https certificate generation steps:
1. Generate key
Generate key ( jks file), the code here is to generate a "zinc_server.jks" key.
-alias zinc_server -keyalg RSA -keystore zinc_server.jks -validity 3600 -storepass 123456
Parameter description:
genkey creates a default file ".keystore" in the user's home directory, and also generates an alias of mykey, which contains the user's public key, private key and Certificate
alias: Generate an alias
keystore: Specify the name of the keystore
validity: Specify how many days the created certificate is valid
storepass: Specify the password Keystore password (password required to obtain keystore information)
keyalg: Specify the key algorithm (such as: RSA, DSA; if not specified, DSA is used by default)
More parameters :
keysize: Specify the key length
keypass: Specify the password of the alias entry (password of the private key)
dname: Specify the certificate owner information
list: Display the certificate information in the key store
keytool -list -keystore 指定keystore -storepass 密码
v: Display the certificate details in the key store
keytool -list -v -keystore 指定keystore -storepass 密码
2. Issue the certificate
The zinc_server.jks key in Section 1 is used here to issue the zinc_server.cer certificate
keytool -export -alias zinc_server -file zinc_server.cer -keystore zinc_server.jks -storepass 123456
3. Generate the certificate set bks used by Android
In Android You need to use the certificate set in bks format, so if you use it in Android, you need to convert the certificate generated in section 2. Use the following command
keytool -importcert -file zinc_server.cer -keystore zinc_server.bks -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider
If you use the above command, you may encounter an exception that the BouncyCastleProvider class cannot be found. At this time, you need to configure the environment a little
Enter bouncycastle official website to download The corresponding jdk version. Place the downloaded jar package in the path of your jdk installation/Contents/Home/jre/lib/ext, and try again.
4. Convert jks to bks
The content of this section is because some apps need to perform two-way verification and need to The client's key is placed in the app.
The above is the detailed content of https certificate generation steps. For more information, please follow other related articles on the PHP Chinese website!