• 获得网址的Https的SSL证书并且保存到truststore


    一、生成PEM文件

    这里以邮件发送接口为例https://api.mailgun.net/v3/,首先运行以下命令:

    openssl s_client -host api.mailgun.net -port 443 -prexit -showcerts

    执行结果如下:

    CONNECTED(00000003)
    depth=1 C = US, O = "thawte, Inc.", CN = thawte SHA256 SSL CA
    verify error:num=20:unable to get local issuer certificate
    ---
    Certificate chain
     0 s:/C=US/ST=Texas/L=San Antonio/O=Rackspace US, Inc/OU=Mailgun/CN=*.mailgun.com
       i:/C=US/O=thawte, Inc./CN=thawte SHA256 SSL CA
    -----BEGIN CERTIFICATE-----
    MIIGRjCCBS6gAwIBAgIQcPBE+lQWtps2UTd0ornMgjANBgkqhkiG9w0BAQsFADBD
    MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMR0wGwYDVQQDExR0
    aGF3dGUgU0hBMjU2IFNTTCBDQTAeFw0xNjAyMDkwMDAwMDBaFw0xODA0MDgyMzU5
    NTlaMHkxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIEwVUZXhhczEUMBIGA1UEBxQLU2Fu
    IEFudG9uaW8xGjAYBgNVBAoUEVJhY2tzcGFjZSBVUywgSW5jMRAwDgYDVQQLFAdN
    YWlsZ3VuMRYwFAYDVQQDFA0qLm1haWxndW4uY29tMIIBIjANBgkqhkiG9w0BAQEF
    AAOCAQ8AMIIBCgKCAQEAyzQJUmOuQsksJ+ypj6ndmfkmFa39aXZKxIsvVSSmGSqU
    upFO3awNDo4aaGnjjN8OFwHQozthBfNz04RDKgV0E22gyrrOOpCd88mHokJKeV04
    TVc93/MQYAVQQ3Ou7b/GafuFcDu1Z5s+YgN1iMEXR4iMczlFsS1SzWZ03WOFeEGn
    xR31n6wLoOwcBEvD58v4zANntM9Ajwv0UHpd72nzBpwVFQYwY3vQrfK/5E5nbWJf
    cixs85Ube9L5ID71d49f9XRctPLvAINkktjvAu627WGg9Vs2KmzfXd+xJTcjZdpH
    WcW/PohxCZfyIaVP2tf5b7JwJFYp4ZkKt8KH8CR/5QIDAQABo4IC/jCCAvowJQYD
    VR0RBB4wHIINKi5tYWlsZ3VuLmNvbYILbWFpbGd1bi5jb20wCQYDVR0TBAIwADBu
    BgNVHSAEZzBlMGMGBmeBDAECAjBZMCYGCCsGAQUFBwIBFhpodHRwczovL3d3dy50
    aGF3dGUuY29tL2NwczAvBggrBgEFBQcCAjAjDCFodHRwczovL3d3dy50aGF3dGUu
    Y29tL3JlcG9zaXRvcnkwDgYDVR0PAQH/BAQDAgWgMB8GA1UdIwQYMBaAFCuaNa4B
    GDgw4XB6BeARdqPOvZAUMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly90Zy5zeW1j
    Yi5jb20vdGcuY3JsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBXBggr
    BgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly90Zy5zeW1jZC5jb20wJgYI
    KwYBBQUHMAKGGmh0dHA6Ly90Zy5zeW1jYi5jb20vdGcuY3J0MIIBfgYKKwYBBAHW
    eQIEAgSCAW4EggFqAWgAdgDd6x0reg1PpiCLga2BaHB+Lo6dAdVciI09EcTNtuy+
    zAAAAVLIMQUYAAAEAwBHMEUCIQDw4Wpn51ujDWjQefvSO+c+nyE3RqkV6dw6XFEN
    eA8pugIgIxMLVoe+r1/MvLT4j3A9n7VexNSTQi1av1iMMGhnh5IAdgCkuQmQtBhY
    FIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAVLIMQVLAAAEAwBHMEUCIQCBXz+e
    sY2e3s4yN4gMKxHyg5aeB+5l8CN4/EG9PRDPIwIgb4nJn6xUKjEgLkSOOrfjejS+
    HbAHHOZrWs7cAgc774gAdgBo9pj4H2SCvjqM7rkoHUz8cVFdZ5PURNEKZ6y7T0/7
    xAAAAVLIMQVHAAAEAwBHMEUCIH5+Rt1+ohQPjiGesEqJomZv8/LnuFE7RCTi1dai
    Xk8sAiEAqycC8AGehR5pBhWUpGlx3IOXzA2EKda90FLF2Koq9D0wDQYJKoZIhvcN
    AQELBQADggEBACPqESoobL82TMXdGGbGQoTu03Bk+9lL0uxOSzGP+TJnjrb4b7p4
    SvaM/z8XIKmgT3z3BP/wjyTN71BLVbamdLjcfHnNA6AYHE/sv91enmmCExsSN5Yd
    JWttWO8kk7pa944dOJ1vhPBmd3uGyTX1LuFTPe0++yUJvfv0dwvL/f7VFqM8ZYTO
    bf9BwQf7OedInr5qQaGHGenOFJStiNalotvmivBnzkrFT8xkK4f3tq73v5iT+Cyl
    MMLNho6OlLp4YNeUgglcmv2xv+HynkeWZeiIDtLsHceEdiOEP1FlkXT+BWJID2v4
    M4CQfAVIzBQ/iNo+Dm9SHcae02JwWSGxeSM=
    -----END CERTIFICATE-----
     1 s:/C=US/O=thawte, Inc./CN=thawte SHA256 SSL CA
       i:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2008 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G3
    -----BEGIN CERTIFICATE-----
    MIIEwjCCA6qgAwIBAgIQNjSeGMmcJmm2Vi5s5a1xMjANBgkqhkiG9w0BAQsFADCB
    rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
    Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
    MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV
    BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0xMzA1MjMwMDAwMDBa
    Fw0yMzA1MjIyMzU5NTlaMEMxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUs
    IEluYy4xHTAbBgNVBAMTFHRoYXd0ZSBTSEEyNTYgU1NMIENBMIIBIjANBgkqhkiG
    9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo2Mr1LpdOK6wz7lMON8gffErR3Edi2jzVvmc
    2qrlhCbepXEwvPMxI53oO4DIZld1tlcO25P1Jo5wumRSZooqiFxEGE2oony9VmEy
    kBL5NYdIYLBukGdEAY3nyQ1jaHJyq2M8hrgffa2IJadqiCn7WcZ4cV8suonm04D9
    V+y5UV9DMy5+JTukBNFgjLNEM5MMrSq2RKIZO6/EkG97BYeGmyxqnStsd8kAn8nP
    rO0+G/fD89n4bNSgV8T7KDKqM/Dmupjf5cJOnHS/ikjC8hvwd0BBBwSyOtVMxCmp
    EUA/AkbwkdXSgYOGE7Mx7UarqId2qZl9vM0xUPSltdylMrOLiwIDAQABo4IBRDCC
    AUAwMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC50aGF3
    dGUuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAwQQYDVR0gBDowODA2BgpghkgBhvhF
    AQc2MCgwJgYIKwYBBQUHAgEWGmh0dHBzOi8vd3d3LnRoYXd0ZS5jb20vY3BzMDcG
    A1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQQ0Et
    RzMuY3JsMA4GA1UdDwEB/wQEAwIBBjAqBgNVHREEIzAhpB8wHTEbMBkGA1UEAxMS
    VmVyaVNpZ25NUEtJLTItNDE1MB0GA1UdDgQWBBQrmjWuARg4MOFwegXgEXajzr2Q
    FDAfBgNVHSMEGDAWgBStbKqUYJzt5P/6Pgp0K2MD97ZZvzANBgkqhkiG9w0BAQsF
    AAOCAQEAdKZW6K+Tlhn7JvkNsESlzel6SAN0AWwTcbfggpCZYiPj1pmv8McenqgY
    Idu0lD80VhuZVS+O8EUzMrdywRNbNNP1YOUuGNFcxWrBqodQDBydZCv/G9zVLmEL
    57m2kVOG2QMq0T17StorB74p8mBCqZEaDi480X2lExQC+u6LjbbIuD5WgVchJD9l
    w7TJzlyNRqxT8/lVdMgr/dJ4cPX4EeX0p60g9Z3x7HD2E6zmjI3bP8byeQ6rUvLM
    G3knzxaz1vPGNoBD7MWU8N2QjfjGUkZW63RHvqbzGa5xTMDh59TP7dQGKCoRPLrZ
    QW4A54E3k+TaYsYdZ29jtBSG2aZi8A==
    -----END CERTIFICATE-----
    ---
    Server certificate
    subject=/C=US/ST=Texas/L=San Antonio/O=Rackspace US, Inc/OU=Mailgun/CN=*.mailgun.com
    issuer=/C=US/O=thawte, Inc./CN=thawte SHA256 SSL CA
    ---
    No client certificate CA names sent
    Peer signing digest: SHA512
    Server Temp Key: ECDH, P-256, 256 bits
    ---
    SSL handshake has read 3342 bytes and written 434 bytes
    ---
    New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
    Server public key is 2048 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    SSL-Session:
        Protocol  : TLSv1.2
        Cipher    : ECDHE-RSA-AES128-GCM-SHA256
        Session-ID: E279B2FA33421D0A68D77E6405256671A7E0438D8F61C9A85FB67ABE40B07437
        Session-ID-ctx:
        Master-Key: 9A46CDBA8230B31F0AD744A49AEB97D44346DD26687689C5BF52A1F93BC4F0EFC4A8DFCD1F38DE35FF6007E4823ED0C7
        Key-Arg   : None
        PSK identity: None
        PSK identity hint: None
        SRP username: None
        Start Time: 1493541740
        Timeout   : 300 (sec)
        Verify return code: 20 (unable to get local issuer certificate)
    ---

