Current location - Quotes Website - Signature design - How to judge the self-signed certificate in openssl
How to judge the self-signed certificate in openssl
2. Generate the root CA private key and certificate:

2. 1 Generate the private key of RootCA-"Generate CSR-Use private key-"to generate a self-signed root certificate. Used to sign the secondary CA certificate.

3. Generate the private key and certificate of the secondary CA: (If there are two secondary CAs, they are responsible for managing the certificates of the server and the client respectively)

3. 1 Mr. Cheng ServerCA private key-"Generate CSR-- with private key-"Generate secondary certificate with root certificate signature. Used to sign the server certificate.

3.2 Mr. Cheng's ClientCA private key-"Generate CSR-Use private key-"Sign with root certificate to generate secondary certificate. Used to sign client certificates.

4. Generate the private keys and certificates of the server and client:

4. 1 Mr. Cheng's ServerA private key-"Generate CSR-- with private key-"Generate a three-level certificate with the signature of ServerCA certificate.

4.2 Mr. Cheng ClientA's private key-"Generate CSR-Use private key-"Sign with ClientCA certificate to generate a three-level certificate.

4.3 Mr. Cheng's ClientB private key-"Generate CSR—— with private key-"Use ClientCA certificate signature to generate a three-level certificate.

. . . . N client certificate structures can be generated: root ca ||-client ca |-

5. Export the root certificate of the RootCA, the private keys and certificates of the server and the client.

Use Pem format when exporting.

Ruttka. Root certificate (PEM)

Servera. PEM- pem with certificate chain.

ClientA.pem-client certificate (pem with certificate chain)

ClientB.pem-client certificate (pem with certificate chain)

ServerAKey.pem-server-side private key (pem)

ClientAKey.pem-client private key (pem)

ClientBKey.pem-the client private key (pem).

6. The following is the most important step: generate the JKS file to be used. Keytool tool cannot import the private key, so you need to use the tools provided by weblogic, and weblogic.jar needs to be added to the CLASSPATH.

6. 1 Generate the trust certificate base of server and client:

keytool-import-alias rootca-file rootca . PEM-keystore trust . jks

6.2 Generate server-side identity keystore:

Java utilities. import private key-keystore servera . jks-store pass 123456-storetype JKS-key pass 123456-alias servera-certfile servera . PEM-keyfile server akey . PEM

6.3 Generate client identity keystore:

Javautils。 Import private key-keystore client.jks-storepass123456-storetype jks-keypass123456-alias client-certfileclient.pem-keyfileclient.pem ... to generate other client identity keystores.

7. Keytool-list-v-keystore client.jks (servera.jks) can view the certificate chain relationship.

Related articles
  • What is the meaning of "authorization certificate" in mobile phone security?
  • The Road to Fame of Genius Wang Bo
  • Description of decompilation and recompilation tools for Android APK+Dex files
  • What is the relationship between Northeastern University Qinhuangdao Campus and Northeastern University? Did you get the certificate after graduation from Qinhuangdao Campus of Dongda University? Hurr
  • A letter to parents in winter vacation, 1200 words, 5 articles.
  • Man-made or technical factors pose a threat to the security of e-commerce, which is more difficult to prevent.
  • How to rename the journey equipment?
  • What was the ugliest face you ever saw when you left your job?
  • In the third year of the Republic of China, there was the word Gioygi next to the silver dollar. What does this mean? How much is it worth?
  • How to change the personality signature in WeChat?

    • copyright 2024 Quotes Website All rights reserved