1. 生成keystore
- 我这里所有需要输入的密码都是azkaban
- 建议回答的问题是最后的CN,其他可以选择性的填,不填的话直接回车就可以,最后的确认信息回复y是必填的
[hadoop@beh07 conf]$ keytool -genkey -keystore keystore -alias jetty-azkaban -keyalg RSA -validity 3560
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: Jed
What is the name of your organizational unit?
[Unknown]:
What is the name of your organization?
[Unknown]:
What is the name of your City or Locality?
[Unknown]: Beijing
What is the name of your State or Province?
[Unknown]: Beijing
What is the two-letter country code for this unit?
[Unknown]: CN
Is CN=Jed, OU=Unknown, O=Unknown, L=Beijing, ST=Beijing, C=CN correct?
[no]: y
Enter key password for <jetty-azkaban>
(RETURN if same as keystore password):
Re-enter new password:
[hadoop@beh07 conf]$ keytool -export -alias jetty-azkaban -keystore keystore -rfc -file selfsignedcert.cer
Enter keystore password:
Certificate stored in file <selfsignedcert.cer>
2. 生成truststore
[hadoop@beh07 conf]$ keytool -import -alias certificatekey -file selfsignedcert.cer -keystore truststore
Enter keystore password:
Re-enter new password:
Owner: CN=Jed, OU=Unknown, O=Unknown, L=Beijing, ST=Beijing, C=CN
Issuer: CN=Jed, OU=Unknown, O=Unknown, L=Beijing, ST=Beijing, C=CN
Serial number: 2e6a45b4
Valid from: Fri Aug 23 13:59:03 CST 2019 until: Tue May 22 13:59:03 CST 2029
Certificate fingerprints:
MD5: 60:59:8C:F3:51:78:7D:0F:37:5B:06:5F:9A:DC:B3:D4
SHA1: F8:16:A3:F0:25:A2:FB:D2:FA:B4:DE:43:5A:3F:B8:4B:40:48:87:32
SHA256: 0D:07:B4:46:D8:6B:A8:B6:3B:B6:23:92:05:DE:CF:C4:7C:EA:D9:03:ED:3B:F4:B1:43:4B:74:89:5E:35:2F:6A
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: F2 3D 1F 15 39 31 33 8D B2 77 B0 2B E7 14 71 D4 .=..913..w.+..q.
0010: 93 17 95 BE ....
]
]
Trust this certificate? [no]: y
Certificate was added to keystore
最后在你执行命令的目录下会生成3个文件:
keystore
selfsignedcert.cer
truststore