如果您需要做的就是创建一对自签名证书,那么我可能会帮助您。
在Microsoft Windows计算机上:
- 创建一个空目录,并将以下脚本保存在那里(GenTestCerts.ps1)。
- 编辑脚本并将Alias值(和其他变量)更改为所需的值。
- 执行脚本。
将服务器(tomcat.server.net.p12)证书复制到服务器期望的位置。
将信任存储区(truststore.p12)复制到服务器期望的位置。
在Windows密钥库中安装admin(tomcat-admin.p12)证书,以将根接受到“受信任的根证书颁发机构”部分。
<# This sample Windows PowerShell script will: 1.) Create a Certificate Authority 2.) Create a Server Certificate signed by the Certificate Authority 3.) Create a Client Certificate signed by the Certificate Authority 4.) Create a TrustStore containing the public Certificate Authority key The first section defines variables The second section does the work All Key Stores are PKCS12 The Server Certificate includes a Subject Alternative Name The command below uses the serverAlias as the serverDNS value, but may be changed to whatever you need You just have Java 7 (or higher) installed and keytool in your path#><# Your Organizational Information #>$organizationalUnit="USN"$organization="NRL"$locality="Washington"$state="DC"$country="USA"<# Certificate Alias #>$authorityAlias="tomcat-root"$serverAlias="tomcat.server.net"$clientAlias="tomcat-admin"<# Subject Alternative Name #>$serverDNS="$serverAlias"<# Extensions #>$certAuthExtension="BasicConstraints:critical=ca:true,pathlen:10000"$altNameExtension="san=dns:$serverDNS"<# Trust Store #>$trustCertName="truststore"<# Key size and effective period #>$keySize="4096"$validity="365"<# Key and Store Password #>$certPassword="changeit"<# ------------------------------------------------------------------------------------------ #><# ------------------ Use caution if you change anything below this line ------------------ #><# ------------------------------------------------------------------------------------------ #>$authorityDN="CN=$authorityAlias,OU=$organizationalUnit,O=$organization,L=$locality,ST=$state,C=$country"$serverDN="CN=$serverAlias,OU=$organizationalUnit,O=$organization,L=$locality,ST=$state,C=$country"$clientDN="CN=$clientAlias,OU=$organizationalUnit,O=$organization,L=$locality,ST=$state,C=$country"rm "$authorityAlias.*"rm "$serverAlias.*"rm "$clientAlias.*"rm "$trustCertName.*"echo ""echo "Generating the Root Authority Certificate..."keytool -genkeypair -alias "$authorityAlias" -keyalg RSA -dname "$authorityDN" -ext "$certAuthExtension" ` -validity "$validity" -keysize "$keySize" -keystore "$authorityAlias.p12" -keypass "$certPassword" ` -storepass "$certPassword" -deststoretype pkcs12echo "- Exporting Root Authority Certificate Public Key..."keytool -exportcert -rfc -alias "$authorityAlias" -file "$authorityAlias.cer" -keypass "$certPassword" ` -keystore "$authorityAlias.p12" -storepass "$certPassword"echo ""echo "Generating the Server Certificate..."echo "- Creating Key Pair"keytool -genkey -validity "$validity" -keysize "$keySize" -alias "$serverAlias" -keyalg RSA -dname "$serverDN" ` -ext "$altNameExtension" -keystore "$serverAlias.p12" -keypass "$certPassword" -storepass "$certPassword" ` -deststoretype pkcs12echo "- Creating Certificate Signing Request"keytool -certreq -alias "$serverAlias" -ext "$altNameExtension" -keystore "$serverAlias.p12" -file "$serverAlias.csr" ` -keypass "$certPassword" -storepass "$certPassword"echo "- Signing Certificate"keytool -gencert -infile "$serverAlias.csr" -keystore "$authorityAlias.p12" -storepass "$certPassword" ` -alias "$authorityAlias" -ext "$altNameExtension" -outfile "$serverAlias.pem"echo "- Adding Certificate Authority Certificate to Keystore"keytool -import -trustcacerts -alias "$authorityAlias" -file "$authorityAlias.cer" -keystore "$serverAlias.p12" ` -storepass "$certPassword" -nopromptecho "- Adding Certificate to Keystore"keytool -import -keystore "$serverAlias.p12" -file "$serverAlias.pem" -alias "$serverAlias" -keypass "$certPassword" ` -storepass "$certPassword" -nopromptrm "$serverAlias.csr"rm "$serverAlias.pem"echo ""echo "Generating the Client Certificate..."echo "- Creating Key Pair"keytool -genkey -validity "$validity" -keysize "$keySize" -alias "$clientAlias" -keyalg RSA -dname "$clientDN" ` -keystore "$clientAlias.p12" -keypass "$certPassword" -storepass "$certPassword" -deststoretype pkcs12echo "- Creating Certificate Signing Request"keytool -certreq -alias "$clientAlias" -keystore "$clientAlias.p12" -file "$clientAlias.csr" -keypass "$certPassword" ` -storepass "$certPassword"echo "- Signing Certificate"keytool -gencert -infile "$clientAlias.csr" -keystore "$authorityAlias.p12" -storepass "$certPassword" ` -alias "$authorityAlias" -outfile "$clientAlias.pem"echo "- Adding Certificate Authority Certificate to Keystore"keytool -import -trustcacerts -alias "$authorityAlias" -file "$authorityAlias.cer" -keystore "$clientAlias.p12" ` -storepass "$certPassword" -nopromptecho "- Adding Certificate to Keystore"keytool -import -keystore "$clientAlias.p12" -file "$clientAlias.pem" -alias "$clientAlias" -keypass "$certPassword" ` -storepass "$certPassword" -nopromptrm "$clientAlias.csr"rm "$clientAlias.pem"echo ""echo "Generating the Trust Store and put the Client Certificate in it..."keytool -importcert -alias "$authorityAlias" -file "$authorityAlias.cer" -keystore "$trustCertName.p12" ` -storepass "$certPassword" -nopromptecho ""echo "Removing Public Key Files..."rm "$authorityAlias.cer"
希望这可以帮助。
最好,王牌
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)