Openssl及Keytool相關指令
#檢視私鑰,需要輸入私鑰密碼 openssl rsa -in rsa.key
#證書校驗 openssl verify -CAfile trust.cer server.pem
#用openssl匯出證書和key openssl pkcs12 -in server.keystore.pkcs12 -clcerts -nokeys -out cert.pem openssl pkcs12 -in server.keystore.pkcs12 -nocerts -out key.pem
#對私鑰進行加密 openssl rsa -aes256 -in ca_key.pem -passout pass:$passwd -out ca_key.pem_tmp
#去除私鑰的保護密碼 openssl rsa -in /tmp/cert/server.key -out /tmp/cert/server_nopwd.key -passin file:/tmp/cert/pass.txt
#使用者提供的證書轉為pkcs12檔案 openssl pkcs12 -export -in ./client.pem -out ./client.p12
#轉換jks為pkcs12格式 keytool -importkeystore -srckeystore server.keystore.jks -destkeystore server.keystore.pkcs12 -deststoretype pkcs12
#pkcs12檔案轉為server的jks檔案 keytool -importkeystore -srckeystore ./client.p12 -destkeystore ./clientKeyStore -srcstoretype pkcs12
#jks提取CA證書 keytool -list -rfc -keystore server.truststore.jks -storepass GSn7ecZ_xSy9afd8 keytool -list -rfc -keystore server.keystore.jks -storepass Pbnls_md4Nttjktg
#修改別名 keytool -changealias -keystore KarafKeystore -alias ac_common -destalias tomcat -storepass $passwd
#列印pem證書內容 openssl x509 -in cert.pem -noout -text
#pem格式的ca證書轉換成truststone keytool -importcert -trustcacerts -file ./CA.pem -keystore ./trustStone -storepass ${password} -alias CA
#檢視jks證書內容 #keytool -list -v -keystore trustStone -storepass ${password}
#修改jks證書的別名 keytool -changealias -keystore ./clientKeyStore -alias my_name -destalias androiddebugkey
#keytool也可以直接生成證書 keytool -genkey -alias test -dname CN=test,OU=share,O=share,L=sz,S=gd,C=CN -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -validity 36500 -keypass yourkeypass -storepass yourstorepass -keystore keystore.keystore