Skip to content

Commit

Permalink
Update SSL
Browse files Browse the repository at this point in the history
  • Loading branch information
@T5750
T5750 committed Dec 4, 2021
1 parent 0f57d5a commit 0273461
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 23 deletions.
28 changes: 6 additions & 22 deletions doc/source/security/SSL.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,39 +74,23 @@ SSL/TLS 协议(RFC2246 RFC4346)处于 TCP/IP 协议与各种应用层协议

## 安全钥匙与证书的管理工具 Keytool
1. 进入本地的 java 安装位置的 bin 目录中 cd /java/bin

2. 创建一个客户端 keystore 文件

`keytool -genkey -alias sslclient -keystore sslclientkeys`

![创建 keystore 文件](https://www.ibm.com/developerworks/cn/java/j-lo-ssltls/image002.png)

- `keytool -genkey -alias sslclient -keystore sslclientkeys`
3. 将客户端 keystore 文件导出成证书格式

`keytool -export -alias sslclient -keystore sslclientkeys -file sslclient.cer`

- `keytool -export -alias sslclient -keystore sslclientkeys -file sslclient.cer`
4. 创建一个服务器端 keystore 文件

`keytool -genkey -alias sslserver -keystore sslserverkeys`

- `keytool -genkey -alias sslserver -keystore sslserverkeys`
5. 将服务器端 keystore 文件导出成证书格式

`keytool -export -alias sslserver -keystore sslserverkeys -file sslserver.cer`

- `keytool -export -alias sslserver -keystore sslserverkeys -file sslserver.cer`
6. 将客户端证书导入到服务器端受信任的 keystore 中

`keytool -import -alias sslclient -keystore sslservertrust -file sslclient.cer`

- `keytool -import -alias sslclient -keystore sslservertrust -file sslclient.cer`
7. 将服务器端证书导入到客户端受信任的 keystore 中

`keytool -import -alias sslserver -keystore sslclienttrust -file sslserver.cer`
- `keytool -import -alias sslserver -keystore sslclienttrust -file sslserver.cer`

以上所有步骤都完成后,还可以通过命令来查看 keystore 文件基本信息

`keytool -list -keystore sslclienttrust`

![查看 keystore 文件](https://www.ibm.com/developerworks/cn/java/j-lo-ssltls/image003.png)

## References
- [Java SSL/TLS 安全通讯协议介绍](https://www.ibm.com/developerworks/cn/java/j-lo-ssltls/)
- [SSL/TLS协议运行机制的概述](http://www.ruanyifeng.com/blog/2014/02/ssl_tls.html)
Expand Down
16 changes: 15 additions & 1 deletion doc/source/security/SSLCommands.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,20 @@ cat nginxssl.crt gs_intermediate_ca.crt >testnginx.crt
openssl pkcs12 -nocerts -nodes -in nginxkeystore.p12 -out testnginx.key
```

## p12 -> crt
```
openssl pkcs12 -in testserver.p12 -nokeys -clcerts -out testserver.crt
```

## openssl
```
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
```
Common Name: `*.xxx.com`

## References
- [crt转为p12证书](https://www.jianshu.com/p/59e2bb2befa9)
- [Nginx证书配置:tomcat证书jks文件转nginx证书.cet和key文件](https://blog.csdn.net/liuchuan_com/article/details/54376258)
- [Nginx证书配置:tomcat证书jks文件转nginx证书.cet和key文件](https://blog.csdn.net/liuchuan_com/article/details/54376258)
- [openssl生成证书server.key server.crt](https://www.cnblogs.com/fangpengchengbupter/p/7999704.html)

0 comments on commit 0273461

Please sign in to comment.