1.产生一个keystore:
keytool -genkey -alias myssl -keyalg RSA -keystore myssl.jks
运行这个命令,系统提示:
Enter keystore password:(输入keystore密码:)
yourpassword(输入密码)What is your first and last name?(您的名字与姓氏是什么?)
[Unknown]: www.myssl.cn(输入申请的证书的域名)What is the name of your organizational unit? (您的组织单位名称是什么?)
[Unknown]:Fastcom(输入你所在组织单位的名字)What is the name of your organization? (您的组织名称是什么?)
[Unknown]:Fastcom (输入你所在组织的名字)What is the name of your City or Locality?(您所在的城市或区域名称是什么?)
[Unknown]:Shanghai(输入所在城市的名字)What is the name of your State or Province? (您所在的州或省份名称是什么?)
[Unknown]:Shanghai(输入所在省份名字)What is the two-letter country code for this unit?(该单位的两字母国家代码是什么?)
[Unknown]:CN(输入国家名字,如果是中国,请输入CN)Is CN=www.myssl.cn, OU=fastcom, O=fastcom, L=Shanghai, ST=Shanghai, C=CN correct? [no]:
yes2.检查一个keystore:
keytool -list -v -keystore myssl.jks
Enter keystore password:yourpassword(输入密码)
将显示keystore內容如下:
Keystore type: jks
Keystore provider: SUN Your keystore contains 1 entry Alias name: myssl Creation date: Nov 24 , 2006 Entry type: keyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=www.myssl.cn, OU=fatcom, O=fastcom, L=Shanghai, ST=Shanghai, C=CN Issuer: CN=www.myssl.cn, OU=fastcom, O=fastcom, L=Shanghai, ST=Shanghai, C=CN Serial number: 3c22adc1 Valid from: Thu Nov 24 19:34:25 PST 2006 until: Thu Nov 24 19:34:25 PST 2007 Certificate fingerprints: MD5: F1:5B:9B:A1:F7:16:CF:25:CF:F4:FF:35:3F:4C:9C:F0 SHA1: B2:00:50:DD:B6:CC:35:66:21:45:0F:96:AA:AF:6A:3D:E4:03:7C:743.输出keystore到一个文件:testkey:
keytool -export -alias myssl -keystore myssl.jks -rfc -file testkey
系统输出:
Enter keystore password:your password(输入密码)
Certificate stored in file
4.输入证书到一个现有的keystore:
keytool -import -alias myssl -file testkey.cer -keystore myssl.jks
Enter keystore password:your new password.(输入truststore新密码)
5.检查truststore:
keytool -list -v -keystore truststore
系统将显示truststore的信息.