最近測試OMADM1.2的時候,039,040兩個case是關(guān)于TLS SSL的,搞的很迷惑,最近看了一下原來TLS幾乎就是SSL,基本上一摸一樣而已。
Sun.com上面看到
SSL was developed by Netscape in 1994, and with input from the Internet community, has evolved to become a standard. It is now under the control of the international standards organization, the Internet Engineering Task Force (IETF). The IETF has renamed SSL to Transport Layer Security (TLS), and released the first specification, version 1.0, in January 1999. TLS 1.0 is a modest upgrade to the most recent version of SSL, version 3.0. The differences between SSL 3.0 and TLS 1.0 are minor.
所以這2個case基本上測試一個就足夠了。
另外tls本來就是傳輸層上的一個協(xié)議,所以要是用HTTPS的話,如果你用應(yīng)用服務(wù)器,比如TOMCAT WBLOGIC,他們都支持SSL,根本不需要程序?qū)崿F(xiàn)任何東西,只要你會使用keytool生成證書就可以了。
這塊只是牽扯到JSSE,具體可以到http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html#Introduction看
Keytool其實再JRE/LIB/SECUTITY下面的包里面,
C:\j2sdk1.4.2_05\jre\lib\security>keytool
keytool 用法:
-certreq [-v] [-alias <alias>] [-sigalg <sigalg>]
[-file <csr_file>] [-keypass <keypass>]
[-keystore <keystore>] [-storepass <storepass>]
[-storetype <storetype>] [-provider <provider_class_name>] ...
-delete [-v] -alias <alias>
[-keystore <keystore>] [-storepass <storepass>]
[-storetype <storetype>] [-provider <provider_class_name>] ...
-export [-v] [-rfc] [-alias <alias>] [-file <cert_file>]
[-keystore <keystore>] [-storepass <storepass>]
[-storetype <storetype>] [-provider <provider_class_name>] ...
-genkey [-v] [-alias <alias>] [-keyalg <keyalg>]
[-keysize <keysize>] [-sigalg <sigalg>]
[-dname <dname>] [-validity <valDays>]
[-keypass <keypass>] [-keystore <keystore>]
[-storepass <storepass>] [-storetype <storetype>]
[-provider <provider_class_name>] ...
-help
-identitydb [-v] [-file <idb_file>] [-keystore <keystore>]
[-storepass <storepass>] [-storetype <storetype>]
[-provider <provider_class_name>] ...
-import [-v] [-noprompt] [-trustcacerts] [-alias <alias>]
[-file <cert_file>] [-keypass <keypass>]
[-keystore <keystore>] [-storepass <storepass>]
[-storetype <storetype>] [-provider <provider_class_name>] ...
-keyclone [-v] [-alias <alias>] -dest <dest_alias>
[-keypass <keypass>] [-new <new_keypass>]
[-keystore <keystore>] [-storepass <storepass>]
[-storetype <storetype>] [-provider <provider_class_name>] ...
-keypasswd [-v] [-alias <alias>]
[-keypass <old_keypass>] [-new <new_keypass>]
[-keystore <keystore>] [-storepass <storepass>]
[-storetype <storetype>] [-provider <provider_class_name>] ...
-list [-v | -rfc] [-alias <alias>]
[-keystore <keystore>] [-storepass <storepass>]
[-storetype <storetype>] [-provider <provider_class_name>] ...
-printcert [-v] [-file <cert_file>]
-selfcert [-v] [-alias <alias>] [-sigalg <sigalg>]
[-dname <dname>] [-validity <valDays>]
[-keypass <keypass>] [-keystore <keystore>]
[-storepass <storepass>] [-storetype <storetype>]
[-provider <provider_class_name>] ...
-storepasswd [-v] [-new <new_storepass>]
[-keystore <keystore>] [-storepass <storepass>]
[-storetype <storetype>] [-provider <provider_class_name>] ...
1:生成一個
C:\j2sdk1.4.2_05\jre\lib\security>keytool -genkey -alias duke -keyalg RSA -val
idity 10 -storetype jks -keystore trust1.jks
2:查看你剛才生成的證書
C:\j2sdk1.4.2_05\jre\lib\security>keytool -list -v -keystore trust1.jks
當(dāng)然要輸入密碼了。
但是我不太明白服務(wù)器需要2個證書1個是custom identity keystore 一個是custom trust keystore為什么2個 的輸入類型不一樣,一個是KeyEntry另外一個是trustedCertEntry,這個流程到底是怎樣的?申請證書->導(dǎo)入證書 還是不明白,請指教。
posted on 2007-07-04 17:43
小小程序程序員混口飯吃 閱讀(1995)
評論(1) 編輯 收藏