有BC的包,或者密码卡提供商提供的集成包)2. 产生秘钥对3. 构建DN4.生成P105. 分别存储公私钥,文件名以DN的hash作为唯一值,后缀以.key 和. keypub结尾X500Principal subject = new X500Principal(dn);JcaPKCS10Certif...
JAVA关于SSL证书请求的CSR文件及用户秘钥的生成工具类
04-23
工具内容有完整的CSR生成及对应秘钥保存,使用java.securtiy Signature类
Java生成的国密cer证书
08-24
国密算法是我国自主研发创新的一套数据加密处理系列算法,很多项目都在用了,所以用Java代码生成的基于国密算法签发的sm2 证书,放到资源里面方便大家下载使用。
python-csr:通过Python生成CSRKey
05-03
生成密钥,自签名证书证书请求。 信息 该脚本适用于Python 2.7。 由于input()函数在python2和python3之间的变化方式,因此该脚本目前不向后兼容。 安装/依赖性 需要以下模块: OpenSSL(pyopenssl) Argparse...
ios-csr:在iOS中生成CSR证书签名请求)
02-04
ios-csr:在iOS中生成CSR证书签名请求)
SSL连接建立过程分析(1)
热门推荐
Jinhill's Blog
12-26 4万+
Https协议:SSL建立过程分析web访问的两种方式:http协议,我们一般情况下是通过它访问web,因为它不要求太多的安全机制,使用起来也简单,很多web站点也只支持这种方式下的访问.https协议(Hypertext Transfer Protocol over Secure Socket Layer),对于安全性要求比较高的情况,可以通过它访问web,比如工商银行https:/
用openssl命令生成证书
Jinhill's Blog
06-21 2万+
也许很多人和本人一样深有体会,使用OpenSSL库写一个加密通讯过程,代码很容易就写出来了,可是整个工作却花了了好几天。除将程序编译成功外(没有可以使用的证书文件,编译成功了,它并不能跑起来,并不表示它能正常使用,所以......),还需生成必要的证书和私钥文件使双方能够成功验证对方。找了n多的资料,很多是说的很模糊,看了n多的英文资料,还是没有办法(不知道是不是外国朋友都比较厉害,不用说明得太清
Openssl验证证书的有效性
Jinhill's Blog
02-27 1万+
好久没写博客了,直接上代码#include #include #include #include #include int LoadCert(unsigned char * szFilePath, unsigned char *pbCert, int size) { int len = 0; if(szFilePath == NULL || pbCert == NULL || siz
Java 如何生成证书
06-08
Java中可以使用keytool工具来生成证书链。下面是一个简单的示例: 1. 首先,使用keytool生成CA证书 ``` keytool -genkeypair -alias myca -keyalg RSA -keysize 2048 -validity 3650 -keystore mykeystore.jks ``` 这个命令将生成一个名为mykeystore.jks的密钥库文件,并在其中生成一个名为myca的别名,该别名对应的密钥对将用于签名其他证书。 2. 接下来,使用keytool生成服务器证书 ``` keytool -genkeypair -alias myserver -keyalg RSA -keysize 2048 -validity 3650 -keystore mykeystore.jks ``` 这个命令将生成一个名为myserver的别名,并在mykeystore.jks密钥库中生成一个与该别名对应的密钥对。 3. 签名服务器证书 ``` keytool -certreq -alias myserver -keystore mykeystore.jks -file myserver.csr ``` 此命令将创建一个名为myserver.csr证书签名请求文件。 4. 使用CA证书签署服务器证书 ``` keytool -gencert -alias myca -keystore mykeystore.jks -infile myserver.csr -outfile myserver.cer ``` 此命令将使用myca别名对应的密钥对签署myserver.csr证书签名请求文件,并在mykeystore.jks密钥库中生成一个名为myserver.cer的证书文件。 5. 将服务器证书导入到密钥库中 ``` keytool -import -alias myserver -file myserver.cer -keystore mykeystore.jks ``` 此命令将myserver.cer证书文件导入到mykeystore.jks密钥库中,并使用myserver别名标识该证书。 以上步骤完成后,你就可以使用Java中的证书链来验证和建立信任关系了。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 13
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值