1.产生一个keystore:
keytool -genkey -alias myssl -keyalg RSA -keystore myssl.jks
运行这个命令,系统提示:
Enter keystore password:(输入keystore密码:)
yourpassword(输入密码)
What is your first and last name?(您的名字与姓氏是什么?)
[Unknown]: www.myssl.cn(输入申请的证书的域名)
What is the name of your organizational unit? (您的组织单位名称是什么?)
[Unknown]:Fastcom(输入你所在组织单位的名字)
What is the name of your organization? (您的组织名称是什么?)
[Unknown]:Fastcom (输入你所在组织的名字)
What is the name of your City or Locality?(您所在的城市或区域名称是什么?)
[Unknown]:Shanghai(输入所在城市的名字)
What is the name of your State or Province? (您所在的州或省份名称是什么?)
[Unknown]:Shanghai(输入所在省份名字)
What is the two-letter country code for this unit?(该单位的两字母国家代码是什么?)
[Unknown]:CN(输入国家名字,如果是中国,请输入CN)
Is CN=www.myssl.cn, OU=fastcom, O=fastcom, L=Shanghai, ST=Shanghai, C=CN correct? [no]:
yes
2.检查一个keystore:
keytool -list -v -keystore myssl.jks
Enter keystore password:yourpassword(输入密码)
将显示keystore內容如下:
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: myssl
Creation date: Nov 24 , 2006
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=www.myssl.cn, OU=fatcom, O=fastcom, L=Shanghai, ST=Shanghai, C=CN
Issuer: CN=www.myssl.cn, OU=fastcom, O=fastcom, L=Shanghai, ST=Shanghai, C=CN
Serial number: 3c22adc1
Valid from: Thu Nov 24 19:34:25 PST 2006 until: Thu Nov 24 19:34:25 PST 2007
Certificate fingerprints:
MD5: F1:5B:9B:A1:F7:16:CF:25:CF:F4:FF:35:3F:4C:9C:F0
SHA1: B2:00:50:DD:B6:CC:35:66:21:45:0F:96:AA:AF:6A:3D:E4:03:7C:74
3.输出keystore到一个文件:testkey:
keytool -export -alias myssl -keystore myssl.jks -rfc -file testkey
系统输出:
Enter keystore password:your password(输入密码)
Certificate stored in file
4.输入证书到一个现有的keystore:
keytool -import -alias myssl -file testkey.cer -keystore myssl.jks
Enter keystore password:your new password.(输入truststore新密码)
5.检查truststore:
keytool -list -v -keystore truststore
系统将显示truststore的信息.