证书的生成有很多种选择,小编了解到的有openssl、keytool这两种。
并且小编一直都在用keytool生成的证书配合Tomcat做https的协议配置,但是有的项目中需要Tomcat前端挂载一个Nginx来实现负载均衡以及反向代理等等功能,那么就需要同时打开Nginx的443端口并配置相关的证书,话不多说,上内容:
1.利用keytool工具生成.keystore证书(Tomcat可直接使用)
keytool -genkey -alias LubeLspm160608 -keyalg RSA -keystore d:\lubelspm.keystore -validity 99999
注:别名可随意,密码随意,-validity为有效期,-alias为别名
2.将.keystore证书导出.cer证书
keytool -export -alias LubeLspm160608 -file d:\lubelspm.cer -keystore d:\lubelspm.keystore
3.生成.pem证书
openssl x509 -inform der -in lubelspm.cer -out lubelspm.pem
4.使用代码将lubelspm.keystore转换成lubelspm.pfx文件
代码我会粘贴到下方
5.openssl pkcs12 -in lubelspm.pfx -nocerts -nodes -out lubelspm.key
Nginx所需要的证书就是.pem和.key证书文件
Nginx相关配置:
将之前的注释打开即可,并添加自己所需要的配置。
第四步转换所需要的代码:
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.util.Enumeration;
public class ConventPFX {
public static final String PKCS12 = "PKCS12";
public static final String JKS = "JKS";
public static final String PFX_KEYSTORE_FILE = "server.p12";
public static final String KEYSTORE_PASSWORD = "123456";
public static final String JKS_KEYSTORE_FILE = "server.jks";
public static void coverTokeyStore() {
try {
KeyStore inputKeyStore = KeyStore.getInstance("PKCS12");
FileInputStream fis = new FileInputStream(PFX_KEYSTORE_FILE);
char[] nPassword = null;
if ((KEYSTORE_PASSWORD == null)
|| KEYSTORE_PASSWORD.trim().equals("")) {
nPassword = null;
} else {
nPassword = KEYSTORE_PASSWORD.toCharArray();
}
inputKeyStore.load(fis, nPassword);
fis.close();
KeyStore outputKeyStore = KeyStore.getInstance("JKS");
outputKeyStore.load(null, KEYSTORE_PASSWORD.toCharArray());
Enumeration enums = inputKeyStore.aliases();
while (enums.hasMoreElements()) { // we are readin just one certificate.
String keyAlias = (String) enums.nextElement();
System.out.println("alias=[" + keyAlias + "]");
if (inputKeyStore.isKeyEntry(keyAlias)) {
Key key = inputKeyStore.getKey(keyAlias, nPassword);
Certificate[] certChain = inputKeyStore
.getCertificateChain(keyAlias);
outputKeyStore.setKeyEntry(keyAlias, key, KEYSTORE_PASSWORD
.toCharArray(), certChain);
}
}
FileOutputStream out = new FileOutputStream(JKS_KEYSTORE_FILE);
outputKeyStore.store(out, nPassword);
out.close();
} catch (Exception e) {
e.printStackTrace();
}
}
public static void coverToPfx() {
try {
KeyStore inputKeyStore = KeyStore.getInstance("JKS");
FileInputStream fis = new FileInputStream(JKS_KEYSTORE_FILE);
char[] nPassword = null;
if ((KEYSTORE_PASSWORD == null)
|| KEYSTORE_PASSWORD.trim().equals("")) {
nPassword = null;
} else {
nPassword = KEYSTORE_PASSWORD.toCharArray();
}
inputKeyStore.load(fis, nPassword);
fis.close();
KeyStore outputKeyStore = KeyStore.getInstance("PKCS12");
outputKeyStore.load(null, KEYSTORE_PASSWORD.toCharArray());
Enumeration enums = inputKeyStore.aliases();
while (enums.hasMoreElements()) { // we are readin just one certificate.
String keyAlias = (String) enums.nextElement();
System.out.println("alias=[" + keyAlias + "]");
if (inputKeyStore.isKeyEntry(keyAlias)) {
Key key = inputKeyStore.getKey(keyAlias, nPassword);
Certificate[] certChain = inputKeyStore
.getCertificateChain(keyAlias);
outputKeyStore.setKeyEntry(keyAlias, key, KEYSTORE_PASSWORD
.toCharArray(), certChain);
}
}
FileOutputStream out = new FileOutputStream(PFX_KEYSTORE_FILE);
outputKeyStore.store(out, nPassword);
out.close();
} catch (Exception e) {
e.printStackTrace();
}
}
public static void main(String[] args) {
coverToPfx();
}
}
更改自己的图中圈出来,自己创建的证书的信息:
Paste_Image.png
网友评论