关于命令的详细介绍,后期补上。时间紧迫,见谅。
单向验证成功:
1、生产服务器端证书:
keytool -validity 365 -genkey -v -alias server -keyalg RSA -keystore D:\ssl\bks\server.jks -dname "CN=10.100.100.24,OU=sengled,O=sengled,L=Haidian,ST=Beijing,c=cn" -storepass 123456 -keypass 123456
2、导出证书
keytool -exportcert -v -alias server -keystore D:\ssl\bks\server.jks -storepass 123456 -rfc -file D:\ssl\bks\server.cert
3、生产Android可用的客户端证书
keytool -importcert -keystore D:\ssl\bks\client.bks -file D:\ssl\bks\server.cert -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider -storepass 123456
四、同一个server,两份不同的client证书,双向认证成功:
双向(Android)验证成功
keytool -validity 365 -genkey -v -alias server -keyalg RSA -keystore D:\ssl\server.keystore -dname "CN=10.100.100.24,OU=sengled,O=sengled,L=Haidian,ST=Beijing,c=cn" -storepass 123456 -keypass 123456
keytool -validity 365 -genkeypair -v -alias client-bks -keyalg RSA -storetype BKS -keystore D:\ssl\client-bks.bks -dname "CN=client,OU=sengled,O=sengled,L=Haidian,ST=Beijing,c=cn" -storepass 123456 -keypass 123456
keytool -export -v -alias client-bks -keystore D:\ssl\client-bks.bks -storetype BKS -storepass 123456 -rfc -file D:\ssl\client-bks.crt
keytool -export -v -alias server -keystore D:\ssl\server.keystore -storepass 123456 -rfc -file D:\ssl\server.crt
keytool -importcert -keystore D:\ssl\client-bks-trust.bks -file D:\ssl\server.crt -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider -storepass 123456
keytool -import -v -alias client-bks -file D:\ssl\client-bks.crt -keystore D:\ssl\server.keystore -storepass 123456
ios:双向验证成功
keytool -validity 365 -genkeypair -v -alias client-ios -keyalg RSA -storetype PKCS12 -keystore D:\ssl\client-ios.p12 -dname "CN=client-ios,OU=sengled,O=sengled,L=Haidian,ST=Beijing,c=cn" -storepass 123456 -keypass 123456
keytool -export -v -alias client-ios -keystore D:\ssl\client-ios.p12 -storetype PKCS12 -storepass 123456 -rfc -file D:\ssl\client-ios.cer -provider org.bouncycastle.jce.provider.BouncyCastleProvider -storepass 123456
keytool -export -v -alias server -keystore D:\ssl\server.keystore -storepass 123456 -rfc -file D:\ssl\server-ios.cer
keytool -import -v -alias server -file D:\ssl\server-ios.cer -keystore D:\ssl\client-ios.truststore -storepass 123456
keytool -import -v -alias client-ios -file D:\ssl\client-ios.cer -keystore D:\ssl\server.keystore -storepass 123456
五、
ios-jks:双向成功
keytool -validity 365 -genkey -v -alias server -keyalg RSA -keystore D:\ssl\ios-jks\server.keystore -dname "CN=10.100.100.24,OU=sengled,O=sengled,L=Haidian,ST=Beijing,c=cn" -storepass 123456 -keypass 123456
keytool -validity 365 -genkeypair -v -alias client -keyalg RSA -storetype PKCS12 -keystore D:\ssl\ios-jks\client.p12 -dname "CN=client,OU=sengled,O=sengled,L=Haidian,ST=Beijing,c=cn" -storepass 123456 -keypass 123456
keytool -export -v -alias client -keystore D:\ssl\ios-jks\client.p12 -storetype PKCS12 -storepass 123456 -rfc -file D:\ssl\ios-jks\client.cer -provider org.bouncycastle.jce.provider.BouncyCastleProvider -storepass 123456
keytool -export -v -alias server -keystore D:\ssl\ios-jks\server.keystore -storepass 123456 -rfc -file D:\ssl\ios-jks\server.cer
keytool -import -v -alias server -file D:\ssl\ios-jks\server.cer -keystore D:\ssl\ios-jks\client.truststore -storepass 123456
keytool -import -v -alias client -file D:\ssl\ios-jks\client.cer -keystore D:\ssl\ios-jks\server.keystore -storepass 123456SSL通关之keytool 命令(三)
原文:http://blog.csdn.net/sundenskyqq/article/details/38415425
