使用HttpClient进行https连接(一)
2015-07-15 13:08
537 查看
一、生成密钥库和证书
1、生成服务器证书库
2、生成客户端证书库
3、从客户端证书库中导出客户端证书
4、从服务器证书库中导出服务端证书
5、生成客户端信任证书库(由服务端证书生成的证书库)
命令:
成功结果:
6、将客户端证书导入到服务器证书库(使得服务器信任客户端证书)
成功结果:
7、查看证书库中的全部证书:
结果:
[root@uem bin]# keytool -list -keystore /opt/UEM/keyStore/uyun.keystore -storepass uyuncollector
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
client, Jul 15, 2015, trustedCertEntry,
Certificate fingerprint (SHA1): 7D:6B:1E:68:7D:9E:04:8B:B4:12:51:61:89:46:56:06:C2:50:5C:94
uyun, Jul 15, 2015, PrivateKeyEntry,
Certificate fingerprint (SHA1): 17:A6:24:A4:3D:0B:D3:8F:50:5A:8E:91:E8:1D:23:72:6C:D1:3D:38
1、生成服务器证书库
keytool -validity 365 -genkey -v -alias uyun -keyalg RSA -keystore /opt/UEM/keyStore/uyun.keystore -dname "CN=192.168.16.163,OU=broada,O=broada,L=Hangzhou,ST=Hangzhou,c=cn" -storepass uyuncollector -keypass uyuncollector
2、生成客户端证书库
keytool -validity 365 -genkeypair -v -alias client -keyalg RSA -storetype PKCS12 -keystore /opt/UEM/keyStore/client.p12 -dname "CN=client,OU=broada,O=broada,L=hangzhou,ST=hangzhou,c=cn" -storepass uyuncollector -keypass uyuncollector
3、从客户端证书库中导出客户端证书
keytool -export -v -alias client -keystore /opt/UEM/keyStore/client.p12 -storetype PKCS12 -storepass uyuncollector -rfc -file /opt/UEM/keyStore/client.cer
4、从服务器证书库中导出服务端证书
keytool -export -v -alias uyun -keystore /opt/UEM/keyStore/uyun.keystore -storepass uyuncollector -rfc -file /opt/UEM/keyStore/uyun.cer
5、生成客户端信任证书库(由服务端证书生成的证书库)
命令:
keytool -import -v -alias uyun -file /opt/UEM/keyStore/uyun.cer -keystore /opt/UEM/keyStore/client.truststore -storepass uyuncollector
成功结果:
[root@uem bin]# keytool -import -v -alias uyun -file /opt/UEM/keyStore/uyun.cer -keystore /opt/UEM/keyStore/client.truststore -storepass uyuncollectorOwner: CN=192.168.16.163, OU=broada, O=broada, L=Hangzhou, ST=Hangzhou, C=cn
Issuer: CN=192.168.16.163, OU=broada, O=broada, L=Hangzhou, ST=Hangzhou, C=cn
Serial number: 21210db8
Valid from: Wed Jul 15 11:39:18 CST 2015 until: Thu Jul 14 11:39:18 CST 2016
Certificate fingerprints:
MD5: 82:37:F3:44:19:93:94:A5:E7:6A:60:3A:AA:CF:8B:80
SHA1: 17:A6:24:A4:3D:0B:D3:8F:50:5A:8E:91:E8:1D:23:72:6C:D1:3D:38
SHA256: F0:A9:EC:85:06:64:E9:5D:D6:7B:65:9C:40:7D:DF:2C:C1:B5:41:08:CC:86:E1:1B:4A:3A:A3:0C:E2:F1:44:41
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 02 E6 CD 31 BE F0 54 84 D1 B5 A3 E7 DC 2E 03 5B ...1..T........[
0010: F2 22 05 0D ."..
]
]
Trust this certificate? [no]: y
Certificate was added to keystore
[Storing /opt/UEM/keyStore/client.truststore]
6、将客户端证书导入到服务器证书库(使得服务器信任客户端证书)
keytool -import -v -alias client -file /opt/UEM/keyStore/client.cer -keystore /opt/UEM/keyStore/uyun.keystore -storepass uyuncollector
成功结果:
[root@uem bin]# keytool -import -v -alias client -file /opt/UEM/keyStore/client.cer -keystore /opt/UEM/keyStore/uyun.keystore -storepass uyuncollectorOwner: CN=client, OU=broada, O=broada, L=hangzhou, ST=hangzhou, C=cn
Issuer: CN=client, OU=broada, O=broada, L=hangzhou, ST=hangzhou, C=cn
Serial number: 2dac5990
Valid from: Wed Jul 15 11:44:12 CST 2015 until: Thu Jul 14 11:44:12 CST 2016
Certificate fingerprints:
MD5: 8B:80:CE:DB:5A:1A:B7:91:0F:46:93:1C:82:03:C6:7C
SHA1: 7D:6B:1E:68:7D:9E:04:8B:B4:12:51:61:89:46:56:06:C2:50:5C:94
SHA256: 25:FE:36:79:7E:0C:9A:9F:DD:95:DB:92:82:C1:FC:C1:BD:BB:6B:05:D8:84:52:33:FE:5F:8D:25:23:00:E0:86
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C4 52 CC CC 7A B0 B5 CA B6 CF E1 F9 53 7E 91 69 .R..z.......S..i
0010: 03 1C B2 69 ...i
]
]
Trust this certificate? [no]: y
Certificate was added to keystore
[Storing /opt/UEM/keyStore/uyun.keystore]
7、查看证书库中的全部证书:
keytool -list -keystore /opt/UEM/keyStore/uyun.keystore -storepass uyuncollector
结果:
[root@uem bin]# keytool -list -keystore /opt/UEM/keyStore/uyun.keystore -storepass uyuncollector
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
client, Jul 15, 2015, trustedCertEntry,
Certificate fingerprint (SHA1): 7D:6B:1E:68:7D:9E:04:8B:B4:12:51:61:89:46:56:06:C2:50:5C:94
uyun, Jul 15, 2015, PrivateKeyEntry,
Certificate fingerprint (SHA1): 17:A6:24:A4:3D:0B:D3:8F:50:5A:8E:91:E8:1D:23:72:6C:D1:3D:38
相关文章推荐
- Android编程获取网络连接状态及调用网络配置界面
- HTTP协议详解(真的很经典)
- 虚拟机中 Centos 7 网络和SSH的配置
- Python网络爬虫对知乎首页进行爬取
- yispider 开源小说采集器 (来源http://git.oschina.net/yispider/yispider 我的修改版因为他的我无法跑)
- 黑马程序员——网络编程详解
- HTTP2
- C 语言 linux socket网络编程常用函数
- 测试配置yum仓库的http镜像
- android开发常用到的一些网络通信包(转)
- 杂谈网络文学
- Android-HttpURLConnection自动管理cookie
- 【网络流】 TOJ 3854. Haitang2
- 【计算机网络】(一)HTTP 状态码
- Unity 网络通信
- android-async-http AsyncHttpClient介绍
- 使用Volley缓存图片时,缓存无效的原因。
- 网络相关面试题1
- tcp相关知识
- https原理及tomcat配置https方法