[Reproduced please indicate the source] :Blog.csdn.net/huahao1989/…
Mainstream Web services software certificates
In general, the mainstream Web services software is based on two basic cryptographic libraries, OpenSSL and Java.
Tomcat
,Weblogic
,JBoss
Such as Web services software, generalUse the password library provided by Java
. Use the Keytool in the Java Development Kit (JDK) toolkitJava Keystore (JKS) certificate file
.Apache
,Nginx
Such as Web services software, generalUse the password library provided by the OpenSSL tool
To generate thePEM
,KEY
,CRT
Certificate file in the format of.- IBM Web services products, such as
Websphere
,IBM Http Server (IHS)
And so on. IBM products are generally usedIKeyman tool
To generate theKDB
Format certificate file. - Microsoft Windows Server
Internet Information Services (IIS)
Service, using Windows own certificate library generationPFX
Format certificate file.
Check whether the certificate file is in text format or binary format
You can easily distinguish certificate files with suffix extensions by using the following methods:
.DER
or.CER
File: Such a certificate file is in binary format,Contains only certificate information
Contains no private key..CRT
File: Such a certificate fileIt can be binary or text format
, are generally text format, function and.DER
and.CER
The certificate files are the same..PEM
File: Such a certificate fileUsually in text format
, can hold a certificate or private key, or both..PEM
If the file contains only the private key, it is generally used.KEY
File instead..PFX
or.P12
File: Such a certificate file is in binary format, contains both the certificate and the private key, and is generally password protected.
Certificate Format Conversion
The figure above visually illustrates the conversion process among various certificates. As long as each step is successfully converted, other transformations are the combination of each step.
JKS and PFX transform into each other
You can use the keytool in the JDK to convert PFX certificates to JKS certificates.
Convert JKS format to PFX format
keytool -importkeystore -srckeystore server.jks -destkeystore server.pfx -srcstoretype JKS -deststoretype PKCS12
Copy the code
Convert PFX format to JKS format
keytool -importkeystore -srckeystore server.pfx -srcstoretype PKCS12 -srcstorepass {pfx-password} -destkeystore server.jks -deststoretype JKS -deststorepass {jks-password} -alias {key-alias}
Copy the code
PFX and KEY&CRT interconvert
The OpenSSL tool can be used to convert certificates to PFX formats.
Convert PFX to PEM/KEY/CRT
openssl pkcs12 -in server.pfx -nodes -out server.pem
openssl rsa -in server.pem -out server.key
openssl x509 -in server.pem -out server.crt
Copy the code
This step is used to generate a private key and CSR certificate file using the Keytool. In this way, you can separate the private key after obtaining the public key of the PEM certificate.
Convert PEM/KEY/CRT to PFX
openssl pkcs12 -export -out server.pfx -inkey server.key -in server.crt
Copy the code
Welcome to the “backend old bird” public account, the next will be a series of feature articles, including Java, Python, Linux, SpringBoot, SpringCloud, Dubbo, algorithms, technical team management, as well as a variety of brain maps and learning materials. NFC technology, search technology, crawler technology, recommendation technology, audio and video interactive live broadcast, as long as I have time to sort out and share, please look forward to, ready-made notes, brain maps and learning materials if you have requirements can also leave a message on the public account to obtain in advance. As I am in all the teams are basically in the role of breakthrough and pathfinding, made a lot of things, encountered many pits, solve a lot of problems, welcome everyone to add the public account into the group to exchange and learn together.
[Reproduced please indicate the source] :Blog.csdn.net/huahao1989/…