使用java8生成数字证书
import sun.security.x509.*;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.*;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
public class GenerateDigitalCertificate {
public static void main(String[] args) throws Exception {
// 创建KeyPairGenerator对象
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(2048); // 设置密钥长度
// 生成密钥对
KeyPair keyPair = keyPairGenerator.generateKeyPair();
// 创建X509证书
X509Certificate cert = createCertificate(keyPair);
// 创建KeyStore对象
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
// 将证书存储到KeyStore中
keyStore.setKeyEntry("alias", keyPair.getPrivate(), "password".toCharArray(), new X509Certificate[]{cert});
// 保存KeyStore到文件
keyStore.store(new FileOutputStream("certificate.p12"), "password".toCharArray());
System.out.println("数字证书生成成功!");
}
private static X509Certificate createCertificate(KeyPair keyPair) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
// 创建X509证书生成器
X509Certificate cert = null;
try {
X509CertInfo info = new X509CertInfo();
Date from = new Date();
Date to = new Date(from.getTime() + 365 * 24 * 60 * 60 * 1000L);
CertificateValidity interval = new CertificateValidity(from, to);
BigInteger sn = new BigInteger(64, new SecureRandom());
X500Name owner = new X500Name("CN=Test Certificate");
AlgorithmId algorithm = new AlgorithmId(AlgorithmId.sha256WithRSAEncryption_oid);
info.set(X509CertInfo.VALIDITY, interval);
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
info.set(X509CertInfo.SUBJECT, owner);
info.set(X509CertInfo.ISSUER, owner);
info.set(X509CertInfo.KEY, new CertificateX509Key(keyPair.getPublic()));
info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algorithm));
cert = new X509CertImpl(info);
((X509CertImpl) cert).sign(keyPair.getPrivate(), "SHA256withRSA");
} catch (Exception e) {
e.printStackTrace();
}
return cert;
}
}
在Java 8中,我们需要使用X509CertInfo
、X509CertImpl
、CertificateValidity
、CertificateSerialNumber
、X500Name
、AlgorithmId
、CertificateX509Key
、CertificateVersion
、CertificateAlgorithmId
等类来生成数字证书。
注意 别名alias和密码password 可以自定义,在后面配置tomcat的时候用的着
tomcat配置证书
步骤:
-
将
certificate.p12
证书文件复制到Tomcat服务器上的某个目录,例如/path/to/certificate.p12
。 -
打开Tomcat的配置文件
server.xml
,通常位于<Tomcat安装目录>/conf
目录下。 -
找到以下配置块:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" />
-
在该配置块中添加以下配置项:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/path/to/certificate.p12" keystoreType="PKCS12" keystorePass="password" />
其中,
keystoreFile
指定证书文件的路径,keystoreType
指定证书文件的类型(PKCS12格式),keystorePass
指定证书文件的密码。 -
保存
server.xml
文件并重新启动Tomcat。
现在,Tomcat将使用配置的证书来启用HTTPS连接。请确保将keystorePass
设置为certificate.p12
证书的密码。