隨筆-109  評論-187  文章-25  trackbacks-0
           

          最近測試OMADM1.2的時候,039040兩個case是關于TLS SSL的,搞的很迷惑,最近看了一下原來TLS幾乎就是SSL,基本上一摸一樣而已。

          Sun.com上面看到

          SSL was developed by Netscape in 1994, and with input from the Internet community, has evolved to become a standard. It is now under the control of the international standards organization, the Internet Engineering Task Force (IETF). The IETF has renamed SSL to Transport Layer Security (TLS), and released the first specification, version 1.0, in January 1999. TLS 1.0 is a modest upgrade to the most recent version of SSL, version 3.0. The differences between SSL 3.0 and TLS 1.0 are minor.

           

          所以這2case基本上測試一個就足夠了。

          另外tls本來就是傳輸層上的一個協議,所以要是用HTTPS的話,如果你用應用服務器,比如TOMCAT WBLOGIC,他們都支持SSL,根本不需要程序實現任何東西,只要你會使用keytool生成證書就可以了。

           

          這塊只是牽扯到JSSE,具體可以到http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html#Introduction

          Keytool其實再JRE/LIB/SECUTITY下面的包里面,

          C:\j2sdk1.4.2_05\jre\lib\security>keytool

          keytool 用法:

           

          -certreq     [-v] [-alias <alias>] [-sigalg <sigalg>]

                       [-file <csr_file>] [-keypass <keypass>]

                       [-keystore <keystore>] [-storepass <storepass>]

                       [-storetype <storetype>] [-provider <provider_class_name>] ...

           

          -delete      [-v] -alias <alias>

                       [-keystore <keystore>] [-storepass <storepass>]

                       [-storetype <storetype>] [-provider <provider_class_name>] ...

           

          -export      [-v] [-rfc] [-alias <alias>] [-file <cert_file>]

                       [-keystore <keystore>] [-storepass <storepass>]

                       [-storetype <storetype>] [-provider <provider_class_name>] ...

           

          -genkey      [-v] [-alias <alias>] [-keyalg <keyalg>]

                       [-keysize <keysize>] [-sigalg <sigalg>]

                       [-dname <dname>] [-validity <valDays>]

                       [-keypass <keypass>] [-keystore <keystore>]

                       [-storepass <storepass>] [-storetype <storetype>]

                       [-provider <provider_class_name>] ...

           

          -help

           

          -identitydb [-v] [-file <idb_file>] [-keystore <keystore>]

                       [-storepass <storepass>] [-storetype <storetype>]

                       [-provider <provider_class_name>] ...

           

          -import      [-v] [-noprompt] [-trustcacerts] [-alias <alias>]

                       [-file <cert_file>] [-keypass <keypass>]

                       [-keystore <keystore>] [-storepass <storepass>]

                       [-storetype <storetype>] [-provider <provider_class_name>] ...

           

          -keyclone    [-v] [-alias <alias>] -dest <dest_alias>

                       [-keypass <keypass>] [-new <new_keypass>]

                       [-keystore <keystore>] [-storepass <storepass>]

                       [-storetype <storetype>] [-provider <provider_class_name>] ...

           

          -keypasswd   [-v] [-alias <alias>]

                       [-keypass <old_keypass>] [-new <new_keypass>]

                       [-keystore <keystore>] [-storepass <storepass>]

                       [-storetype <storetype>] [-provider <provider_class_name>] ...

           

          -list        [-v | -rfc] [-alias <alias>]

                       [-keystore <keystore>] [-storepass <storepass>]

                       [-storetype <storetype>] [-provider <provider_class_name>] ...

           

          -printcert   [-v] [-file <cert_file>]

           

          -selfcert    [-v] [-alias <alias>] [-sigalg <sigalg>]

                       [-dname <dname>] [-validity <valDays>]

                       [-keypass <keypass>] [-keystore <keystore>]

                       [-storepass <storepass>] [-storetype <storetype>]

                       [-provider <provider_class_name>] ...

           

          -storepasswd [-v] [-new <new_storepass>]

                       [-keystore <keystore>] [-storepass <storepass>]

                       [-storetype <storetype>] [-provider <provider_class_name>] ...

           

           

          1:生成一個

          C:\j2sdk1.4.2_05\jre\lib\security>keytool -genkey -alias duke -keyalg RSA   -val

          idity 10 -storetype jks -keystore trust1.jks

          2:查看你剛才生成的證書

          C:\j2sdk1.4.2_05\jre\lib\security>keytool -list -v -keystore trust1.jks

          當然要輸入密碼了。

          但是我不太明白服務器需要2個證書1個是custom identity keystore 一個是custom trust keystore為什么2 的輸入類型不一樣,一個是KeyEntry另外一個是trustedCertEntry,這個流程到底是怎樣的?申請證書->導入證書 還是不明白,請指教。

          posted on 2007-07-04 17:43 小小程序程序員混口飯吃 閱讀(1988) 評論(1)  編輯  收藏

          評論:
          # re: weblogic ssl 2007-09-28 21:17 | guest
          目前也在想這個東西,不知道你現在明白了沒?如果清楚了能否解釋下,thx!  回復  更多評論
            

          只有注冊用戶登錄后才能發表評論。


          網站導航:
           
          主站蜘蛛池模板: 祁东县| 屏东县| 新营市| 海原县| 沧州市| 五指山市| 繁昌县| 麻城市| 平罗县| 石楼县| 韶关市| 仁怀市| 汪清县| 吉首市| 铁岭县| 饶阳县| 普安县| 德江县| 安义县| 读书| 昌宁县| 乐安县| 高碑店市| 高州市| 仪征市| 三原县| 茶陵县| 邳州市| 区。| 河东区| 从江县| 元江| 岳西县| 惠水县| 延边| 陵川县| 安图县| 霍州市| 囊谦县| 西乌珠穆沁旗| 玉树县|