本文是配合上文《JSSE和GnuTLS配合來實現Java和C的安全通信》如何生成證書的:
CA:
private key: ca.ericsson.com.key
cert: ca.ericsson.com.cert
crl: ca.ericsson.com.crl
IMS collectd:
private key: collectd.IMS.ericsson.com.key
cert: collectd.IMS.ericsson.com.cert
certtool --generate-privkey --rsa --outfile ca.ericsson.com.key
certtool --generate-self-signed --load-privkey ca.ericsson.com.key --template ca_template.cfg --outfile ca.ericsson.com.cert
certtool --generate-crl --load-ca-privkey ca.ericsson.com.key --load-ca-certificate ca.ericsson.com.cert --outfile ca.ericsson.com.crl
certtool --generate-privkey --rsa --outfile collectd.IMS.ericsson.com.key
certtool --generate-request --load-privkey collectd.IMS.ericsson.com.key --template collectd_template.cfg --outfile collectd.IMS.ericsson.com.csr
certtool --generate-certificate --load-request collectd.IMS.ericsson.com.csr --load-ca-certificate ca.ericsson.com.cert --load-ca-privkey ca.ericsson.com.key --template collectd_template.cfg --outfile collectd.IMS.ericsson.com.cert
keytool -importcert -file collectd.IMS.ericsson.com.cert -keystore keystore.jks -alias "Alias"
keytool -importcert -file ca.ericsson.com.cert -keystore truststore.jks -alias "TrustAlias"
GnuTLS 的詳細介紹:請點這裡
GnuTLS 的下載地址:請點這裡