165 lines
No EOL
9.3 KiB
HTML
165 lines
No EOL
9.3 KiB
HTML
<!DOCTYPE html>
|
||
<html>
|
||
<head>
|
||
<meta charset="utf-8">
|
||
<meta name="tool" content="leanote-desktop-app">
|
||
<title>https证书</title>
|
||
<style>
|
||
|
||
*{font-family:"lucida grande","lucida sans unicode",lucida,helvetica,"Hiragino Sans GB","Microsoft YaHei","WenQuanYi Micro Hei",sans-serif;}
|
||
|
||
body {
|
||
margin: 0;
|
||
}
|
||
|
||
/*公用文字样式*/
|
||
h1{font-size:30px}h2{font-size:24px}h3{font-size:18px}h4{font-size:14px}
|
||
.note-container{
|
||
width:850px;
|
||
margin:auto;
|
||
padding: 10px 20px;
|
||
box-shadow: 1px 1px 10px #eee;
|
||
}
|
||
#title {
|
||
margin: 0;
|
||
}
|
||
table {
|
||
margin-bottom: 16px;
|
||
border-collapse: collapse;
|
||
}
|
||
table th, table td {
|
||
padding: 6px 13px;
|
||
border: 1px solid #ddd;
|
||
}
|
||
table th {
|
||
font-weight: bold;
|
||
}
|
||
|
||
table tr {
|
||
background-color: none;
|
||
border-top: 1px solid #ccc;
|
||
}
|
||
table tr:nth-child(2n) {
|
||
background-color: rgb(247, 247, 249);
|
||
}
|
||
.mce-item-table, .mce-item-table td, .mce-item-table th, .mce-item-table caption {
|
||
border: 1px solid #ddd;
|
||
border-collapse: collapse;
|
||
padding: 6px 13px;
|
||
}
|
||
blockquote {
|
||
border-left-width:10px;
|
||
background-color:rgba(128,128,128,0.05);
|
||
border-top-right-radius:5px;
|
||
border-bottom-right-radius:5px;
|
||
padding:15px 20px;
|
||
border-left:5px solid rgba(128,128,128,0.075);
|
||
}
|
||
blockquote p {
|
||
margin-bottom:1.1em;
|
||
font-size:1em;
|
||
line-height:1.45
|
||
}
|
||
blockquote ul:last-child,blockquote ol:last-child {
|
||
margin-bottom:0
|
||
}
|
||
pre {
|
||
padding: 18px;
|
||
background-color: #f7f7f9;
|
||
border: 1px solid #e1e1e8;
|
||
border-radius: 3px;
|
||
display: block;
|
||
}
|
||
code {
|
||
padding: 2px 4px;
|
||
font-size: 90%;
|
||
color: #c7254e;
|
||
white-space: nowrap;
|
||
background-color: #f9f2f4;
|
||
border-radius: 4px;
|
||
}
|
||
.footnote {
|
||
vertical-align: top;
|
||
position: relative;
|
||
top: -0.5em;
|
||
font-size: .8em;
|
||
}
|
||
|
||
hr {
|
||
margin:2em 0
|
||
}
|
||
img {
|
||
max-width:100%
|
||
}
|
||
pre {
|
||
word-break:break-word
|
||
}
|
||
p,pre,pre.prettyprint,blockquote {
|
||
margin:0 0 1.1em
|
||
}
|
||
hr {
|
||
margin:2em 0
|
||
}
|
||
img {
|
||
max-width:100%
|
||
}
|
||
.sequence-diagram,.flow-chart {
|
||
text-align:center;
|
||
margin-bottom:1.1em
|
||
}
|
||
.sequence-diagram text,.flow-chart text {
|
||
font-size:15px !important;
|
||
font-family:"Source Sans Pro",sans-serif !important
|
||
}
|
||
.sequence-diagram [fill="#ffffff"],.flow-chart [fill="#ffffff"] {
|
||
fill:#f6f6f6
|
||
}
|
||
.sequence-diagram [stroke="#000000"],.flow-chart [stroke="#000000"] {
|
||
stroke:#3f3f3f
|
||
}
|
||
.sequence-diagram text[stroke="#000000"],.flow-chart text[stroke="#000000"] {
|
||
stroke:none
|
||
}
|
||
