1.创建根秘钥 openssl genrsa -out ca.key 2048
2.创建根证书 openssl req -new -x509 -days 36500 -sha256 -key ca.key -out openas.crt -subj "/C=CN/ST=Jiangsu/L=Nanjing/O=HuaweiCA/OU=112.13.167.7"
3.创建SSL证书私匙 openssl genrsa -out server.key 2048位
4.建立SSL证书 openssl req -new -sha256 -key server.key -out server.csr -subj
"/C=CN/ST=Jiangsu/L=Nanjing/O=HuaweiCA/OU=112.13.167.7/CN=112.13.167.7"
5. mkdir demoCA
cd demoCA
mkdir newcerts
touch index.txt
i:
echo '01' > serial
cd ..
6.用CA根证书签署SSL自建证书 openssl ca -md sha256 -in server.csr -out server.crt -cert openas.crt -keyfile ca.key
7.openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt
8.keytool -importkeystore -srckeystore subcert.p12 -destkeystore subcert.jks -srcstoretype pkcs12
新建keystore keytool -genkey -alias newkeystore -keyalg RSA -validity 20000 -keystore newkeystore
将证书导入keystore keytool -import -file openas.crt -keystore newkeystore
