-
Notifications
You must be signed in to change notification settings - Fork 50
/
Copy pathmymakecert.sh
executable file
·72 lines (60 loc) · 3.58 KB
/
mymakecert.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
#!/bin/bash
#
# 作者:邓燎燕
# 2015-12-25
#
# 要配置好iceca的ICE_CA_HOME环境变量
# 我的ca、server和client密码都是123456
echo "------------ iceca init --------------"
iceca init
echo "------------ iceca create server and client --------------"
iceca create --ip=8.8.8.8 --dns=www.baidu.com server
iceca create client
echo "------------ iceca export cert --------------"
iceca export --password 123456 --alias ca ./ca/ca.cer
iceca export --password 123456 --alias client ./ca/client.cer
iceca export --password 123456 --alias server ./ca/server.cer
echo "------------ iceca export jks --------------"
iceca export --password 123456 --alias ca ./ca/ca.jks
iceca export --password 123456 --alias client ./ca/client.jks
iceca export --password 123456 --alias server ./ca/server.jks
echo "------------ iceca export bks --------------"
iceca export --password 123456 --alias ca ./ca/ca.bks
iceca export --password 123456 --alias client ./ca/client.bks
iceca export --password 123456 --alias server ./ca/server.bks
echo "------------ iceca export p12 --------------"
iceca export --password 123456 --alias ca ./ca/ca.p12
iceca export --password 123456 --alias client ./ca/client.p12
iceca export --password 123456 --alias server ./ca/server.p12
echo "------------ keytool -import --------------"
keytool -import -v -trustcacerts -alias ca -file ./ca/ca.cer -storepass 123456 -keystore ./ca/server.jks
keytool -import -v -trustcacerts -alias ca -file ./ca/ca.cer -storepass 123456 -keystore ./ca/client.jks
keytool -import -v -trustcacerts -alias ca -file ./ca/ca.cer -storepass 123456 -keystore ./ca/server.bks -storetype bks -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath /usr/local/jdk7/jre/lib/ext/bcprov-jdk15on-153.jar
keytool -import -v -trustcacerts -alias ca -file ./ca/ca.cer -storepass 123456 -keystore ./ca/client.bks -storetype bks -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath /usr/local/jdk7/jre/lib/ext/bcprov-jdk15on-153.jar
echo "--------------------------"
keytool -list -keystore ./ca/ca.p12 -storetype pkcs12 -v -storepass 123456
echo "--------------------------"
keytool -list -keystore ./ca/ca.jks -storepass 123456 -v
echo "--------------------------"
keytool -list -keystore ./ca/ca.bks -storetype bks -storepass 123456 -v -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath /usr/local/jdk7/jre/lib/ext/bcprov-jdk15on-153.jar
echo "--------------------------"
keytool -list -keystore ./ca/server.p12 -storetype pkcs12 -v -storepass 123456
echo "--------------------------"
keytool -list -keystore ./ca/server.jks -storepass 123456 -v
echo "--------------------------"
keytool -list -keystore ./ca/server.bks -storetype bks -storepass 123456 -v -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath /usr/local/jdk7/jre/lib/ext/bcprov-jdk15on-153.jar
echo "--------------------------"
keytool -list -keystore ./ca/client.p12 -storetype pkcs12 -v -storepass 123456
echo "--------------------------"
keytool -list -keystore ./ca/client.jks -storepass 123456 -v
echo "--------------------------"
keytool -list -keystore ./ca/client.bks -storepass 123456 -v -storetype bks -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath /usr/local/jdk7/jre/lib/ext/bcprov-jdk15on-153.jar
echo ""
echo ""
echo "--------------------------"
echo "配置说明"
echo "Glacier2的配置IceSSL.CAs=ca.pem,IceSSL.CertFile=server.p12"
echo "纯Java客户端使用client.jks"
echo "Android客户端使用client.bks"
echo "iOS客户端使用ca.cer和client.p12,IceSSL.CAs=ca.cer,IceSSL.CertFile=client.p12"
echo ""