在Jdk目录下的bin目录中执行如下命令
例:/jdk1.6.0_211/bin
1)生成jks
keytool -genkeypair -alias [别名] -keyalg "RSA" -keystore [文件目录/文件名.jks] -validity [有效期(天)]
例:
keytool -genkeypair -alias dangjian -keyalg "RSA" -keystore /home/isc/iscssl.jks -validity 3650
2)根据jks生成pem(可无)
keytool -certreq -v -alias [别名] -file [文件目录/文件名.pem] -keypass [密码] -storepass [密码] -keystore [文件目录/文件名.jks]
例:
keytool -certreq -v -alias dangjian -file /home/isc/iscssl.pem -keypass flzxsqc1128 -storepass flzxsqc1128 -keystore /home/isc/iscssl.jks
3)根据jks生成per
keytool -export -alias [别名] -keystore [文件目录/文件名.jks] -storepass [密码] -file [文件目录/文件名.cer]
例:
keytool -export -alias dangjian -keystore /home/isc/iscssl.jks -storepass flzxsqc1128 -file /home/isc/serverclient.cer
4)导入per至java标准秘钥库
keytool -import -trustcacerts -alias [别名] -file [文件目录/文件名.cer] -keystore [jdk地址/jre/lib/security/cacerts] -storepass [密码]
例:
keytool -import -trustcacerts -alias dangjian -file /home/isc/serverclient.cer -keystore /isc2.2_env/middleWare/jdk1.6.0_211/jre/lib/security/cacerts -storepass changeit
5)若发现存在同别名秘钥,则先从java标准秘钥库删除同别名的秘钥,然后执行导入
keytool -delete -alias [别名] -keystore [jdk地址/jre/lib/security/cacerts] -storepass [jdk标准秘钥库密码,默认是changeit]
例:
keytool -delete -alias dangjian -keystore /isc2.2_env/middleWare/jdk1.6.0_211/jre/lib/security/cacerts -storepass changeit
验证使用的11g