https 双向认证配置:
1、生成服务器端密钥库 :
keytool -genkey -keyalg RSA -dname "cn=rtsm.nfcstore.com.cn,ou=a,o=a,l=a,st=a,c=cn" -alias server -keypass 123456 -keystore rhg_server.keystore -storepass 123456 -validity 365
2、导出服务端证书:
keytool -export -alias server -file nxp.crt -keystore rhg_server.keystore -storepass 123456 -rfc
3、生成浏览器(只能是PKCS12格式)证书
keytool -genkey -keyalg RSA -dname "cn=abc,ou=a,o=a,l=a,st=a,c=cn" -alias mock -storetype PKCS12 -keypass 123456 -keystore mock.p12 -storepass 123456 -validity 365
4. 导出浏览器证书
keytool -export -alias mock -file mock.crt -keystore mock.p12 -storepass 123456 -storetype PKCS12 -rfc
5、添加客户端证书到服务器中
keytool -import -v -alias mock -file mock.crt -keystore rhg_server.keystore -storepass 123456
6、添加服务端证书到客户端中
keytool -import -v -alias server -file nxp.crt -keystore mockTrust -storepass 123456
7. 查看证书内容
keytool -list -v -keystore rkmsTrust.keystore -storepass 123456
8. 删除证书
keytool -delete -alias xxx -keystore xxxx.keystore -storepass 123456
9. 修改keypass
keytool -keypasswd -alias xxx -keypass xxx -new 12345 -keystore xxx.keystore -storepass 123456
10. 修改storepass
keytool -storepasswd -keystore xxx.keystore -storepass 123456 -new xxx
Android BKS 证书
keytool -genkey -alias android -keypass 123456 -keyalg RSA -keysize 1024 -validity 365 -keystore android.keystore -storepass 123456 -dname "cn=android, ou=a, o=a, l=a, c=CN" -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider
keytool -export -alias android -file android.crt -keystore android.keystore -storetype BKS -storepass 123456 -provider org.bouncycastle.jce.provider.BouncyCastleProvider
keytool -import -v -alias rhgkms -file rhgkms.crt -keystore androidTrust.keystore -storetype BKS -storepass 123456 -provider org.bouncycastle.jce.provider.BouncyCastleProvider