生成秘钥模板
生成公私钥对1024长
keytool -genkeypair -keystore open.jckes -storetype jceks -storepass opensecret -keyalg RSA -keysize 1024 -alias openRS512 -keypass opensecret -sigalg SHA512withRSA -dname "CN=,OU=,O=,L=,ST=,C="
生成公私钥对2048长
keytool -genkeypair -keystore bank.jckes -storetype jceks -storepass banksecret -keyalg RSA -keysize 2048 -alias openRS512 -keypass banksecret -sigalg SHA512withRSA -dname "CN=,OU=,O=,L=,ST=,C="
导出公钥-发给银行
keytool -export -alias openRS512 -keystore bank.jckes -file bank.crt -storepass banksecret -storetype jceks
keytool -export -alias openRS512 -keystore open.jckes -file open.crt -storepass opensecret -storetype jceks
生成jwt文件(jwt需要足够加密方式方可使用,开始3个需要加上时间限制,不然失效时间很短)
keytool -genseckey -keystore openjwt.jckes -storetype jceks -storepass openjwtsecret -keyalg HMacSHA256 -keysize 2048 -alias HS256 -keypass openjwtsecret
keytool -genseckey -keystore openjwt.jckes -storetype jceks -storepass openjwtsecret -keyalg HMacSHA384 -keysize 2048 -alias HS384 -keypass openjwtsecret
keytool -genseckey -keystore openjwt.jckes -storetype jceks -storepass openjwtsecret -keyalg HMacSHA512 -keysize 2048 -alias HS512 -keypass openjwtsecret
keytool -genkeypair -keystore openjwt.jckes -storetype jceks -storepass openjwtsecret -keyalg RSA -keysize 2048 -alias RS256 -keypass openjwtsecret -sigalg SHA256withRSA -dname "CN=,OU=,O=,L=,ST=,C=" -validity 3650
keytool -genkeypair -keystore openjwt.jckes -storetype jceks -storepass openjwtsecret -keyalg RSA -keysize 2048 -alias RS384 -keypass openjwtsecret -sigalg SHA384withRSA -dname "CN=,OU=,O=,L=,ST=,C=" -validity 3650
keytool -genkeypair -keystore openjwt.jckes -storetype jceks -storepass openjwtsecret -keyalg RSA -keysize 2048 -alias RS512 -keypass openjwtsecret -sigalg SHA512withRSA -dname "CN=,OU=,O=,L=,ST=,C=" -validity 3650
keytool -genkeypair -keystore openjwt.jckes -storetype jceks -storepass openjwtsecret -keyalg EC -keysize 256 -alias ES256 -keypass openjwtsecret -sigalg SHA256withECDSA -dname "CN=,OU=,O=,L=,ST=,C=" -validity 3650
keytool -genkeypair -keystore openjwt.jckes -storetype jceks -storepass openjwtsecret -keyalg EC -keysize 384 -alias ES384 -keypass openjwtsecret -sigalg SHA384withECDSA -dname "CN=,OU=,O=,L=,ST=,C=" -validity 3650
keytool -genkeypair -keystore openjwt.jckes -storetype jceks -storepass openjwtsecret -keyalg EC -keysize 521 -alias ES512 -keypass openjwtsecret -sigalg SHA512withECDSA -dname "CN=,OU=,O=,L=,ST=,C=" -validity 3650
keytool -genkeypair -keystore openClient.jckes -storetype jceks -storepass openClient3Secret -keyalg RSA -keysize 2048 -alias openRS512 -keypass openClient3Secret -sigalg SHA512withRSA -dname "CN=,OU=,O=,L=,ST=,C="
keytool -export -alias openRS512 -keystore openClient.jckes -file openClient.crt -storepass openClient3Secret -storetype jceks
openssl x509 -in openClient.crt -out openClient.cer -outform der
keytool -list -rfc -keystore openClient.jckes -storepass openClient3Secret
keytool -genkeypair -keystore openClient.jckes -storetype jceks -storepass openClient3Secret -keyalg RSA -keysize 2048 -alias openRS512 -keypass openClient3Secret -sigalg SHA512withRSA -dname "CN=,OU=,O=,L=,ST=,C="
