步骤一:生成orange.keystore和banana.keystore
keytool -genkey -alias orange -keyalg RSA -keysize 1024 -keypass kingkp -storepass kingsp -validity 365 -keystore d:/research/keystore/orange.keystore
后续输入6次orange,并按y确认生成
keytool -genkey -alias banana -keyalg RSA -keysize 1024 -keypass kingkp -storepass kingsp -validity 365 -keystore d:/research/keystore/banana.keystore
后续输入6次banana,并按y确认生成
步骤二:从orange.keystore和banana.keystore导出orange.cer和banana.cer
keytool -export -alias orange -keystore d:/research/keystore/orange.keystore -file d:/research/cer/orange.cer -storepass kingsp
keytool -export -alias banana -keystore d:/research/keystore/banana.keystore -file d:/research/cer/banana.cer -storepass kingsp
步骤三:复制orange.keystore并备份成orangeBak.keystore,等会用于比较
步骤四:把banana.cer证书导入到orange.keystore
keytool -import -file D:/research/cer/banana.cer -keystore D:/research/keystore/orange.keystore -alias banana
C:\Users\>keytool -import -file D:/research/cer/banana.cer -keystore D:/research/keystore/orange.keystore -alias banana
输入密钥库口令:
所有者: CN=banana, OU=banana, O=banana, L=banana, ST=banana, C=banana
发布者: CN=banana, OU=banana, O=banana, L=banana, ST=banana, C=banana
序列号: 8c15102
有效期开始日期: Thu Oct :: CST , 截止日期: Fri Oct :: CST
证书指纹:
MD5: E4:7F:::B5::AF::B2:::8B::3C::2E
SHA1: DD:::C3:::4C:BA:9D::BD::::::7A:AA:F8:
SHA256: B4:3C:1E:0A:9B:9E:::7B::::F4:C9:EC:FB::8F:AE::FD:2D:::A3:FA:FD::FE::F7:EF
签名算法名称: SHA256withRSA
版本: 扩展: #: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
: 1F 3F 5F C6 1D 2F DE AD 8A CB 9E .?)_.#.../.s....
: 5D 3B E3 ];i.
]
] 是否信任此证书? [否]: y
证书已添加到密钥库中
步骤四报错补充说明:
以下导入会导致步骤四报错:因为orange.keystore中已存在orange.cer证书
keytool -import -file D:/research/cer/orange.cer -keystore D:/research/keystore/orange.keystore -alias orange
以下导入会导致步骤四报错:因为orange.cer中没有banana这个别名
keytool -import -file D:/research/cer/banana.cer -keystore D:/research/keystore/orange.keystore -alias banana
以下导入会导致步骤四报错:因为没有指定keystore文件
keytool -import -file D:/research/cer/banana.cer -keystore D:/research/keystore/ -alias banana
步骤五:比较旧keystore和新合并的keystore差异
keytool -list -v -keystore d:/research/keystore/orangeBak.keystore -storepass kingsp
keytool -list -v -keystore d:/research/keystore/orange.keystore -storepass kingsp
显示结果如下:
keytool -list -v -keystore d:/research/keystore/orangeBak.keystore -storepass kingsp
C:\Users\>keytool -import -file D:/research/cer/banana.cer -keystore D:/research/keystore/orange.keystore -alias banana
输入密钥库口令: kingkp
所有者: CN=banana, OU=banana, O=banana, L=banana, ST=banana, C=banana
发布者: CN=banana, OU=banana, O=banana, L=banana, ST=banana, C=banana
序列号: 8c15102
有效期开始日期: Thu Oct :: CST , 截止日期: Fri Oct :: CST
证书指纹:
MD5: E4:7F:::B5::AF::B2:::8B::3C::2E
SHA1: DD:::C3:::4C:BA:9D::BD::::::7A:AA:F8:
SHA256: B4:3C:1E:0A:9B:9E:::7B::::F4:C9:EC:FB::8F:AE::FD:2D:::A3:FA:FD::FE::F7:EF
签名算法名称: SHA256withRSA
版本: 扩展: #: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
: 1F 3F 5F C6 1D 2F DE AD 8A CB 9E .?)_.#.../.s....
