前置条件 : 已经购买或租用的域名
操作步骤
- 打开申请页面
- 然后按照顺序填写上面的内容
- 然后就签发成功了
好了下面是具体的步骤
操作步骤
-
步骤一选择
Let's Encrypt
-
步骤二域名填写
你的域名
-
证书私钥填写下面的证书私钥或者自己生成RSA2048的私钥也行
-
ACME账户私钥填写下面的账户私钥或者自己生成RSA2048的私钥也行
-
邮箱填写自己的邮箱
-
然后确认之后进入第二步
-
域名管理添加子域名和text记录
-
验证通过之后下载key文件和证书文件
10.然后就可以得到一个服务器站点证书了 -
需要pfx的可以通过工具将私钥和证书合并成pfx
更新证书时步骤和上面一致
可以将账户私钥进行保存,方便更新使用
生成pfx
package com.example.pfx;
import com.example.demo.cipher.util.PfxUtil;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.util.encoders.Hex;
import org.junit.jupiter.api.Test;
import java.security.PrivateKey;
import java.security.cert.Certificate;
/**
* @author lidg
* @date 2023/9/11 12:08
* @desc
*/
public class PfxTest {
@Test
public void genPfxTest() throws Exception {
// 上面的证书私钥,p8格式的私钥
String privateKeyStr = "";
// 签发出来的证书
String cert = "";
// pfx的保护密码
String passwd = "12345678";
// 解析私钥
PrivateKey privateKey = PfxUtil.parsePrivateKey(Base64.decode(privateKeyStr));
// 解析证书
Certificate certificate = PfxUtil.parseCert(Base64.decode(cert));
// 生成pfx
PfxUtil.genPfx(privateKey, certificate, passwd, "myPfx.pfx");
}
}
PfxUtil.java
/**
* @author lidg
* @date 2023/9/11 14:39
* @desc
*/
public class PfxUtil {
static {
// 注册bc库
Security.addProvider(new BouncyCastleProvider());
}
public static void genPfx(PrivateKey privateKey, Certificate certificate, String pwd, String outPath) throws Exception {
try (FileOutputStream fos = new FileOutputStream(outPath)) {
// 创建一个密钥存储对象,指定类型为PKCS#12
KeyStore keyStore = KeyStore.getInstance("PKCS12");
// 初始化密钥存储对象并设置口令
keyStore.load(null, null);
// 将私钥、公钥和证书添加到密钥存储对象中,指定别名和口令
// 指定一个别名
String alias = "myAlias";
keyStore.setKeyEntry(alias, privateKey, pwd.toCharArray(), new Certificate[]{certificate});
// 将密钥存储对象保存到文件或输出流中
keyStore.store(fos, pwd.toCharArray());
} catch (Exception e) {
throw new Exception("构造pfx失败", e);
}
}
public static PrivateKey parsePrivateKey(byte[] p8PrivateBytes) throws Exception {
// 创建一个私钥规范对象
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(p8PrivateBytes);
// 创建一个密钥工厂对象
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
// 生成一个私钥对象
PrivateKey privateKey = keyFactory.generatePrivate(keySpec);
