keytool创建Keystore和Trustsotre文件

一、生成一个含有一个私钥的keystore文件

user@ae01:~$ keytool -genkey -keystore keystore -alias jetty-azkaban -keyalg RSA
Enter keystore password: 
Re-enter new password: 
What is your first and last name?
  [Unknown]:  azkaban
What is the name of your organizational unit?
  [Unknown]:  Jetty
What is the name of your organization?
  [Unknown]:  Aug
What is the name of your City or Locality?
  [Unknown]:  SH
What is the name of your State or Province?
  [Unknown]:  SH
What is the two-letter country code for this unit?
  [Unknown]:  86
Is CN=azkaban, OU=Jetty, O=Aug, L=SH, ST=SH, C=86 correct?
  [no]:  yes
Enter key password for <jetty-azkaban2>
(RETURN if same as keystore password):

二、验证生成的keystore文件

keytool -list -v -keystore keystore.jks 
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: jetty-azkaban
Creation date: Jul 9, 2014
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=azkaban, OU=Jetty, O=Aug, L=SH, ST=SH, C=86
Issuer: CN=azkaban, OU=Jetty, O=Aug, L=SH, ST=SH, C=86
Serial number: 5f84c457
Valid from: Wed Jul 09 15:09:41 CST 2014 until: Tue Oct 07 15:09:41 CST 2014
Certificate fingerprints:
         MD5:  2F:D3:D9:61:0E:DD:B5:CD:96:E0:5F:C0:C5:87:54:FD
         SHA1: FD:0B:B4:57:37:CE:7A:40:02:DF:43:2A:A0:2A:70:A5:AE:AE:45:51
         SHA256: D5:EE:99:BF:E6:31:FC:4E:B3:B4:CD:8B:07:1D:D1:44:D0:CD:91:D8:83:15:F8:9D:D9:5E:41:E1:AA:FB:45:CB
         Signature algorithm name: SHA256withRSA
         Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: B5 97 26 95 F0 F5 D4 9E   4C 28 84 28 D4 B0 21 90  ..&.....L(.(..!.
0010: 6E A7 1E E0                                        n...
]
]



*******************************************
*******************************************

三、导出凭证文件

user@ae01:~$ keytool -export -alias jetty-azkaban -keystore keystore.jks -rfc -file selfsignedcert.cer
Enter keystore password:

生成的cer文件内容如下：

user@ae01:~$ cat selfsignedcert.cer
-----BEGIN CERTIFICATE-----
MIIDTTCCAjWgAwIBAgIEX4TEVzANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwI4NjELMAkGA1UE
CBMCU0gxCzAJBgNVBAcTAlNIMQwwCgYDVQQKEwNBdWcxDjAMBgNVBAsTBUpldHR5MRAwDgYDVQQD
EwdhemthYmFuMB4XDTE0MDcwOTA3MDk0MVoXDTE0MTAwNzA3MDk0MVowVzELMAkGA1UEBhMCODYx
CzAJBgNVBAgTAlNIMQswCQYDVQQHEwJTSDEMMAoGA1UEChMDQXVnMQ4wDAYDVQQLEwVKZXR0eTEQ
MA4GA1UEAxMHYXprYWJhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALtFxXjvwjfM
W10cs1f35eeswYGKghZXcIbUmGY1SiWhwsw0ZgajTPf9sXCK6wMkN83XO1JOE2x3g3BVdN51CMZ6
XvEr5cvjOn15t3vUIsWJoBi1Bk2D25fDS3GDVr8qF/ghOMcQXo+Ut6vLMVTrrNzbs7ifB6UNiPMP
gSfGJwrfoEL9cSTCmsXq4Dx1HxEcgd4+KxOgbKPHx9Q4Iv6+HV091IWGdIElmUxaWgasD7mArdmi
DvLd7kQzWWXiky0RVde/LX0Z4zH9RVtuuN7dvK433gnBIYZJeOzoo3J2gIepzwmBl3q2HHNMfDhu
paGsKYYx5vAtzSAFQmATeRf8b2kCAwEAAaMhMB8wHQYDVR0OBBYEFLWXJpXw9dSeTCiEKNSwIZBu
px7gMA0GCSqGSIb3DQEBCwUAA4IBAQCAnuL1Wkfx+bPSyPPlqysMcjTc1pvv8hDU+8V4BV1u5f/v
+etJ4gIdv9d6f4phkvBtoxEgQIq1VqONhdJrWL+J0h4W05Cy0AR/tkLA19VjhkIQvh7ZFBfJ6G/K
7JbmH0/f1oplrkQ9jMUdji7gE8OINNRynJGdgH9xd8Mm1I6+IBjUVUY7jKoVxKzkwJaH06fKUTp3
oPqmfyW7ZekzvVXQhqADEpsmZ6Hd30dmzJWkI2lwbsQNE9vf3dG7qKLDeWi78A7KZc3qtBvDUmyh
eztUpmAM/PCoO+vmCgZALkaQ1sTWORqQOsylSBY2ZDul0si+rI0nZ9Y6dTxhgFxe9QoB
-----END CERTIFICATE-----

四、导入认凭证件cer文件到truststore文件 

user@ae01:~$ keytool -import -alias certificatekey -file selfsignedcert.cer -keystore truststore.jks
Enter keystore password:

查看生成的truststore文件

user@ae01:~$ keytool -list -v -keystore truststore.jks
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: jetty-azkaban
Creation date: Jul 9, 2014
Entry type: trustedCertEntry

Owner: CN=azkaban, OU=Jetty, O=Aug, L=SH, ST=SH, C=86
Issuer: CN=azkaban, OU=Jetty, O=Aug, L=SH, ST=SH, C=86
Serial number: 5f84c457
Valid from: Wed Jul 09 15:09:41 CST 2014 until: Tue Oct 07 15:09:41 CST 2014
Certificate fingerprints:
         MD5:  2F:D3:D9:61:0E:DD:B5:CD:96:E0:5F:C0:C5:87:54:FD
         SHA1: FD:0B:B4:57:37:CE:7A:40:02:DF:43:2A:A0:2A:70:A5:AE:AE:45:51
         SHA256: D5:EE:99:BF:E6:31:FC:4E:B3:B4:CD:8B:07:1D:D1:44:D0:CD:91:D8:83:15:F8:9D:D9:5E:41:E1:AA:FB:45:CB
         Signature algorithm name: SHA256withRSA
         Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: B5 97 26 95 F0 F5 D4 9E   4C 28 84 28 D4 B0 21 90  ..&.....L(.(..!.
0010: 6E A7 1E E0                                        n...
]
]



*******************************************
*******************************************