美文网首页
Nginx443端口转发Tomcat8443端口及证书转换生成

Nginx443端口转发Tomcat8443端口及证书转换生成

作者: 晴天灬 | 来源:发表于2016-11-29 15:16 被阅读438次

    证书的生成有很多种选择,小编了解到的有openssl、keytool这两种。
    并且小编一直都在用keytool生成的证书配合Tomcat做https的协议配置,但是有的项目中需要Tomcat前端挂载一个Nginx来实现负载均衡以及反向代理等等功能,那么就需要同时打开Nginx的443端口并配置相关的证书,话不多说,上内容:

    1.利用keytool工具生成.keystore证书(Tomcat可直接使用)
    keytool -genkey -alias LubeLspm160608 -keyalg RSA -keystore d:\lubelspm.keystore -validity 99999
    注:别名可随意,密码随意,-validity为有效期,-alias为别名

    2.将.keystore证书导出.cer证书
    keytool -export -alias LubeLspm160608 -file d:\lubelspm.cer -keystore d:\lubelspm.keystore

    3.生成.pem证书
    openssl x509 -inform der -in lubelspm.cer -out lubelspm.pem

    4.使用代码将lubelspm.keystore转换成lubelspm.pfx文件
    代码我会粘贴到下方

    5.openssl pkcs12 -in lubelspm.pfx -nocerts -nodes -out lubelspm.key
    Nginx所需要的证书就是.pem和.key证书文件
    Nginx相关配置:


    将之前的注释打开即可,并添加自己所需要的配置。
    第四步转换所需要的代码:

    import java.io.FileInputStream;
    import java.io.FileOutputStream;
    import java.security.Key;
    import java.security.KeyStore;
    import java.security.cert.Certificate;
    import java.util.Enumeration;
    
    public class ConventPFX {
        public static final String PKCS12 = "PKCS12";
        public static final String JKS = "JKS";
        public static final String PFX_KEYSTORE_FILE = "server.p12";
        public static final String KEYSTORE_PASSWORD = "123456";
        public static final String JKS_KEYSTORE_FILE = "server.jks";
    
        public static void coverTokeyStore() {
            try {
                KeyStore inputKeyStore = KeyStore.getInstance("PKCS12");
                FileInputStream fis = new FileInputStream(PFX_KEYSTORE_FILE);
                char[] nPassword = null;
    
                if ((KEYSTORE_PASSWORD == null)
                        || KEYSTORE_PASSWORD.trim().equals("")) {
                    nPassword = null;
                } else {
                    nPassword = KEYSTORE_PASSWORD.toCharArray();
                }
    
                inputKeyStore.load(fis, nPassword);
                fis.close();
    
                KeyStore outputKeyStore = KeyStore.getInstance("JKS");
    
                outputKeyStore.load(null, KEYSTORE_PASSWORD.toCharArray());
    
                Enumeration enums = inputKeyStore.aliases();
    
                while (enums.hasMoreElements()) { //   we   are   readin   just   one   certificate.  
    
                    String keyAlias = (String) enums.nextElement();
    
                    System.out.println("alias=[" + keyAlias + "]");
    
                    if (inputKeyStore.isKeyEntry(keyAlias)) {
                        Key key = inputKeyStore.getKey(keyAlias, nPassword);
                        Certificate[] certChain = inputKeyStore
                                .getCertificateChain(keyAlias);
    
                        outputKeyStore.setKeyEntry(keyAlias, key, KEYSTORE_PASSWORD
                                .toCharArray(), certChain);
                    }
                }
    
                FileOutputStream out = new FileOutputStream(JKS_KEYSTORE_FILE);
    
                outputKeyStore.store(out, nPassword);
                out.close();
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
        public static void coverToPfx() {
            try {
                KeyStore inputKeyStore = KeyStore.getInstance("JKS");
                FileInputStream fis = new FileInputStream(JKS_KEYSTORE_FILE);
                char[] nPassword = null;
    
                if ((KEYSTORE_PASSWORD == null)
                        || KEYSTORE_PASSWORD.trim().equals("")) {
                    nPassword = null;
                } else {
                    nPassword = KEYSTORE_PASSWORD.toCharArray();
                }
    
                inputKeyStore.load(fis, nPassword);
                fis.close();
    
                KeyStore outputKeyStore = KeyStore.getInstance("PKCS12");
    
                outputKeyStore.load(null, KEYSTORE_PASSWORD.toCharArray());
    
                Enumeration enums = inputKeyStore.aliases();
    
                while (enums.hasMoreElements()) { //   we   are   readin   just   one   certificate.  
    
                    String keyAlias = (String) enums.nextElement();
    
                    System.out.println("alias=[" + keyAlias + "]");
    
                    if (inputKeyStore.isKeyEntry(keyAlias)) {
                        Key key = inputKeyStore.getKey(keyAlias, nPassword);
                        Certificate[] certChain = inputKeyStore
                                .getCertificateChain(keyAlias);
    
                        outputKeyStore.setKeyEntry(keyAlias, key, KEYSTORE_PASSWORD
                                .toCharArray(), certChain);
                    }
                }
    
                FileOutputStream out = new FileOutputStream(PFX_KEYSTORE_FILE);
    
                outputKeyStore.store(out, nPassword);
                out.close();
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
        public static void main(String[] args) {
            coverToPfx();
        }
    }
    

    更改自己的图中圈出来,自己创建的证书的信息:

    Paste_Image.png

    相关文章

      网友评论

          本文标题:Nginx443端口转发Tomcat8443端口及证书转换生成

          本文链接:https://www.haomeiwen.com/subject/zfoapttx.html