CA配置

porta  ca配置

1.生成服务器公钥、密钥
keytool -keystore porta.jks -keypass 7788119 -storepass 7788119 -alias porta -genkey -keyalg RSA -dname "CN=porta.pzhu.cn, OU=servers, O=COMSYSNetCn"

2.生成服务器证书
keytool -keystore porta.jks -keypass 7788119 -storepass 7788119 -alias porta -certreq -file portaServerreq.pem
服务证书文件：portaServerreq.pem

3.ca签发服务器证书
openssl ca -in portaServerreq.pem -out portaServercert.pem -config "D:/javaTest/CA/conf/ucitca.conf"
经过ca签名的服务器证书：portaServercert.pem

删除portaServercert.pem文件中‘-----BEGIN CERTIFICATE行之前的内容
查看证书：keytool -printcert -file portaServercert.pem


4.把服务器证书导回服务器keystore中
    4.1把ca证书导入服务器keystore
        keytool -keystore porta.jks -keypass 7788119 -storepass 7788119 -alias ca -import -trustcacerts -file cacert.pem
    4.2导入经过ca签名的服务器证书(认证回复,alias与先前生成的相同)
        keytool -keystore porta.jks -keypass 7788119 -storepass 7788119 -alias porta -import -file portaServercert.pem

5.创建服务器信任的ca证书库
    keytool -keystore truststore.jks -keypass 7788119 -storepass 7788119 -alias ca -import -trustcacerts -file cacert.pem
6.将ca证书添加到jre信任中
    keytool -import -trustcacerts -alias ca -file cacert.pem -keystore  C:/jdk1.6.0_07/jre/lib/security/cacerts -storepass 7788119


openssl带密码
openssl req -newkey rsa:1024 -keyout 610403198403260044key.pem -keyform PEM -out 610403198403260044req.pem -outform PEM -subj "/O=CNSUCCCom/OU=cnsuccOU/CN=610403198403260044" -passout pass:123456


带密码参数的生成记录：
1.客户公钥、私钥
openssl req -newkey rsa:1024 -keyout 610403198403260044key.pem -keyform PEM -out 610403198403260044req.pem -outform PEM -subj "/O=JiFCom/OU=JiFOU/CN=季枫"  -passout pass:123456

2.ca签发
openssl ca -in 610403198403260044req.pem -out 610403198403260044cert.pem -config "D:/javaTest/CA/conf/ucitCA.conf"  -passin pass:7788119

3.生成P12文件
openssl pkcs12 -export -in 610403198403260044cert.pem -inkey 610403198403260044key.pem -out 610403198403260044.p12 -name 610403198403260044r -chain -CAfile "D:/javaTest/CA/cacert.pem"   -passin pass:123456 -passout pass:111111