// 返回私钥对象
return privateKey;
}
public static Certificate parseCert(byte[] x509CertBytes){
try {
// 创建一个证书工厂对象,指定类型为X.509
CertificateFactory cf = CertificateFactory.getInstance("X.509");
// 生成一个证书对象
Certificate certificate = cf.generateCertificate(new ByteArrayInputStream(x509CertBytes));
// 返回证书对象
return certificate;
} catch (CertificateException e) {
System.out.println("解析失败");
throw new RuntimeException(e);
}
}
}
站点证书密钥对: RSA2048
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn1k/AMic9LR2GfyVUc1N
UYpVEjnXf+UiI6EDSZVbsyAUmh9mSACIR+4UyyfUUaxHTzyUG7RtuNKVGGEx6dCg
5VKBoid9XfpeGJP7TEhYGBHqhGCv86yrStxsFojHO1HcEP5Gs0lXGZgDH7s6/NLO
+KaCLu1MV4z7JBy/izl8nykBGUO2cykaY4j/4oGToC7Fgj8i8og72OcTZtGmwba7
6eMgux/IW9poHyhl/EF/mjSs+FQhvFkY4egGNk8g36Rp3bLI4YGWGXnc3UwRLGTL
1D1vTjxcgd3ABf33joHMznkfuOnCMpkFxXgJo9S4BUrlPNnGSN2zX3Tzn4CWe23v
QQIDAQAB
-----END PUBLIC KEY-----
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCfWT8AyJz0tHYZ
/JVRzU1RilUSOdd/5SIjoQNJlVuzIBSaH2ZIAIhH7hTLJ9RRrEdPPJQbtG240pUY
YTHp0KDlUoGiJ31d+l4Yk/tMSFgYEeqEYK/zrKtK3GwWiMc7UdwQ/kazSVcZmAMf
uzr80s74poIu7UxXjPskHL+LOXyfKQEZQ7ZzKRpjiP/igZOgLsWCPyLyiDvY5xNm
0abBtrvp4yC7H8hb2mgfKGX8QX+aNKz4VCG8WRjh6AY2TyDfpGndssjhgZYZedzd
TBEsZMvUPW9OPFyB3cAF/feOgczOeR+46cIymQXFeAmj1LgFSuU82cZI3bNfdPOf
gJZ7be9BAgMBAAECggEAKwlLfsavvVdP3kzddy5fh3o456c/kIct5TmDTchM79/m
MInycdfS9rpSW1vyd+xzhe7ygVkFmTkmk2MMu/1gtw7FfCn2Lf+EklbFNCEFydps
4DvMyZ8E1D8b4iomxNqi+OPz7FAOehcYIOXMVKQKyhUOa+YjDDJDUcmB4fQwuDtJ
r7YU29rRNK+2of5bnxofW4Yn+oMDTzt5PpHeIgQu84sDJa102du7ADdbCch1togC
n41fuLODFkxuG1sPyGNA82gVLe4w8ssQsR2hC8E4qfJFuWDVcFVSfiFrqX+t4NzE
6Ls2Yn6RqvJIdc1dRzqM5WS+qp0J4s8UAGx7Fq/3AQKBgQDP8GWiIhzhswLfBMMy
tVRlQ3P6qp+0LH/C8/xE1dUb6XYzzHV+ZK3Sa8anJdDIuAs429T7z6vKwFKON6Rs
fuxYnwdyrwSh5x2Dx84vhkaRXAiTt+iJM30SGjHICJGluk6gAR5/JH0iFVy0o0eq
kaLq7jG/jQDTXDiDyIacyImvyQKBgQDELcnSkUT1wrv/3X94CZsMkN2BBJT2uAy1
mqY42O4Mp1x00brbL83PF33Qo9N6GCv7fnEof3YdzDMc0kbOA8NUUODI1TztPXfk
vR3QY38RhYcv//zyeNwY128/Y/zjrAzLbQvH60R//C8vKjyXmK9D9H9azb5hFcsB
DunXZ2gvuQKBgG3c87XAFEZjUEcIuyFVkOuXwfVUpOCLCk20nzq3R8thhCRGCGXp
R7V/YAv7/N2v763w6AzLYlbTWkrttx/jx3fjPgon0mjANWXk8VlGto4idB2n82Ja
