Home  >  Article  >  https certificate generation steps

https certificate generation steps

尚
Original
2019-07-22 15:02:089142browse

https certificate generation steps

https certificate generation steps:

1. Generate key

Generate key ( jks file), the code here is to generate a "zinc_server.jks" key.

-alias zinc_server -keyalg RSA -keystore zinc_server.jks -validity 3600 -storepass 123456

Parameter description:

genkey creates a default file ".keystore" in the user's home directory, and also generates an alias of mykey, which contains the user's public key, private key and Certificate

alias: Generate an alias

keystore: Specify the name of the keystore

validity: Specify how many days the created certificate is valid

storepass: Specify the password Keystore password (password required to obtain keystore information)

keyalg: Specify the key algorithm (such as: RSA, DSA; if not specified, DSA is used by default)

More parameters :

keysize: Specify the key length

keypass: Specify the password of the alias entry (password of the private key)

dname: Specify the certificate owner information

list: Display the certificate information in the key store

keytool -list -keystore 指定keystore -storepass 密码

v: Display the certificate details in the key store

keytool -list -v -keystore 指定keystore -storepass 密码

2. Issue the certificate

The zinc_server.jks key in Section 1 is used here to issue the zinc_server.cer certificate

keytool -export -alias zinc_server -file zinc_server.cer  -keystore zinc_server.jks  -storepass 123456

3. Generate the certificate set bks used by Android

In Android You need to use the certificate set in bks format, so if you use it in Android, you need to convert the certificate generated in section 2. Use the following command

keytool -importcert -file zinc_server.cer -keystore zinc_server.bks -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider

If you use the above command, you may encounter an exception that the BouncyCastleProvider class cannot be found. At this time, you need to configure the environment a little

Enter bouncycastle official website to download The corresponding jdk version. Place the downloaded jar package in the path of your jdk installation/Contents/Home/jre/lib/ext, and try again.

https certificate generation steps

4. Convert jks to bks

The content of this section is because some apps need to perform two-way verification and need to The client's key is placed in the app.

The above is the detailed content of https certificate generation steps. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:what are sticky notesNext article:what are sticky notes