Security


Certificate

CSR(Certificate Signing Request)

Create a keypair

keytool -genkeypair -keystore keystore.p12 -storetype PKCS12 

-alias ${THE_ALIAS} -keyalg RSA -keysize 2048 

-dname "CN=${THE_CN}" -storepass ${THE_PASSWORD}

 

#### Create a Certificate Signing Request

keytool -certreq -keystore keystore.p12 -storetype PKCS12 

-alias ${THE_ALIAS} -sigalg SHA256withRSA -storepass ${THE_PASSWORD}

 

#### Install the downloaded certificate.chain.pem to the keystore

keytool -import -keystore keystore.p12 -alias ${THE_ALIAS} 

-trustcacerts -file the.chain.pem -storepass ${THE_PASSWORD}

 

##### Extract private key

openssl pkcs12 -nocerts -in keystore.p12 -out the_private.key -nodes

 

##### Convert the pem to PKCS12 Keystore

openssl pkcs12 -export -in the.chain.pem -out keystore.p12 

-inkey the_private.key -name ${THE_ALIAS} -noiter -nomaciter

Concepts

alias
  • unique string to identify the key entry
trustStore vs keyStore
  • Keystore is used by a server to store private keys, and truststore is used by third party client to store public keys provided by server to access.
Posted by at
Labels: ,

Labels

adsense (5) Algorithm (69) Algorithm Series (35) Android (7) ANT (6) bat (8) Big Data (7) Blogger (14) Bugs (6) Cache (5) Chrome (19) Code Example (29) Code Quality (7) Coding Skills (5) Database (7) Debug (16) Design (5) Dev Tips (63) Eclipse (32) Git (5) Google (33) Guava (7) How to (9) Http Client (8) IDE (7) Interview (88) J2EE (13) J2SE (49) Java (186) JavaScript (27) JSON (7) Learning code (9) Lesson Learned (6) Linux (26) Lucene-Solr (112) Mac (10) Maven (8) Network (9) Nutch2 (18) Performance (9) PowerShell (11) Problem Solving (11) Programmer Skills (6) regex (5) Scala (6) Security (9) Soft Skills (38) Spring (22) System Design (11) Testing (7) Text Mining (14) Tips (17) Tools (24) Troubleshooting (29) UIMA (9) Web Development (19) Windows (21) xml (5)