OpenSSL - 使用自己的CA签署证书

时间:2014-11-13 22:07:22

标签: java applet openssl ca jar-signing

我希望你能帮助我。我即将使用OpenSSL使用自创证书签署jar文件。 jar-File包含一个旧的Java-Applet,Java从版本7.51开始就阻塞(只要它没有签名)。签名后,我只需要安装证书(在系统/浏览器/ JRE中)。

现在我在签署认证请求时遇到问题(参见下面的“步骤7”):“无法加载证书”。通过这一步,我需要改变什么?此外,我不确定进一步的步骤(我也在下面添加)。你能告诉我这些是对的吗?

提前感谢您的帮助。

1。)创建文件夹结构

cd test
mkdir private certs newcerts conf export csr
echo '01' > serial
touch index.txt
export OPENSSL_CONF=/home/joerg/cacerts/myca/openssl.cnf

2.。)创建证书颁发机构

openssl req -new -x509 -days 3650 -keyform PEM -outform PEM -keyout test/private/cakey.pem -out test/cacert.pem

3。)将CA复制为可由Java密钥库管理的格式:

openssl x509 -outform der -in test/cacert.pem -out test/cacert.crt

4.)生成密钥库

keytool -genkey -keystore javakeystore.jks -alias test

5.。检查密钥库

keytool -list -keystore javakeystore.jks -storepass "whatever"

Keystore-Typ: JKS
Keystore-Provider: SUN

Keystore enthält 1 Eintrag

test, 13.11.2014, PrivateKeyEntry, 
Zertifikat-Fingerprint (SHA1): 38:D0:44:2A:35:C8:60:F1:CD:7F:0E:41:6D:E6:DC:23:7C:49:96:23

6。)创建认证请求

keytool -certreq -v -file test/certs/caRequest.csr -alias "test" -keystore javakeystore.jks -storepass "whatever"

7.。)使用CA签署证书

openssl ca -days 365 -in test/certs/caRequest.csr -out test/newcerts/caRequest.pem -policy policy_anything
Using configuration from /home/joerg/cacerts/myca/openssl.cnf
Enter pass phrase for /home/joerg/cacerts/myca/test/private/cakey.pem:
unable to load certificate
140116933408416:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE
~/cacerts/myca$

我的计划是继续这样:

8)

openssl x509 -in test/newcerts/caRequest.pem -out test/newcerts/caRequest.pem -outform PEM

9)。

openssl x509 -outform der -in test/newcerts/caRequest.pem -out test/newcerts/caRequest.crt

10.)连接证书链

cat test/newcerts/caRequest.pem test/cacert.pem > test/newcerts/caRequest.chain

11。)表示我信任此CA 

keytool -import -trustcacerts -file test/cacert.pem -alias test -keystore javakeystore.jks -storepass "whatever"

12。)将其导入您的密钥库

keytool -import -file test\newcerts\caRequest.chain -alias test1 -keystore javakeystore.jks -storepass "whatever"

13。)签名jar文件

jarsigner -keystore javakeystore.jks TestApplet.jar test

0 个答案:

没有答案
相关问题
最新问题