openssl创建证书

最新推荐文章于 2023-09-21 15:19:16 发布

转载最新推荐文章于 2023-09-21 15:19:16 发布 · 137 阅读

0 ·

CC 4.0 BY-SA版权

原文链接：https://my.oschina.net/suyewanwan/blog/164082

文章标签：

#java #python #操作系统

2019独角兽企业重金招聘Python工程师标准>>>

如果是linux操作系统，可以跳过第一步，openssl工具是自带的。如果是windows用户，需要按第一步下载openssl工具

download OpenSSL

Download openssl from below link and install to (c:\openssl): http://www.openssl.org/related/binaries.html
Create a private key (key.pem)

Open Command Prompt
change directory
CD c:\openssl\bin

create certificate (creates key.pem in c:\openssl\bin directory):

Generate a private key
```
 openssl genrsa -out key.pem
```
Create a Self-Signed certificate. Using the following command (create cert.der)
```
 openssl req -new -x509 -key key.pem -out cert.der -days 365 -outform DER
```
Send supplier(the server side) the signed certificate (cert.der).
OPTIONAL - Using the following command you can convert cert.pem to cert.der
```
 openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER
```

generate keystore

Java applications expect to retrieve certificates from a Java Key Store (JKS). JVM (JDK) comes with a utility called ‘Keytool’ to help you create a new key store. However, ‘Keytool’ does not let you import an existing private key for which you already have a certificate. So you need to do this yourself, here's how

翻译：java会从jks（java key store）文件中获取证书，jdk自带的keytool工具可以帮助你创建一个新的keystore,但不能为已有的证书中导入一个已存在的私钥。你可以自己手工绑定这两者，方法如下：

First you will need to convert the certificates Using the following command, convert the private key (key.pem to key.der)
```
 openssl pkcs8 -topk8 -nocrypt -in key.pem -inform PEM -out key.der -outform DER
```
Combine the Private and Public Keys. Using the following command (Use the attached ImportKey.class to combine both key.der and cert.der)
```
 java ImportKey key.der cert.der
```

This will create a jks file (without jks extension) in the following location “C:\Documents and Settings\User Name\keystore.ImportKey” using 'importkey' as alias and 'importkey' as password.

附上importkey.java源码

// Decompiled by Jad v1.5.8e. Copyright 2001 Pavel Kouznetsov.
// Jad home page: http://www.geocities.com/kpdus/jad.html
// Decompiler options: packimports(3) 
// Source File Name:   ImportKey.java

import java.io.*;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Collection;

public class ImportKey
{

public ImportKey()
{
}

private static InputStream fullStream(String s)
    throws IOException
{
    FileInputStream fileinputstream = new FileInputStream(s);
    DataInputStream datainputstream = new DataInputStream(fileinputstream);
    byte abyte0[] = new byte[datainputstream.available()];
    datainputstream.readFully(abyte0);
    ByteArrayInputStream bytearrayinputstream = new ByteArrayInputStream(abyte0);
    return bytearrayinputstream;
}

public static void main(String args[])
{
    String s = "importkey";
    String s1 = "importkey";
    String s2 = System.getProperty("keystore");
    if(s2 == null)
        s2 = (new StringBuilder()).append(System.getProperty("user.home")).append(System.getProperty("file.separator")).append("keystore.ImportKey").toString();
    String s3 = "";
    String s4 = "";
    if(args.length < 2 || args.length > 3)
    {
        System.out.println("Usage: java comu.ImportKey keyfile certfile [alias]");
        System.exit(0);
    } else
    {
        s3 = args[0];
        s4 = args[1];
        if(args.length > 2)
            s1 = args[2];
    }
    try
    {
        KeyStore keystore = KeyStore.getInstance("JKS", "SUN");
        keystore.load(null, s.toCharArray());
        System.out.println((new StringBuilder()).append("Using keystore-file : ").append(s2).toString());
        keystore.store(new FileOutputStream(s2), s.toCharArray());
        keystore.load(new FileInputStream(s2), s.toCharArray());
        InputStream inputstream = fullStream(s3);
        byte abyte0[] = new byte[inputstream.available()];
        KeyFactory keyfactory = KeyFactory.getInstance("RSA");
        inputstream.read(abyte0, 0, inputstream.available());
        inputstream.close();
        PKCS8EncodedKeySpec pkcs8encodedkeyspec = new PKCS8EncodedKeySpec(abyte0);
        java.security.PrivateKey privatekey = keyfactory.generatePrivate(pkcs8encodedkeyspec);
        CertificateFactory certificatefactory = CertificateFactory.getInstance("X.509");
        InputStream inputstream1 = fullStream(s4);
        Collection collection = certificatefactory.generateCertificates(inputstream1);
        Certificate acertificate[] = new Certificate[collection.toArray().length];
        if(collection.size() == 1)
        {
            InputStream inputstream2 = fullStream(s4);
            System.out.println("One certificate, no chain.");
            Certificate certificate = certificatefactory.generateCertificate(inputstream2);
            acertificate[0] = certificate;
        } else
        {
            System.out.println((new StringBuilder()).append("Certificate chain length: ").append(collection.size()).toString());
            acertificate = (Certificate[])(Certificate[])collection.toArray();
        }
        keystore.setKeyEntry(s1, privatekey, s.toCharArray(), acertificate);
        System.out.println("Key and certificate stored.");
        System.out.println((new StringBuilder()).append("Alias:").append(s1).append("  Password:").append(s).toString());
        keystore.store(new FileOutputStream(s2), s.toCharArray());
    }
    catch(Exception exception)
    {
        exception.printStackTrace();
    }
}
    }

转载于:https://my.oschina.net/suyewanwan/blog/164082