jks创建:
#!/bin/bash #Step 1 keytool -keystore server.keystore.jks -alias localhost -validity 365 -keyalg RSA -genkey -storepass passwd1 #Step 2 openssl genrsa -out ca-key 2048 openssl req -new -x509 -days 365 -key ca-key -out ca-cert keytool -keystore server.truststore.jks -alias CARoot -import -file ca-cert -storepass passwd1 keytool -keystore client.truststore.jks -alias CARoot -import -file ca-cert -storepass passwd1 #Step 3 keytool -keystore server.keystore.jks -alias localhost -certreq -file cert-file -storepass passwd1 openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file -out cert-signed -days 365 -CAcreateserial keytool -keystore server.keystore.jks -alias CARoot -import -file ca-cert -storepass passwd1 keytool -keystore server.keystore.jks -alias localhost -import -file cert-signed -storepass passwd1 jks证书转换 keytool -export -alias localhost -file server.crt -keystore server.keystore.jks -storepass passwd1 jks私钥转换 keytool -v -importkeystore -srckeystore server.keystore.jks -srcstoretype jks -srcstorepass passwd1 -destkeystore server.pfx -deststoretype pkcs12 -deststorepass passwd2 openssl pkcs12 -in server.pfx -nocerts -nodes -out priv.key -password pass:passwd2 标签:keystore,x509,ca,server,pem,cert,file,jks From: https://www.cnblogs.com/Janly/p/17127425.html