Keytool 设置主机名
我只是尝试使用 java keytool,但我不知道如何设置主机名。
这就是我尝试的方式:
hostname[username:/this/is/a/path][640]% keytool -keystore server.keystore -genkeypair -alias hostname
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: hostname
What is the name of your organizational unit?
[Unknown]: hostname
What is the name of your organization?
[Unknown]: hostname
What is the name of your City or Locality?
[Unknown]: hostname
What is the name of your State or Province?
[Unknown]: hostname
What is the two-letter country code for this unit?
[Unknown]: CA
Is CN=hostname, OU=hostname, O=hostname, L=hostname, ST=hostname, C=CA correct?
[no]: yes
Enter key password for <hostname>
(RETURN if same as keystore password):
hostname[username:/this/is/a/path][641]%
既然我已将所有字段设置为主机名,我可以假设我的主机名设置为主机名吗?
I am just attempting to use the java keytool but I cannot figure out how to set the hostname.
This is what is how I am attempting:
hostname[username:/this/is/a/path][640]% keytool -keystore server.keystore -genkeypair -alias hostname
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: hostname
What is the name of your organizational unit?
[Unknown]: hostname
What is the name of your organization?
[Unknown]: hostname
What is the name of your City or Locality?
[Unknown]: hostname
What is the name of your State or Province?
[Unknown]: hostname
What is the two-letter country code for this unit?
[Unknown]: CA
Is CN=hostname, OU=hostname, O=hostname, L=hostname, ST=hostname, C=CA correct?
[no]: yes
Enter key password for <hostname>
(RETURN if same as keystore password):
hostname[username:/this/is/a/path][641]%
Since I have set all fields to hostname can I assume that my hostname is set to hostname?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
CN=主机名 - 这是这里要求您的第一个选项。令人困惑的是 keytool 将其称为“名字和姓氏”。
CN=hostname - it's the first option you're being asked for here. It's confusing that keytool refers to it as "first and last name".
根据RFC 2818“HTTP over TLS”的第3.1节“服务器身份”,客户端应该将服务器证书中主题 DN(专有名称)的 CN(通用名称)部分与 URL 中的 DNS 主机名进行比较。
因此,请使用通用名称(CN)作为主机名(keytool 的第一个问题)。
According to the section 3.1 "Server Identity" of RFC 2818 "HTTP over TLS", a client is supposed to compare the CN (Common Name) portion of the subject DN (Distinguished Name) in the server certificate to the DNS host name in the URL.
So use the Common Name (CN) for the hostname (the first question of the keytool).
SAN(主题备用名称)也很好用。
keytool ...... -ext "SAN=DNS:"
SAN=IP: 也是可能的。
这些条目也将在主机名验证中再次检查,并使您的服务器可以拥有一份证书,即使它具有多个 DNS 名称。
Also good to use, SAN (Subject Alternative Name).
keytool ...... -ext "SAN=DNS:"
SAN=IP: is also possible.
Those entries will be checked again in hostname verification, too, and make it possible to have one certificate for your server, even if it hast more than one DNS name.