.sequence-diagram [fill="#000"],.flow-chart [fill="#000"],.sequence-diagram [fill="#000000"],.flow-chart [fill="#000000"],.sequence-diagram [fill="black"],.flow-chart [fill="black"] {
|
||
fill:#3f3f3f
|
||
}
|
||
ul,ol {
|
||
margin-bottom:1.1em
|
||
}
|
||
ul ul,ol ul,ul ol,ol ol {
|
||
margin-bottom:1.1em
|
||
}
|
||
kbd {
|
||
padding:.1em .6em;
|
||
border:1px solid rgba(63,63,63,0.25);
|
||
-webkit-box-shadow:0 1px 0 rgba(63,63,63,0.25);
|
||
box-shadow:0 1px 0 rgba(63,63,63,0.25);
|
||
font-size:.7em;
|
||
font-family:sans-serif;
|
||
background-color:#fff;
|
||
color:#333;
|
||
border-radius:3px;
|
||
display:inline-block;
|
||
margin:0 .1em;
|
||
white-space:nowrap
|
||
}
|
||
.toc ul {
|
||
list-style-type:none;
|
||
margin-bottom:15px
|
||
}
|
||
</style>
|
||
<!-- 该css供自定义样式 -->
|
||
<link href="../leanote-html.css" rel="stylesheet">
|
||
</head>
|
||
|
||
<body>
|
||
|
||
<div class="note-container">
|
||
<h1 class="title" id="leanote-title">https证书</h1>
|
||
<div class="content-html" id="leanote-content"><div><a href="http://blog.csdn.net/kamouswjw/article/details/39050995" data-mce-href="http://blog.csdn.net/kamouswjw/article/details/39050995">http://blog.csdn.net/kamouswjw/article/details/39050995</a></div><p>一.生成证书</p><p><br></p><ul><li>生成CA证书。目前不使用第三方权威机构的CA来认证,自己充当CA的角色。</li></ul><p>1.创建私钥:<br>openssl genrsa -out root-key.pem 2048<br>2.创建证书请求:<br>openssl req -new -out root-req.csr -key root-key.pem<br>3.自签署证书:<br>openssl x509 -req -in root-req.csr -out root-cert.pem -signkey root-key.pem -days 3650 <br>4.将证书导出成浏览器支持的.p12格式:<br>openssl pkcs12 -export -clcerts -in root-cert.pem -inkey root-key.pem -out root.p12</p><p>密码iboxpay</p><ul><li>生成server证书</li></ul><p>1.创建私钥:<br>openssl genrsa -out server-key.pem 2048<br>2.创建证书请求:<br>openssl req -new -out server-req.csr -key server-key.pem <br>3.自签署证书:<br>openssl x509 -req -in server-req.csr -out server-cert.pem -signkey server-key.pem -CA root-cert.pem -CAkey root-key.pem -CAcreateserial -days 3650 <br>4.将证书导出成浏览器支持的.p12格式:<br>openssl pkcs12 -export -clcerts -in server-cert.pem -inkey server-key.pem -out server.p12</p><ul><li>生成client证书</li></ul><p>1.创建私钥:<br>openssl genrsa -out client-key.pem 2048<br>2.创建证书请求:<br>openssl req -new -out client-req.csr -key client-key.pem <br>3.自签署证书:<br>openssl x509 -req -in client-req.csr -out client-cert.pem -signkey client-key.pem -CA root-cert.pem -CAkey root-key.pem -CAcreateserial -days 3650 <br>4.将证书导出成浏览器支持的.p12格式:<br>openssl pkcs12 -export -clcerts -in client-cert.pem -inkey client-key.pem -out client.p12</p><ul><li>根据server证书生成jks文件</li></ul><div><br></div><div><span style="color: #333333; font-family: SimHei;" data-mce-style="color: #333333; font-family: SimHei;">./keytool -import -v -alias ga -file /etc/pki/CA/server/server_cert.pem -keystore /etc/pki/CA/server/keystore.jks -storepass iboxpay</span></div><div><span style="color: #333333; font-family: SimHei;" data-mce-style="color: #333333; font-family: SimHei;">./keytool -importkeystore -v -srckeystore /etc/pki/CA/server/server.p12 -srcstoretype pkcs12 -srcstorepass iboxpay -destkeystore /etc/pki/CA/server/keystore.jks -deststoretype jks<br></span><p><img id="__LEANOTE_D_IMG_1479693605817" src="http://192.168.56.4:9000/api/file/getImage?fileId=5833dcfc23eeeb0f8f0000c1" alt="" data-media-type="image" data-attr-org-src-id="6B57F85988B84287A576AAFF1C75A34A" data-attr-org-img-file="file:///C:/Users/Administrator/AppData/Local/YNote/data/hongxiutianmo@163.com/27a68d2b3ab7403ea81f4078acf0c29c/clipboard.png" data-mce-src="http://192.168.56.4:9000/api/file/getImage?fileId=5833dcfc23eeeb0f8f0000c1"></p><p><br></p><ul><li>根据client证书生成jks文件</li></ul><div><div><span style="color: #333333; font-family: SimHei;" data-mce-style="color: #333333; font-family: SimHei;">./keytool -import -alias ga -file /etc/pki/CA/client/client_cert.pem -keystore /etc/pki/CA/client/truststore.jks</span></div><br></div><div><br></div>四.RSA服务端加密,客户端解密<div><br></div>根据私钥和csr导出公钥<p><br></p><p>openssl x509 -req -in root-req.csr -out root_public_key.der -outform der -signkey root-key.pem -days 3650<br></p><p>如果重新来制作密钥则可以执行</p><p>openssl req -x509 -out public_key.der -outform der -new -newkey rsa:1024 -keyout private_key.pem -days 3650<br></p><p>这个语句等于3个作用</p><p> </p><p class="p1">1)创建私钥</p><div>openssl genrsa -out private_key.pem 1024</div><p class="p1">2)创建证书请求(按照提示输入信息)</p><div>openssl req -new -out cert.csr -key private_key.pem</div><p class="p1">3)自签署根证书</p><div>openssl x509 -req -in cert.csr -out public_key.der -outform der -signkey private_key.pem -days 3650</div><div><br></div><p><br></p><div><br></div><div><div>4. 将iboxpay.keystore 、iboxpay.truststore 两个文件放到目录:${JBOSS_HOME}\standalone\configuration 目录下</div><div><div>iboxpay.keystore 这个你可以放服务器的p12证书<br></div><div>iboxpay.truststore 这个放你刚生成的jks</div><br>5、修改standalone.xml 配置文件:<br> 在<security-realms>节点下增加配置:<br> <security-realm name="SslRealm"><br><br> <server-identities><br><br> <ssl><br><br> <keystore path="iboxpay.keystore" relative-to="jboss.server.config.dir" keystore-password="ibox123" alias="iboxpay" key-password="ibox123" /><br><br> </ssl><br><br> </server-identities><br><br> <authentication><br><br> <truststore path="iboxpay.truststore" relative-to="jboss.server.config.dir" keystore-password="ibox123" /><br><br> <local default-user="$local"/><br><br> <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/><br><br> </authentication><br><br> </security-realm><br><br>在<subsystem xmlns="urn:jboss:domain:undertow:1.2">节点下增加配置:<br><https-listener name="default-ssl" socket-binding="https" security-realm="SslRealm" verify-client="REQUIRED" /><br><br><br><br>4. 将iboxpay.keystore 、iboxpay.truststore 两个文件放到目录:${JBOSS_HOME}\standalone\configuration 目录下<br></div><br> <div><br></div><div><br></div><p><br></p><p><br></p><p><br></p><div> </div></div></div></div>
|
||
</div>
|
||
|
||
<!-- 该js供其它处理 -->
|
||
<script src="../leanote-html.js"></script>
|
||
</body>
|
||
</html> |