     将输出内容保存为pem文件,这里我保存为名为mailgun.pem的文件。

    二、将证书导入truststore文件

    cp $JAVA_HOME/jre/lib/security/cacerts  trustore

    本质上keyStore和strustStore文件格式上是一回事,keyStore存的一般是私钥,trustStore存放的是公钥。

    导入证书(初始密码是changeit):

    keytool -import -alias gca -file mailgun.pem -keystore truststore

     导入成功会有提示。GOOD LUCK

    三、参考

    https://www.cloudera.com/documentation/enterprise/5-8-x/topics/cm_sg_create_key_trust.html

  • 相关阅读:
    myeclipse部署maven项目到tomcat,src/main/resources里面配置文件部署不到webapp下classes
    MyEclipse自动生成Ant Build.xm
    MySQL This function has none of DETERMINISTIC, NO SQL...错误1418 的原因分析及解决方法
    解决openoffice进程异常退出的办法:
    【常见Web应用安全问题】---4、Directory traversal
    Errors running builder 'DeploymentBuilder' on project ' 解决方法
    linux CentOS 安装rz和sz命令 lrzsz
    (转)Maven的pom.xml文件结构之Build配置build
    spring整合xfire出现Document root element "beans", must match DOCTYPE root "null"错误解决方案
    linux解压zip、bz、bz2、z、gz、tar(解包)
  • 原文地址:https://www.cnblogs.com/bobsha/p/6789841.html
Copyright © 2020-2023  润新知