生成根证书:
import java.io.IOException;
import java.util.Scanner;
public class Cert_root {
public static void main(String[] args) throws IOException, InterruptedException {
Scanner sc=new Scanner(System.in);
String dname_in="";
System.out.println("输入证书所有者名字:");
String cn=sc.nextLine();
dname_in="CN="+cn+",";
System.out.println("输入证书所有者单位名字:");
String ou=sc.nextLine();
dname_in=dname_in+"OU="+ou+",";
System.out.println("输入证书所有者所在城市名字:");
String l=sc.nextLine();
dname_in=dname_in+"L="+l+",";
System.out.println("输入证书所有者所在省份名字:");
String s=sc.nextLine();
dname_in=dname_in+"S="+s+",";
System.out.println("输入证书所有者国家名字:");
String c=sc.nextLine();
dname_in=dname_in+"C="+c;
System.out.println("证书名字:");
String ali=sc.nextLine();
System.out.println("证书存储库位置:(如/home/java/)");
String path_store=sc.nextLine();
System.out.println("证书有效期(天):");
String day=sc.nextLine();
System.out.println("证书存储库密码:(必须大于6位)");
String pass=sc.nextLine();
//keytool -genkeypair -alias rootca -storetype PKCS12 -keystore keystore.jks -validity 3650 -keysize 2048 -keyalg RSA -storepass 12345678
String[] sin= {"keytool","-genkeypair","-alias",ali,"-dname",dname_in,"-storetype","PKCS12","-keystore",path_store+"keystore.jks","-validity",day,"-keysize","2048","-keyalg","RSA","-storepass",pass,};
var p=Runtime.getRuntime().exec(sin);
p.waitFor();
//从密钥库中导出rootca的证书rootca.cer
//keytool -exportcert -keystore keystore.jks -storepass 12345678 -alias rootca -file rootca.ce
String[] sout= {"keytool","-exportcert","-keystore",path_store+"keystore.jks","-storepass",pass,"-alias",ali,"-file",path_store+ali+".cer"};
Runtime.getRuntime().exec(sout);
System.out.println("生成"+ali+"证书");
}
}
生成二级证书:
import java.io.IOException;
import java.util.Scanner;
public class Cert_user {
public static void main(String[] args) throws IOException, InterruptedException {
Scanner sc=new Scanner(System.in);
String dname_in="";
System.out.println("输入二级证书所有者名字:");
String cn=sc.nextLine();
dname_in="CN="+cn+",";
System.out.println("输入二级证书所有者单位名字:");
String ou=sc.nextLine();
dname_in=dname_in+"OU="+ou+",";
System.out.println("输入二级证书所有者所在城市名字:");
String l=sc.nextLine();
dname_in=dname_in+"L="+l+",";
System.out.println("输入二级证书所有者所在省份名字:");
String s=sc.nextLine();
dname_in=dname_in+"S="+s+",";
System.out.println("输入二级证书所有者国家名字:");
String c=sc.nextLine();
dname_in=dname_in+"C="+c;
System.out.println("二级证书名字:");
String ali=sc.nextLine();
System.out.println("二级证书存储库位置:(如/home/java/)");
String path_store=sc.nextLine();
System.out.println("二级证书有效期(天):");
String day=sc.nextLine();
System.out.println("二级证书存储库密码:(必须大于6位)");
String pass=sc.nextLine();
System.out.println("根证书名字:");
String root=sc.nextLine();
System.out.println("根证书路径:");
String path_root=sc.nextLine();
System.out.println("根证书密码:");
String pass_root=sc.nextLine();
//keytool -genkeypair -alias rootca -storetype PKCS12 -keystore keystore.jks -validity 3650 -keysize 2048 -keyalg RSA -storepass 12345678
String[] sin= {"keytool","-genkeypair","-alias",ali,"-dname",dname_in,"-storetype","PKCS12","-keystore",path_store+"keystore_user.jks","-validity",day,"-keysize","2048","-keyalg","RSA","-storepass",pass,};
var p=Runtime.getRuntime().exec(sin);
p.waitFor();
//生成证书请求文件subca.csr
//keytool -certreq -alias subca -keystore keystore.jks -storepass 12345678 -file subca.csr
String[] s2= {"keytool","-certreq","-alias",ali,"-keystore",path_store+"keystore_user.jks","-storepass",pass,"-file",path_store+ali+".csr"};
var p1=Runtime.getRuntime().exec(s2);
p1.waitFor();
// 使用subca.csr去rootca签发证书subca.cer
// keytool -gencert -keystore keystore.jks -storepass 12345678 -alias rootca -infile subca.csr -outfile subca.cer
String[] s3= {"keytool","-gencert","-keystore",path_root+"keystore.jks","-storepass",pass_root,"-alias",root,"-infile",path_store+ali+".csr","-outfile",path_store+ali+".cer"};
Runtime.getRuntime().exec(s3);
System.out.println("生成"+ali+"二级证书");
}
}