三、Android client端
1.该android客户端生成一个私钥文件
Keytools –genkey –alias clientkey –keystore
bksclient.keystore –storetype BKS
2.由kserver.keystore导出证书(BKS格式)
keytool -exportcert -alias kserverkey -keystore
kserver.keystore -storetype BKS -file
bksserver.crt
3.从android的/system/etc/security中提取cacerts.bks信任证书,该证书是BKS格式的
4.把向cacerts.bks导入证书(BKS)
keytool -importcert -keystore
cacerts.bks -storetype
BKS -file
bksserver.crt -provider
org.bouncycastle.jce.provider.BouncyCastleProvider -trustcacerts
5.可以keytool –list –keystore
“keystore文件名”查看证书的信息
6.将bksclient.keystore和cacerts.bks放到res/raw目录下
7.android代码:
publicclass AndroidSslActivity extends Activity
{
privatestatic final int SERVER_PORT =
4444;//端口号
privatestatic final String SERVER_IP = "服务器ip地址";//连接IP
privatestatic final String CLIENT_KET_PASSWORD = "123456";//私钥密码
privatestatic final String CLIENT_TRUST_PASSWORD = "changeit";//信任证书密码,该证书默认密码是changeit
privatestatic final String CLIENT_AGREEMENT = "TLS";//使用协议
privatestatic final String CLIENT_KEY_MANAGER = "X509";//密钥管理器
privatestatic final String CLIENT_TRUST_MANAGER = "X509";//
privatestatic final String CLIENT_KEY_KEYSTORE = "BKS";//密库&#