生成keystore和truststore文件
依次执行以下的命令,执行中需要设置一个不少于6位的密码,这里设置的密码为hadoop。执行完成后,会在当前目录生成keystore和truststore文件。
[root@itp-flink—master ~]# openssl req -new -x509 -keyout test_ca_key -out test_ca_cert -days 9999 -subj '/C=CN/ST=beijing/L=beijing/O=itp_cy/OU=itp_cy/CN=itp_cy.com'
Generating a 2048 bit RSA private key
.....................................................................................+++
......................+++
writing new private key to 'test_ca_key'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
[root@itp-flink—master ~]# keytool -keystore keystore -alias localhost -validity 9999 -genkey -keyalg RSA -keysize 2048 -dname "CN=itp_cy.com, OU=itp_cy, O=itp_cy, L=beijing, ST=beijing, C=cn"
Enter keystore password:
Re-enter new password:
Enter key password for
(RETURN if same as keystore password):
[root@itp-flink—master ~]# keytool -keystore truststore -alias CARoot -import -file test_ca_cert
Enter keystore password:
Re-enter new password:
Owner: CN=itp_cy.com, OU=itp_cy, O=itp_cy, L=beijing, ST=beijing, C=CN
Issuer: CN=itp_cy.com, OU=itp_cy, O=itp_cy, L=beijing, ST=beijing, C=CN
Serial number: 92afbb79bf87d705
Valid from: Fri Jul 19 20:31:39 CST 2019 until: Mon Dec 03 20:31:39 CST 2046
Certificate fingerprints:
MD5: 65:8F:F2:74:53:32:59:06:B5:33:DD:91:4B:68:96:11
SHA1: AE:ED:7B:CE:FA:2A:8C:13:4E:65:BA:C2:A6:50:0F:6A:B1:41:F2:2C
SHA256: 74:9F:23:1E:5A:69:FC:7F:83:71:E6:40:B1:60:4C:6C:A4:D8:27:AE:96:F4:29:96:95:12:C5:2D:1D:85:93:5D
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: FE A2 FD 02 DF CB AF 25 4E 1F D3 98 B9 2D 2A 08 .......%N....-*.
0010: 5F F9 0B DF _...
]
]
#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: FE A2 FD 02 DF CB AF 25 4E 1F D3 98 B9 2D 2A 08 .......%N....-*.
0010: 5F F9 0B DF _...
]
]
Trust this certificate? [no]: yes
Certificate was added to keystore
[root@itp-flink—master ~]# keytool -certreq -alias localhost -keystore keystore -file cert
Enter keystore password:
[root@itp-flink—master ~]# openssl x509 -req -CA test_ca_cert -CAkey test_ca_key -in cert -out cert_signe 9999 -CAcreateserial -passin pass:hadoop
Signature ok
subject=/C=cn/ST=beijing/L=beijing/O=itp_cy/OU=itp_cy/CN=itp_cy.com
Getting CA Private Key
[root@itp-flink—master ~]# keytool -keystore keystore -alias CARoot -import -file test_ca_cert
Enter keystore password:
Owner: CN=itp_cy.com, OU=itp_cy, O=itp_cy, L=beijing, ST=beijing, C=CN
Issuer: CN=itp_cy.com, OU=itp_cy, O=itp_cy, L=beijing, ST=beijing, C=CN
Serial number: 92afbb79bf87d705
Valid from: Fri Jul 19 20:31:39 CST 2019 until: Mon Dec 03 20:31:39 CST 2046
Certificate fingerprints:
MD5: 65:8F:F2:74:53:32:59:06:B5:33:DD:91:4B:68:96:11
SHA1: AE:ED:7B:CE:FA:2A:8C:13:4E:65:BA:C2:A6:50:0F:6A:B1:41:F2:2C
SHA256: 74:9F:23:1E:5A:69:FC:7F:83:71:E6:40:B1:60:4C:6C:A4:D8:27:AE:96:F4:29:96:95:12:C5:2D:1D:8
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: FE A2 FD 02 DF CB AF 25 4E 1F D3 98 B9 2D 2A 08 .......%N....-*.
0010: 5F F9 0B DF _...
]
]
#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: FE A2 FD 02 DF CB AF 25 4E 1F D3 98 B9 2D 2A 08 .......%N....-*.
0010: 5F F9 0B DF _...
]
]
Trust this certificate? [no]: yes
Certificate was added to keystore
[root@itp-flink—master ~]# keytool -keystore keystore -alias localhost -import -file cert_signed
Enter keystore password:
Certificate reply was installed in keystore