Shulou(Shulou.com)05/31 Report--

This article mainly explains the "self-signed SSL certificate generation", the article explains the content is simple and clear, easy to learn and understand, the following please follow the editor's ideas slowly in depth, together to study and learn "self-signed SSL certificate how to generate" it!

Although the self-signed certificate indicates that it is not safe. However, there are still many benefits, so let's first talk about the generation of self-signed certificates, mainly using keytool.exe under Java JDK

1: download and install Java JDK first

2: after installation, find keytool.exe according to the actual path, such as mine: C:\ Program Files (x86)\ Java\ jdk1.8.0_101\ bin\ keytool.exe

3: generate keystore. Open the command line (cmd), go to the path where keytool is located, and run:

Keytool-genkey-alias tomcat-storetype PKCS12-keyalg RSA-keysize 2048-keystore d:\ mykeystore\ keystore.p12-validity 3650-ext san=ip:192.168.100.132-dname "CN=garyyan, OU=mycompany, O=mycompany, L=gd, ST=gd, C=china"

You only need to enter a password in the middle of this command to generate keystore, assuming that the password is: 123456

Where:

(1) keystore can be understood as a database, which can store many groups of data.

Each set of data mainly consists of the following two types of data:

A: key entity (Key entity)-key (secret key) or private key and paired public key (using asymmetric encryption)

B: trusted certificate entity (trusted certificate entries)-contains only the public key

(2)-keystore d:\ mykeystore\ keystore.p12, which is specified in d:\ mykeystore (you need to create this folder manually) to generate keystore:keystore.p12

(3)-alias tomcat, indicating the only alias in keystore: tomcat, because there may be other aliases in keystore, such as tomcat 2

(4)-storetype PKCS12 indicates that the key store type is PKCS12

(5)-keyalg RSA, which specifies the encryption algorithm. In this example, the general RAS encryption algorithm is used.

(6)-keysize 2048 specifies a key length of 2048

(8)-ext san=ip:192.168.100.132, please set it according to the IP address of your server. If you do not set it, the client may report an error during access.

(9)-dname "CN=garyyan, OU=mycompany,O=mycompany,L=gd, ST=gd, C=china"

Among them: "CN= (first name and last name), OU= (name of organization unit), O = (name of organization), L = (name of city or region), ST= (name of state or province), C = (two-letter country code of unit)", which I found in the course of testing.

Run the command:

Keytool-export-keystore d:\ mykeystore\ keystore.p12-alias tomcat-file mycer.cer-storepass 123456

Where:

(3)-file mycer.cer specifies that a certificate named mycer.cer is generated in the current directory

(4)-storepass 123456 is the password used to generate keystore above

Thank you for your reading, the above is the content of "how to generate self-signed SSL certificate". After the study of this article, I believe you have a deeper understanding of how to generate self-signed SSL certificate, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.