1. UU电玩城首页
  2. > 编程日记

ZooKeeper SSL User Guide

jxxchallenger 1年前 编程日记 阅读(14) 违法举报

 创建keyStore、trustStore文件:

Keystores are used in two different ways,
If the keystore contains private keys and public certificates that are signed by the private key which are used to authenticate themselves to the connecting party, that is called a keystore.
And if the keystore contains trusted SSL certificates, that is called a truststore.
We don’t keep private keys in a truststore.

I will be discussing the basic steps of creating PKCS12 trustores and keystores that can be used by a client and a server to authenticate via mutual SSL.

1. Create a keystore for the client

keytool -genkey -alias Client -keyalg RSA -keystore clientKeyStore.p12 -keysize 2048 -storeType PKCS12

2. Export the public cert of the client

keytool -export -keystore clientKeyStore.12 -alias Client -file client.crt

3. Create a keystore for the server

keytool -genkey -alias Server -keyalg RSA -keystore serverKeyStore.p12 -keysize 2048 -storeType PKCS12

4. Export the public cert of the server

keytool -export -keystore serverKeyStore.p12 -alias Server -file server.crt

5. Create a truststore for the client

keytool -genkey -alias ClientTrust -keyalg RSA -keystore clientTrustStore.p12 -keysize 2048 -storeType PKCS12

6. Create a truststore for the server

keytool -genkey -alias ServerTrust -keyalg RSA -keystore serverTrustStore.p12 -keysize 2048 -storeType PKCS12

7. Import the client public cert into the server truststore

keytool -import -keystore serverTrustStore.p12 -alias Client -file <path-to-client.crt>

8. Import the server public cert into the client truststore

keytool -import -keystore clientTrustStore.p12 -alias Server -file <path-to-server.crt>

9. Delete the existing private key of the server truststore

keytool -delete -alias serverTrust -keystore serverTrustStore.p12 -storepass <password>

10. Delete the existing private key of the client truststore

keytool -delete -alias clientTrust -keystore clientTrustStore.p12 -storepass <password>

ZooKeeper SSL User Guideicon-default.png?t=N7T8https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+GuideCertificate for doesn't match any of the subject alternative namesicon-default.png?t=N7T8https://stackoverflow.com/questions/50928061/certificate-for-localhost-doesnt-match-any-of-the-subject-alternative-names

 文章来源地址https://uudwc.com/A/jrzgD

原文地址:https://blog.csdn.net/jxchallenger/article/details/133253653

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处: 如若内容造成侵权/违法违规/事实不符,请联系站长进行投诉反馈,一经查实,立即删除!

h
上一篇 2023年10月02日 18:09
下一篇 2023年10月02日 20:39