1.在Server上创建CA证书
openssl req -new -x509 -keyout test_ca_key -out test_ca_cert -days 9999 -subj ‘/C=CN/ST=shanghai/L=shanghai/O=t
est_company/OU=security/CN=ca.test.com’
以下每个节点都需要操作一次
1.生成keystore
keytool -keystore keystore -alias localhost -validity 9999 -genkey -keyalg RSA -keysize 2048 -dname “CN=
HikMuse.com, OU=HikData, O=HikData, L=hangzhou, ST=hangzhou, C=cn”
2.添加 CA 到 truststore
keytool -keystore truststore -alias CARoot -import -file test_ca_cert
3.从 keystore 中导出 cert
keytool -certreq -alias localhost -keystore keystore -file cert
4.用 CA 对 cert 签名
openssl x509 -req -CA test_ca_cert -CAkey test_ca_key -in cert -out cert_signed -days 9999 -CAcreateseri
al -passin pass:password
5.将 CA 的 cert 和用 CA 签名之后的 cert 导入 keystore
keytool -importcert -alias CARoot -file test_ca_cert -keystore keystore
keytool -importcert -alia