keytool -export -alias openRS512 -keystore openClient.jckes -file openClient.crt -storepass openClient3Secret -storetype jceks
keytool -genkeypair -keystore openServer.jckes -storetype jceks -storepass openServer3Secret -keyalg RSA -keysize 2048 -alias openRS512 -keypass openServer3Secret -sigalg SHA512withRSA -dname "CN=,OU=,O=,L=,ST=,C="
keytool -export -alias openRS512 -keystore openServer.jckes -file openServer.crt -storepass openServer3Secret -storetype jceks
keytool -genkeypair -keystore openClient.jckes -storetype jceks -storepass openClient2Secret -keyalg RSA -keysize 2048 -alias openRS512 -keypass openClient2Secret -sigalg SHA512withRSA -dname "CN=,OU=,O=,L=,ST=,C="
keytool -export -alias openRS512 -keystore openClient.jckes -file openClient.crt -storepass openClient2Secret -storetype jceks
keytool -genkeypair -keystore openServer.jckes -storetype jceks -storepass openServer2Secret -keyalg RSA -keysize 2048 -alias openRS512 -keypass openServer2Secret -sigalg SHA512withRSA -dname "CN=,OU=,O=,L=,ST=,C="
keytool -export -alias openRS512 -keystore openServer.jckes -file openServer.crt -storepass openServer2Secret -storetype jceks
keytool -genkeypair -keystore eletest.jckes -storetype jceks -storepass eletestsecret -keyalg RSA -keysize 2048 -alias openRS512 -keypass eletestsecret -sigalg SHA512withRSA -dname "CN=,OU=,O=,L=,ST=,C="
keytool -export -alias openRS512 -keystore eletest.jckes -file eletest.crt -storepass eletestsecret -storetype jceks
-----模板-------
会生成bank.crt 和 bank.jckes
keytool -genkeypair -keystore bank.jckes -storetype jceks -storepass banksecret -keyalg RSA -keysize 2048 -alias openRS512 -keypass banksecret -sigalg SHA512withRSA -dname "CN=,OU=,O=,L=,ST=,C="
keytool -export -alias openRS512 -keystore bank.jckes -file bank.crt -storepass banksecret -storetype jceks
---------测试----------生成的证书目录 C:\Users\localhost
会生成openClient.crt 和 openClient.jckes
keytool -genkeypair -keystore openClient.jckes -storetype jceks -storepass openClient4Secret -keyalg RSA -keysize 2048 -alias openRS512 -keypass openClient4Secret -sigalg SHA512withRSA -dname "CN=,OU=,O=,L=,ST=,C="
keytool -export -alias openRS512 -keystore openClient.jckes -file openClient.crt -storepass openClient4Secret -storetype jceks
keytool -genkeypair -keystore openServer.jckes -storetype jceks -storepass openServer4Secret -keyalg RSA -keysize 2048 -alias openRS512 -keypass openServer4Secret -sigalg SHA512withRSA -dname "CN=,OU=,O=,L=,ST=,C="
keytool -export -alias openRS512 -keystore openServer.jckes -file openServer.crt -storepass openServer4Secret -storetype jceks
-----模板-------
同事分享
在服务器上面直接生成
或者在本地.cmd窗口运行, 会生成 open-jwts-crt-test.pen 和 open-jwts-key-test.pem
生成公钥
keytool -genkeypair -keystore open-jwts-key-test.pem -deststoretype pkcs12 -storepass open-jwts-key-test-pass -keyalg RSA -keysize 4096 -alias open-jwts-key-test-RS512 -sigalg SHA512withRSA -dname "CN=,OU=,O=,L=,ST=,C=" -validity 3650
生成私钥
keytool -export -alias open-jwts-key-test-RS512 -keystore open-jwts-key-test.pem -file open-jwts-crt-test.pen -storepass open-jwts-key-test-pass -storetype pkcs12
浙公网安备 33010602011771号