tomcat的jks的私钥导出nginx需要的key文件
方法一:
1.先用keytool导出pfx文件。第一个123456是jks密码,后边两个是新生成的pfx的密码
keytool -v -importkeystore -srckeystore D:\\fuwuqi.jks -srcstoretype jks -srcstorepass 123456 -destkeystore D:\\fuwuqi.pfx -deststoretype pkcs12 -deststorepass 123456 -destkeypass 123456
2.用ssl导出key文件
openssl pkcs12 -in fuwuqi.pfx -nocerts -nodes -out fuwuqi.key
方法二:
代码生成
package com.acca.dovepay.nucc.utils; import java.io.File; import java.io.FileInputStream; import java.io.FileWriter; import java.security.Key; import java.security.KeyPair; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.PublicKey; import java.security.UnrecoverableKeyException; import java.security.cert.Certificate; import sun.misc.BASE64Encoder; public class CertUtil { private File keystoreFile; private String keyStoreType; private char[] password; private String alias; private File exportedFile; public KeyPair getPrivateKey(KeyStore keystore, String alias, char[] password) { try { Key key = keystore.getKey(alias, password); if (key instanceof PrivateKey) { Certificate cert = keystore.getCertificate(alias); PublicKey publicKey = cert.getPublicKey(); return new KeyPair(publicKey, (PrivateKey) key); } } catch (UnrecoverableKeyException e) { } catch (NoSuchAlgorithmException e) { } catch (KeyStoreException e) { } return null; } public void export() throws Exception { KeyStore keystore = KeyStore.getInstance(keyStoreType); BASE64Encoder encoder = new BASE64Encoder(); keystore.load(new FileInputStream(keystoreFile), password); KeyPair keyPair = getPrivateKey(keystore, alias, password); PrivateKey privateKey = keyPair.getPrivate(); String encoded = encoder.encode(privateKey.getEncoded()); FileWriter fw = new FileWriter(exportedFile); fw.write("----BEGIN PRIVATE KEY----\n"); fw.write(encoded); fw.write("\n"); fw.write("----END PRIVATE KEY----\n"); Certificate cert = keystore.getCertificate(alias); PublicKey publicKey = cert.getPublicKey(); String encoded2 = encoder.encode(publicKey.getEncoded()); fw.write("----BEGIN CERTIFICATE----\n"); fw.write(encoded2); fw.write("\n"); fw.write("----END CERTIFICATE----\n"); fw.close(); } public static void main(String args[]) throws Exception { CertUtil export = new CertUtil(); export.keystoreFile = new File("D:\\20181120fuwuqi.jks"); export.keyStoreType = "JKS"; export.password = "123456".toCharArray(); export.alias = "mykey"; export.exportedFile = new File("D:\\SSS.key"); export.export(); } }
另crt文件的生成,转载https://jingyan.baidu.com/article/154b463178eac928ca8f41a9.html?qq-pf-to=pcqq.c2c
