仅使用java代码生成适用于nginx的https证书
添加maven依赖
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.68</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<version>1.68</version>
</dependency>
方法定义
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import javax.security.auth.x500.X500Principal;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.*;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Date;
/**
* @author lc
* @version 1.0
* @description: TODO
* @date 2023/3/29 19:29
*/
public class HttpsUtil {
public static void GenerateNginxHttpsCertificate(String hostname, String filePath, String filename) throws NoSuchAlgorithmException, IOException {
try {
// Generate key pair
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
generator.initialize(2048);
KeyPair keyPair = generator.generateKeyPair();
// Create certificate
X500Principal issuer = new X500Principal("CN=" + hostname);
X500Principal subject = new X500Principal("CN=" + hostname);
X500Name issuerName = new X500Name(issuer.getName());
X500Name subjectName = new X500Name(subject.getName());
Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); // yesterday
Date endDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000); // one year from now
X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(
issuerName,
new BigInteger(64, new SecureRandom()),
startDate,
endDate,
subjectName,
keyPair.getPublic()
);
ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(keyPair.getPrivate());
X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(builder.build(signer));
// Write key pair and certificate to files
FileOutputStream keyOut = new FileOutputStream(filePath + File.separator + filename + ".private.key");
keyOut.write(keyPair.getPrivate().getEncoded());
keyOut.close();
FileOutputStream certOut = new FileOutputStream(filePath + File.separator + filename + ".crt");
certOut.write(certificate.getEncoded());
certOut.close();
FileOutputStream out = new FileOutputStream(filePath + File.separator + filename + ".pem");
JcaPEMWriter writer = new JcaPEMWriter(new java.io.OutputStreamWriter(out));
writer.writeObject(certificate);
writer.close();
out.close();
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyPair.getPrivate().getEncoded());
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PrivateKey key = keyFactory.generatePrivate(keySpec);
FileOutputStream keyout = new FileOutputStream(filePath + File.separator + filename + ".key");
JcaPEMWriter keywriter = new JcaPEMWriter(new java.io.OutputStreamWriter(keyout));
keywriter.writeObject(key);
keywriter.close();
keyout.close();
} catch (Exception e) {
e.printStackTrace();
}
}
}
测试生成证书
@Test
public void testNginxCert() {
try {
String filepath = "D:\\tmp\\certs";
String filename = "test";
HttpsUtil.GenerateNginxHttpsCertificate("test.local", filepath, filename);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
image.png
.pem 和 .key文件适用于nginx
nginx配置证书
server {
listen 443 ssl;
ssl_certificate certs/testhttps.pem;
ssl_certificate_key certs/testhttps.key;
```````
网友评论