?? codes.txt
字號:
mkdir myCA
openssl genrsa -out myCA/ca-key.pem 1024
openssl req -new -out myCA/ca-req.csr -key myCA/ca-key.pem
openssl x509 -req -in myCA/ca-req.csr -out myCA/ca-cert.pem -signkey myCA/ca-key.pem -days 365
mkdir server
/usr/lib/jvm/java-6-sun/bin/keytool -genkey -alias tomcat_server -validity 365 -keyalg RSA -keysize 1024 -keypass 123456 -storepass 123456 -dname "cn=amu, ou=SP, o=SP, l=YY, st=HN, c=CN" -keystore server/server_keystore
/usr/lib/jvm/java-6-sun/bin/keytool -certreq -alias tomcat_server -sigalg MD5withRSA -file server/server.csr -keypass 123456 -keystore server/server_keystore -storepass 123456
copy ca-cert.srl form openSSL/apps/ to your myCA and server
openssl x509 -req -in server/server.csr -out server/server-cert.pem -CA myCA/ca-cert.pem -CAkey myCA/ca-key.pem -days 365
sudo /usr/lib/jvm/java-6-sun/bin/keytool -import -v -trustcacerts -storepass 123456 -alias my_ca_root -file myCA/ca- cert.pem -keystore /usr/lib/jvm/java-6-sun/jre/lib/security/cacerts
sudo /usr/lib/jvm/java-6-sun/bin/keytool -import -v -trustcacerts -storepass 123456 -alias tomcat_server -file server/server-cert.pem -keystore server/server_keystore
keytool -list -keystore /usr/lib/jvm/java-6-sun/jre/lib/security/cacerts
keytool -list -keystore server/server_keystore
sudo gedit /opt/tomcat/conf/server.xml
<!— Define an SSL HTTP/1.1 Connector on port 8443 -->
<Connector className="org.apache.catalina.connector.http.HttpConnector"
port="8443" minProcessors="5" maxProcessors="75"
enableLookups="false"
acceptCount="10" debug="0" scheme="https" secure="true">
<Factory className="org.apache.catalina.net.SSLServerSocketFactory"
clientAuth="true" protocol="TLS"
keystoreFile="/opt/tomcat/conf/server_keystore" keystorePass="123456"
/>
</Connector>
sudo cp server/server_keystore /opt/tomcat/conf/server_keystore
mkdir client
openssl genrsa -out client/client-key.pem 1024
openssl req -new -out client/client-req.csr -key client/client- key.pem
openssl x509 -req -in client/client-req.csr -out client/client-cert.pem -signkey client/client-key.pem -CA myCA/ca-cert.pem -CAkey myCA/ca-key.pem -CAcreateserial -days 365
openssl pkcs12 -export -clcerts -in client/client- cert.pem -inkey client/client-key.pem -out client/client.p12
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -