两个秘钥库,彼此授信对面的证书.
1、如果是服务端秘钥库要与客户端秘钥库不一致.则分别生成客户端服务端证书.
keytool -genkey -alias client -keyalg RSA -validity 365 -keystore client.jks
keytool -genkey -alias server -keyalg RSA -validity 365 -keystore server.jks
2、分别生成证书文件
keytool -export -alias -file client.cer -keystore client.jks
keytool -export -alias -file server.cer -keystore server.jks
keytool -exportcert -alias client -file client.crt -keystore client.jks
3、秘钥库相互授信
keytool -import -v -trustcacerts -alias client -file client.cer -keystore server.jks
keytool -import -v -trustcacerts -alias server -file server.cer -keystore client.jks
4、查看密钥库内容
keytool -list -v -keystore key.jks
链接:https://www.jianshu.com/p/b9b4b3461ae7