随笔-109  评论-187  文章-25  trackbacks-0
 

最近测试OMADM1.2的时候,039040两个case是关于TLS SSL的,搞的很迷惑,最近看了一下原来TLS几乎就是SSL,基本上一摸一样而已。

Sun.com上面看到

SSL was developed by Netscape in 1994, and with input from the Internet community, has evolved to become a standard. It is now under the control of the international standards organization, the Internet Engineering Task Force (IETF). The IETF has renamed SSL to Transport Layer Security (TLS), and released the first specification, version 1.0, in January 1999. TLS 1.0 is a modest upgrade to the most recent version of SSL, version 3.0. The differences between SSL 3.0 and TLS 1.0 are minor.

 

所以这2case基本上测试一个就足够了。

另外tls本来就是传输层上的一个协议,所以要是用HTTPS的话,如果你用应用服务器,比如TOMCAT WBLOGIC,他们都支持SSL,根本不需要程序实现任何东西,只要你会使用keytool生成证书就可以了。

 

这块只是牵扯到JSSE,具体可以到http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html#Introduction

Keytool其实再JRE/LIB/SECUTITY下面的包里面,

C:\j2sdk1.4.2_05\jre\lib\security>keytool

keytool 用法:

 

-certreq     [-v] [-alias <alias>] [-sigalg <sigalg>]

             [-file <csr_file>] [-keypass <keypass>]

             [-keystore <keystore>] [-storepass <storepass>]

             [-storetype <storetype>] [-provider <provider_class_name>] ...

 

-delete      [-v] -alias <alias>

             [-keystore <keystore>] [-storepass <storepass>]

             [-storetype <storetype>] [-provider <provider_class_name>] ...

 

-export      [-v] [-rfc] [-alias <alias>] [-file <cert_file>]

             [-keystore <keystore>] [-storepass <storepass>]

             [-storetype <storetype>] [-provider <provider_class_name>] ...

 

-genkey      [-v] [-alias <alias>] [-keyalg <keyalg>]

             [-keysize <keysize>] [-sigalg <sigalg>]

             [-dname <dname>] [-validity <valDays>]

             [-keypass <keypass>] [-keystore <keystore>]

             [-storepass <storepass>] [-storetype <storetype>]

             [-provider <provider_class_name>] ...

 

-help

 

-identitydb [-v] [-file <idb_file>] [-keystore <keystore>]

             [-storepass <storepass>] [-storetype <storetype>]

             [-provider <provider_class_name>] ...

 

-import      [-v] [-noprompt] [-trustcacerts] [-alias <alias>]

             [-file <cert_file>] [-keypass <keypass>]

             [-keystore <keystore>] [-storepass <storepass>]

             [-storetype <storetype>] [-provider <provider_class_name>] ...

 

-keyclone    [-v] [-alias <alias>] -dest <dest_alias>

             [-keypass <keypass>] [-new <new_keypass>]

             [-keystore <keystore>] [-storepass <storepass>]

             [-storetype <storetype>] [-provider <provider_class_name>] ...

 

-keypasswd   [-v] [-alias <alias>]

             [-keypass <old_keypass>] [-new <new_keypass>]

             [-keystore <keystore>] [-storepass <storepass>]

             [-storetype <storetype>] [-provider <provider_class_name>] ...

 

-list        [-v | -rfc] [-alias <alias>]

             [-keystore <keystore>] [-storepass <storepass>]

             [-storetype <storetype>] [-provider <provider_class_name>] ...

 

-printcert   [-v] [-file <cert_file>]

 

-selfcert    [-v] [-alias <alias>] [-sigalg <sigalg>]

             [-dname <dname>] [-validity <valDays>]

             [-keypass <keypass>] [-keystore <keystore>]

             [-storepass <storepass>] [-storetype <storetype>]

             [-provider <provider_class_name>] ...

 

-storepasswd [-v] [-new <new_storepass>]

             [-keystore <keystore>] [-storepass <storepass>]

             [-storetype <storetype>] [-provider <provider_class_name>] ...

 

 

1:生成一个

C:\j2sdk1.4.2_05\jre\lib\security>keytool -genkey -alias duke -keyalg RSA   -val

idity 10 -storetype jks -keystore trust1.jks

2:查看你刚才生成的证书

C:\j2sdk1.4.2_05\jre\lib\security>keytool -list -v -keystore trust1.jks

当然要输入密码了。

但是我不太明白服务器需要2个证书1个是custom identity keystore 一个是custom trust keystore为什么2 的输入类型不一样,一个是KeyEntry另外一个是trustedCertEntry,这个流程到底是怎样的?申请证书->导入证书 还是不明白,请指教。

posted on 2007-07-04 17:43 小小程序程序员混口饭吃 阅读(1819) 评论(1)  编辑  收藏

评论:
# re: weblogic ssl 2007-09-28 21:17 | guest
目前也在想这个东西,不知道你现在明白了没?如果清楚了能否解释下,thx!  回复  更多评论
  

只有注册用户登录后才能发表评论。


网站导航: