# 生成 JKS 密钥
# keytool:JDK 目录中的可执行文件
# genkeypair:生成密钥对
# alias:别名
# keyalg:算法
# keysize:指定位数
# validity:有效天数
# keystore:密钥库
# storepass:密钥库口令,后续 keytool -importkeystore、openssl pkcs12 命令均需要输入此口令
# CN:您的名字与姓氏是什么?使用域名即可
# OU:您的组织单位名称是什么?
# O:您的组织名称是什么?
# L:您所在的城市或区域名称是什么?
# ST:您所在的省/市/自治区名称是什么?
# C:该单位的双字母国家/地区代码是什么?
# SAN:使用者可选名称,颁发给其他域名的配置。增加 IP:192.168.80.15 可颁发给 IP
keytool -genkeypair -alias spring-boot-http2 -keyalg RSA -keysize 4096 -validity 3650 -keystore spring-boot-http2.jks -storepass xuxiaowei \
-dname 'CN=*.example.com, OU=Sonatype, O=Sonatype, L=Unspecified, ST=Unspecified, C=US' \
-ext 'SAN=DNS:nexus.example.com,DNS:clm.example.com,DNS:repo.example.com,DNS:www.example.com'
# 示例
#keytool -genkeypair -alias xuxiaowei -keyalg RSA -keysize 4096 -validity 3650 -keystore xuxiaowei.jks -storepass xuxiaowei \
# -dname 'CN=xuxiaowei.com.cn, OU=xuxiaowei, O=xuxiaowei, L=ShanDong, ST=QingDao, C=CN' \
# -ext 'SAN=DNS:xuxiaowei.com.cn,DNS:*.xuxiaowei.com.cn,DNS:*.pages.xuxiaowei.com.cn,DNS:xuxiaowei.cloud,DNS:*.xuxiaowei.cloud,DNS:xuxiaowei.cn,DNS:*.xuxiaowei.cn,DNS:xuxiaowei.com,DNS:*.xuxiaowei.com,DNS:xuxiaowei.io,DNS:*.xuxiaowei.io,DNS:xuxiaowei.ltd,DNS:*.xuxiaowei.ltd,DNS:xxw.ac.cn,DNS:*.xxw.ac.cn,DNS:jihulab.io,DNS:*.jihulab.io'
# 迁移到行业标准格式 PKCS12
keytool -importkeystore -srckeystore spring-boot-http2.jks -destkeystore spring-boot-http2.p12 -srcstoretype JKS -deststoretype PKCS12
# PKCS12 提取证书(使用 .crt、.pem 均可)
openssl pkcs12 -in spring-boot-http2.p12 -nokeys -clcerts -out spring-boot-http2.crt
# PKCS12 提取私钥
openssl pkcs12 -in spring-boot-http2.p12 -nocerts -nodes -out spring-boot-http2.key
# 在Nginx或Tengine服务器安装 SSL证书(Linux)
# https://help.aliyun.com/zh/ssl-certificate/user-guide/install-ssl-certificates-on-nginx-servers-or-tengine-servers
# 在宝塔面板安装SSL证书
# https://help.aliyun.com/zh/ssl-certificate/user-guide/install-a-certificate-on-bt-panel
# 在Apache服务器安装SSL证书(Linux)
# https://help.aliyun.com/zh/ssl-certificate/user-guide/install-an-ssl-certificate-on-an-apache-server-that-runs-linux
# 在Tomcat服务器安装SSL证书(Linux)
# https://help.aliyun.com/zh/ssl-certificate/user-guide/install-an-ssl-certificate-on-a-tomcat-server-that-runs-linux
# 在Spring Boot应用安装SSL证书(Linux)
# https://help.aliyun.com/zh/ssl-certificate/user-guide/install-an-ssl-certificate-on-a-spring-boot-application-that-runs-linux
# 在Jetty服务器安装SSL证书(Linux)
# https://help.aliyun.com/zh/ssl-certificate/user-guide/install-an-ssl-certificate-on-a-jetty-server-that-runs-linux
# 在JBoss服务器安装SSL证书(Linux)
# https://help.aliyun.com/zh/ssl-certificate/user-guide/install-an-ssl-certificate-on-a-jboss-server-that-runs-linux
# 在GlassFish服务器安装SSL证书(Linux)
# https://help.aliyun.com/zh/ssl-certificate/user-guide/install-an-ssl-certificate-on-a-glassfish-server-that-runs-linux
# Python Flask应用程序安装SSL证书(Linux)
# https://help.aliyun.com/zh/ssl-certificate/user-guide/install-an-ssl-certificate-on-a-python-flask-application-that-runs-linux
# 在WordPress环境上安装SSL证书(Linux)
# https://help.aliyun.com/zh/ssl-certificate/user-guide/install-ssl-certificate-on-wordpress-environment
# 在Node.js环境安装SSL证书(Linux)
# https://help.aliyun.com/zh/ssl-certificate/user-guide/node-js-environment-install-ssl-certificate
# 在IIS服务器安装SSL证书(Windows)
# https://help.aliyun.com/zh/ssl-certificate/user-guide/install-an-ssl-certificate-on-an-iis-server-that-runs-windows
# 在Nginx服务器部署SSL证书(Windows)
# https://help.aliyun.com/zh/ssl-certificate/user-guide/install-an-ssl-certificate-on-an-nginx-server-that-runs-windows
# 在Apache服务器安装SSL证书(Windows)
# https://help.aliyun.com/zh/ssl-certificate/user-guide/install-an-ssl-certificate-on-an-apache-server-that-runs-windows
# 在Tomcat服务器安装SSL证书(Windows)
# https://help.aliyun.com/zh/ssl-certificate/user-guide/install-an-ssl-certificate-on-an-tomcat-server-that-runs-windows
# 在WebLogic服务器安装SSL证书(Windows)
# https://help.aliyun.com/zh/ssl-certificate/user-guide/install-an-ssl-certificate-on-an-weblogic-server-that-runs-windows