I+Cmmlq3vEw1rUj4jmZanwqdAsgl5L2ICO3bP8mW9DK37Nwj3IuFoMmRAoGBAMD7
Xf8Coniz8KZZaOxXXqv00cD6FePB19bJ49wmIb5W4I+WRR8bHnUq4bxdfEot/w4u
KviwsivL1Tfz7mz4rKyDxywo//9MqWVdWDfHuJcu6Haidly74Z+aRbhxDrOUax2u
DpnCaScRmATooqRqMXdCzAkyPaZZftJyrjwUYBwZAoGARab2YQ/HRd6wjT7fJ72O
JtAdGm/7xSq628uGu+YXPPq/R8+VW0vqlMBPBN35VXUl2oAIp0vFcpbY8GQ+3hVl
mOdQ/dwxoo90D2MvzicR+hoR2RxLosFPGqdDxYvtW26bpgRRXTBmo9/aOoHOKHSX
sfmHpX0Ylk8MXWwnK4skbWI=
-----END PRIVATE KEY-----
ACME账户密钥对
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCcaXPAa/uf9z+3
bCY9pxEStavGZTcy/1+uTzMSBEryuuCP6C/DlhALZu42Pz7id3ZB5smMvIaZNkUz
El3mT/Du0j9HXAmEfd3sheniBE2dagewvdO24/0pg6V/QwtqVmxGvcxTZZ5Gi5ZE
VKTmLiFVSZTTraEZEORw3nQKgS29mvGaPsi7A51XjOzJFQHCn7IJRk9rwZ+tx5Ah
Fwy3/9cblsLeMM6HeE8EkH9NLfQbbXyJ/I8oYWU58eWLXFOuoSFRJ1Pi3JCXbWtC
u4QwzhDnEzJsw1pk7E/EobZGsntjbPSie/AOKjOH/72UD23wvnqadfSa8EbpzCC3
m7oVmu/hAgMBAAECggEATDUI47j5CVCTJ9A2tZU/uUjwn6JTCbLpMGmALYgP6EHr
BdKP6xCjUprc92tLPVYNNUC39K0qO134y1Bolb1fW0zu7drG/FnDFemNMcT89/Rg
ONnUXGiqwV5V9TJ6Tl47NSBmfD+npSF/nl1LVqclMIPAUn5nXmofk2qfSTr1SUqA
6kSj0w8KMsvwZ/IvXLNBqLSEHsqtVThmrm8kLHB8nwCEjFggIxjmuT2Iz3zCwb1w
xdBiRcKEBakvnyD/+EBvoTjf1zMt76CYO9kLXvp/7HHsr/aGKLP+Bw149t0w7KNX
K0gmkbF0BJk1J0a4K2DcfgohcxtlT1uCb/6GtR9B7QKBgQDKEmiZQejixHIUT37h
w8UO2PP5z/T27OKUFWNEaya0ec3rUhjtsoX1dZi6YRWiNw0X/ZtUQIREUIHWvkID
Jhs0QTZwUYljcP6J155YawSCm/sRAREEde9Y5MYoox1rp4enfFIvecE98tp06rc5
ybvVmlPoDSxpFgEppixDysiOFwKBgQDGJ4tqXMnXICC6ihCy5a7N103k7FOjIlrQ
vuPbcuak2EbktGgkuns24e/Kp4jbSdFUA8GGaVAGq3yJ2RVqTICitGVCZUMBIPYJ
fkfzEO80rz9Xj/UFwkQ5YrAPMhabQpuqBC7qpc6tTF70RIUpPXVfebPAVN4eqkPF
b+MpdRjkxwKBgGwLv8YCieWGqIDXqL5KkTlJI9r1KMRHETeg3/0bVgy1/DbRJOcj
x6DhihJOCuU7jlK/lahM/uwQJ/yMqntIis8790HDNzTmnBNUKSSZxEWZ5XrIGTNL
Y/kiChp8bSS85TnWrZMZBQx8p/ZP8jyB819ZL3gqYw6lZ2W/pndxHB9tAoGANW3e
OpywU9A24vVtUT97JceDGlHar2cJA7Yk7DwMErC6VNqMJjMeHAtJw+Puk+pQhg3J
NbvZtyKwHt8o1hOwr65ii0eQjJJdpOum7NRJG3SRaMPJNndOPAbvH/nKfKy2Gl6s
Y9q3YqTwCX8cRKVsq4S+QgLgLXaNdYQYxUnsn2sCgYAo0HZD/gGSkXpnd4AX9o5o
kKd9axVzD7dR/jjduxI9RgXcgjnyw8znHBLlsaOUYezaQ+wveHv+vWRtiB1wsvsF
1zu601485CYZ0iG06E9TdyBbt2VC3NTP5KNsfTBE7LHpK1XPtKByeuKawiEB07Mb
II1esRSxKgKzNdFE2mQF+g==
-----END PRIVATE KEY-----