: 5D 3B E3 ];i.
]
] 是否信任此证书? [否]: y
证书已添加到密钥库中 C:\Users\>keytool -list -v -keystore d:/research/keystore/orangeBak.keystore -storepass kingsp 密钥库类型: JKS
密钥库提供方: SUN 您的密钥库包含 个条目 别名: orange
创建日期: --
条目类型: PrivateKeyEntry
证书链长度:
证书[]:
所有者: CN=orange, OU=orange, O=orange, L=orange, ST=orange, C=orange
发布者: CN=orange, OU=orange, O=orange, L=orange, ST=orange, C=orange
序列号:
有效期开始日期: Thu Oct :: CST , 截止日期: Fri Oct :: CST
证书指纹:
MD5: :8A:CA:1D:::7B::FC::3B:AC:BA:B7::
SHA1: 8C:BB::8D:DD:0A:::C7:A5:AB::::::F6:::6C
SHA256: :2D:2D:3B::::AB::C7::9D:3A::C7:C2:8F:0B:DD::F1::E3:::8E:C1::EF:8D:AE:D4
签名算法名称: SHA256withRSA
版本: 扩展: #: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
: F5 E0 C4 5E B5 3D B8 F8 1E DB E8 ...^..=...%.. ..
: AE C3 1B ..'.
]
] *******************************************
*******************************************
keytool -list -v -keystore d:/research/keystore/orange.keystore -storepass kingsp
C:\Users\>keytool -list -v -keystore d:/research/keystore/orange.keystore -storepass kingsp 密钥库类型: JKS
密钥库提供方: SUN 您的密钥库包含 个条目 别名: banana
创建日期: --
条目类型: trustedCertEntry 所有者: CN=banana, OU=banana, O=banana, L=banana, ST=banana, C=banana
发布者: CN=banana, OU=banana, O=banana, L=banana, ST=banana, C=banana
序列号: 8c15102
有效期开始日期: Thu Oct :: CST , 截止日期: Fri Oct :: CST
证书指纹:
MD5: E4:7F:::B5::AF::B2:::8B::3C::2E
SHA1: DD:::C3:::4C:BA:9D::BD::::::7A:AA:F8:
SHA256: B4:3C:1E:0A:9B:9E:::7B::::F4:C9:EC:FB::8F:AE::FD:2D:::A3:FA:FD::FE::F7:EF
签名算法名称: SHA256withRSA
版本: 扩展: #: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
: 1F 3F 5F C6 1D 2F DE AD 8A CB 9E .?)_.#.../.s....
: 5D 3B E3 ];i.
]
] *******************************************
******************************************* 别名: orange
创建日期: --
条目类型: PrivateKeyEntry
证书链长度:
证书[]:
所有者: CN=orange, OU=orange, O=orange, L=orange, ST=orange, C=orange
发布者: CN=orange, OU=orange, O=orange, L=orange, ST=orange, C=orange
序列号:
有效期开始日期: Thu Oct :: CST , 截止日期: Fri Oct :: CST
证书指纹:
MD5: :8A:CA:1D:::7B::FC::3B:AC:BA:B7::
SHA1: 8C:BB::8D:DD:0A:::C7:A5:AB::::::F6:::6C
SHA256: :2D:2D:3B::::AB::C7::9D:3A::C7:C2:8F:0B:DD::F1::E3:::8E:C1::EF:8D:AE:D4
签名算法名称: SHA256withRSA
版本: 扩展: #: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
: F5 E0 C4 5E B5 3D B8 F8 1E DB E8 ...^..=...%.. ..
: AE C3 1B ..'.
]
] *******************************************
*******************************************
对比后可以看到新的密钥库已经变成了2个条目的keystore