https自制证书详解及okhttp3访问自制证书连接

2019-04-02 09:36

Https可行性分析

方正国际软件有限公司 2017年06月22日

服务器端调整 .......................................................................................................................... 2 1.1 生成CA证书 .................................................................................................................... 2

1.1.1 创建私钥 .................................................................................................................. 2 1.1.2 创建证书请求 .......................................................................................................... 2 1.1.3 自签署证书 .............................................................................................................. 2 1.1.4 证书导出成浏览器支持的.p12格式 ...................................................................... 3 1.2 生成server证书 .............................................................................................................. 3

1.2.1 创建私钥 .................................................................................................................. 3 1.2.2 创建证书请求 .......................................................................................................... 3 1.2.3 自签署证书 .............................................................................................................. 3 1.2.4 将证书导成支持的.p12格式 .................................................................................. 4 1.3 生成client证书................................................................................................................ 4

1.3.1 创建私钥 .................................................................................................................. 4 1.3.2 创建证书请求 .......................................................................................................... 4 1.3.3 自签署证书 .............................................................................................................. 5 1.3.4 将证书导成浏览器支持的.p12格式 ...................................................................... 5 1.4 根据CA证书生成JKS文件 ............................................................................................. 5 1.5 配置tomcat ssl ................................................................................................................. 5 1.6 验证ssl配置 .................................................................................................................... 5 2

Okhttp端调整 .......................................................................................................................... 6 2.1 第三方签发证书 .............................................................................................................. 6 2.2 自制证书 .......................................................................................................................... 6

2.2.1 访问 .......................................................................................................................... 7

插图和附表清单

图 1 .......................................................................................................................................... 6

修改记录

序号日期作者修改记录评审 1 2017-06-20 张长东创建 1

1.1

服务器端调整

生成CA证书

目前不使用第三方权威机构的CA来认证，自己充当CA的角色。需要工具：openssl（先安装openssl）

1.1.1 创建私钥

C:\\OpenSSL\\bin>openssl genrsa -out ca/ca-key.pem 1024 注：现在bin下创建ca文件夹

1.1.2 创建证书请求

C:\\OpenSSL\\bin>openssl req -new -out ca/ca-req.csr -key ca/ca-key.pem

-----

Country Name (2 letter code) [AU]:cn

State or Province Name (full name) [Some-State]:zhejiang Locality Name (eg, city) []:hangzhou

Organization Name (eg, company) [Internet Widgits Pty Ltd]:skyvision Organizational Unit Name (eg, section) []:test Common Name (eg, YOUR name) []:root Email Address []:sky

1.1.3 自签署证书

C:\\OpenSSL\\bin>openssl x509 -req -in ca/ca-req.csr -out ca/ca-cert.pem -signkey ca/ca-key.pem -days 3650

共2页:

https自制证书详解及okhttp3访问自制证书连接.doc 将本文的Word文档下载到电脑下载失败或者文档不完整，请联系客服人员解决！

下载这篇word文档