最近测试OMADM1.2的时候,039,040两个case是关于TLS SSL的,搞的很迷惑,最近看了一下原来TLS几乎就是SSL,基本上一摸一样而已。
Sun.com上面看到
SSL was developed by Netscape in 1994, and with input from the Internet community, has evolved to become a standard. It is now under the control of the international standards organization, the Internet Engineering Task Force (IETF). The IETF has renamed SSL to Transport Layer Security (TLS), and released the first specification, version 1.0, in January 1999. TLS 1.0 is a modest upgrade to the most recent version of SSL, version 3.0. The differences between SSL 3.0 and TLS 1.0 are minor.
所以这2个case基本上测试一个就足够了。
另外tls本来就是传输层上的一个协议,所以要是用HTTPS的话,如果你用应用服务器,比如TOMCAT WBLOGIC,他们都支持SSL,根本不需要程序实现任何东西,只要你会使用keytool生成证书就可以了。
这块只是牵扯到JSSE,具体可以到http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html#Introduction看
Keytool其实再JRE/LIB/SECUTITY下面的包里面,
C:\j2sdk1.4.2_05\jre\lib\security>keytool
keytool 用法:
-certreq [-v] [-alias <alias>] [-sigalg <sigalg>]
[-file <csr_file>] [-keypass <keypass>]
[-keystore <keystore>] [-storepass <storepass>]
[-storetype <storetype>] [-provider <provider_class_name>] ...
-delete [-v] -alias <alias>
[-keystore <keystore>] [-storepass <storepass>]
[-storetype <storetype>] [-provider <provider_class_name>] ...
-export [-v] [-rfc] [-alias <alias>] [-file <cert_file>]
[-keystore <keystore>] [-storepass <storepass>]
[-storetype <storetype>] [-provider <provider_class_name>] ...
-genkey [-v] [-alias <alias>] [-keyalg <keyalg>]
[-keysize <keysize>] [-sigalg <sigalg>]
[-dname <dname>] [-validity <valDays>]
[-keypass <keypass>] [-keystore <keystore>]
[-storepass <storepass>] [-storetype <storetype>]
[-provider <provider_class_name>] ...
-help
-identitydb [-v] [-file <idb_file>] [-keystore <keystore>]
[-storepass <storepass>] [-storetype <storetype>]
[-provider <provider_class_name>] ...
-import [-v] [-noprompt] [-trustcacerts] [-alias <alias>]
[-file <cert_file>] [-keypass <keypass>]
[-keystore <keystore>] [-storepass <storepass>]
[-storetype <storetype>] [-provider <provider_class_name>] ...
-keyclone [-v] [-alias <alias>] -dest <dest_alias>
[-keypass <keypass>] [-new <new_keypass>]
[-keystore <keystore>] [-storepass <storepass>]
[-storetype <storetype>] [-provider <provider_class_name>] ...
-keypasswd [-v] [-alias <alias>]
[-keypass <old_keypass>] [-new <new_keypass>]
[-keystore <keystore>] [-storepass <storepass>]
[-storetype <storetype>] [-provider <provider_class_name>] ...
-list [-v | -rfc] [-alias <alias>]
[-keystore <keystore>] [-storepass <storepass>]
[-storetype <storetype>] [-provider <provider_class_name>] ...
-printcert [-v] [-file <cert_file>]
-selfcert [-v] [-alias <alias>] [-sigalg <sigalg>]
[-dname <dname>] [-validity <valDays>]
[-keypass <keypass>] [-keystore <keystore>]
[-storepass <storepass>] [-storetype <storetype>]
[-provider <provider_class_name>] ...
-storepasswd [-v] [-new <new_storepass>]
[-keystore <keystore>] [-storepass <storepass>]
[-storetype <storetype>] [-provider <provider_class_name>] ...
1:生成一个
C:\j2sdk1.4.2_05\jre\lib\security>keytool -genkey -alias duke -keyalg RSA -val
idity 10 -storetype jks -keystore trust1.jks
2:查看你刚才生成的证书
C:\j2sdk1.4.2_05\jre\lib\security>keytool -list -v -keystore trust1.jks
当然要输入密码了。
但是我不太明白服务器需要2个证书1个是custom identity keystore 一个是custom trust keystore为什么2个 的输入类型不一样,一个是KeyEntry另外一个是trustedCertEntry,这个流程到底是怎样的?申请证书->导入证书 还是不明白,请指教。
posted on 2007-07-04 17:43
小小程序程序员混口饭吃 阅读(1971)
评论(1) 编辑 收藏