keytool(1) | ¥»¥¥å¥ê¥Æ¥£¡¦¥Ä¡¼¥ë | keytool(1) |
̾Á°
keytool - °Å¹æ²½¸°¡¢X.509¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤ª¤è¤Ó¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¤ò´Þ¤à¥¡¼¥¹¥È¥¢(¥Ç¡¼¥¿¥Ù¡¼¥¹)¤ò´ÉÍý¤·¤Þ¤¹¡£
³µÍ×
keytool [commands]
commands
ÀâÌÀ
keytool¥³¥Þ¥ó¥É¤Ï¡¢¸°¤È¾ÚÌÀ½ñ¤ò´ÉÍý¤¹¤ë¤¿¤á¤Î¥æ¡¼¥Æ¥£¥ê¥Æ¥£¤Ç¤¹¡£¤³¤ì¤Ë¤è¤ê¡¢¥æ¡¼¥¶¡¼¤Ï¼«Ê¬¤Î¸ø³«¸°¤ÈÈëÌ©¸°¤Î¥Ú¥¢¤ª¤è¤Ó´ØÏ¢¤¹¤ë¾ÚÌÀ½ñ¤ò´ÉÍý¤·¡¢¥Ç¥¸¥¿¥ë½ð̾¤ò»ÈÍѤ·¤¿¼«¸Êǧ¾Ú(¾¤Î¥æ¡¼¥¶¡¼¤Þ¤¿¤Ï¥µ¡¼¥Ó¥¹¤ËÂФ·¤Æ¼«Ê¬¼«¿È¤òǧ¾Ú¤¹¤ë¤³¤È)¤ä¡¢¥Ç¡¼¥¿¤ÎÀ°¹çÀ¤È¾ÚÌÀ½ñ¤Ë´Ø¤¹¤ë¥µ¡¼¥Ó¥¹¤òÍøÍѤ¹¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£keytool¥³¥Þ¥ó¥É¤Ç¤Ï¡¢ÄÌ¿®¤·¤Æ¤¤¤ë¥Ô¥¢¤Î¸ø³«¸°¤ò¥¥ã¥Ã¥·¥å¤¹¤ë¤³¤È¤â¤Ç¤¤Þ¤¹(¾ÚÌÀ½ñ¤Î¥Õ¥©¡¼¥à¤Ç)¡£
¾ÚÌÀ½ñ¤È¤Ï¡¢¤¢¤ë¥¨¥ó¥Æ¥£¥Æ¥£(¿Íʪ¡¢²ñ¼Ò¤Ê¤É)¤«¤é¤Î¥Ç¥¸¥¿¥ë½ð̾ÉÕ¤¤Îʸ½ñ¤Î¤³¤È¤Ç¤¹¡£¾ÚÌÀ½ñ¤Ë¤Ï¡¢Â¾¤Î¤¢¤ë¥¨¥ó¥Æ¥£¥Æ¥£¤Î¸ø³«¸°(¤ª¤è¤Ó¤½¤Î¾¤Î¾ðÊó)¤¬ÆÃÊ̤ÊÃͤò»ý¤Ã¤Æ¤¤¤ë¤³¤È¤¬½ñ¤«¤ì¤Æ¤¤¤Þ¤¹¡£(¾ÚÌÀ½ñ¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£)¥Ç¡¼¥¿¤Ë¥Ç¥¸¥¿¥ë½ð̾¤¬ÉÕ¤¤¤Æ¤¤¤ë¾ì¹ç¤Ï¡¢¥Ç¥¸¥¿¥ë½ð̾¤ò¸¡¾Ú¤¹¤ë¤³¤È¤Ç¡¢¥Ç¡¼¥¿¤ÎÀ°¹çÀ¤ª¤è¤Ó¥Ç¡¼¥¿¤¬ËÜʪ¤Ç¤¢¤ë¤³¤È¤ò¥Á¥§¥Ã¥¯¤Ç¤¤Þ¤¹¡£¥Ç¡¼¥¿¤ÎÀ°¹çÀ¤È¤Ï¡¢¥Ç¡¼¥¿¤¬Êѹ¹¤µ¤ì¤¿¤ê¡¢²þÊѤµ¤ì¤¿¤ê¤·¤Æ¤¤¤Ê¤¤¤³¤È¤ò°ÕÌ£¤·¤Þ¤¹¡£¤Þ¤¿¡¢¥Ç¡¼¥¿¤¬ËÜʪ¤Ç¤¢¤ë¤È¤Ï¡¢¤½¤Î¥Ç¡¼¥¿¤¬¡¢¥Ç¡¼¥¿¤òºîÀ®¤·¤Æ½ð̾¤·¤¿¤È¾Î¤¹¤ë¿Íʪ¤«¤éÅϤµ¤ì¤¿¥Ç¡¼¥¿¤Ç¤¢¤ë¤³¤È¤ò°ÕÌ£¤·¤Þ¤¹¡£
¤Þ¤¿¡¢keytool¥³¥Þ¥ó¥É¤ò»ÈÍѤ¹¤ì¤Ð¡¢ÂоΰŹ沽/Éü¹æ²½(DES)¤Ç»ÈÍѤµ¤ì¤ëÈëÌ©¸°¤ª¤è¤Ó¥Ñ¥¹¥Õ¥ì¡¼¥º¤ò´ÉÍý¤¹¤ë¤³¤È¤â¤Ç¤¤Þ¤¹¡£
keytool¥³¥Þ¥ó¥É¤Ï¡¢¸°¤È¾ÚÌÀ½ñ¤ò¥¡¼¥¹¥È¥¢¤Ë³ÊǼ¤·¤Þ¤¹¡£¥¡¼¥¹¥È¥¢¤ÎÊÌ̾¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£
¥³¥Þ¥ó¥É¤È¥ª¥×¥·¥ç¥ó¤Ë´Ø¤¹¤ëÃí°Õ
ÍÍ¡¹¤Ê¥³¥Þ¥ó¥É¤È¤½¤ÎÀâÌÀ¤Ë¤Ä¤¤¤Æ¤Ï¡¢¥³¥Þ¥ó¥É¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£
keytool -printcert {-file cert_file} {-v}
-printcert¥³¥Þ¥ó¥É¤ò»ØÄꤹ¤ë¾ì¹ç¤Ï¡¢cert_file¤ò¼ÂºÝ¤Î¥Õ¥¡¥¤¥ë̾¤ÇÃÖ¤´¹¤¨¤Þ¤¹¡£Îã: keytool -printcert -file VScert.cer
¥ª¥×¥·¥ç¥ó¤Î¥Ç¥Õ¥©¥ë¥ÈÃÍ
¼¡¤ÎÎã¤Ç¡¢ÍÍ¡¹¤Ê¥ª¥×¥·¥ç¥óÃͤΥǥե©¥ë¥ÈÃͤò¼¨¤·¤Þ¤¹¡£
-alias "mykey" -keyalg "DSA" (when using -genkeypair) "DES" (when using -genseckey) -keysize 2048 (when using -genkeypair and -keyalg is "RSA") 1024 (when using -genkeypair and -keyalg is "DSA") 256 (when using -genkeypair and -keyalg is "EC") 56 (when using -genseckey and -keyalg is "DES") 168 (when using -genseckey and -keyalg is "DESede") -validity 90 -keystore <the file named .keystore in the user's home directory> -storetype <the value of the "keystore.type" property in the security properties file, which is returned by the static getDefaultType method in java.security.KeyStore> -file stdin (if reading) stdout (if writing) -protected false
¸ø³«/ÈëÌ©¸°¥Ú¥¢¤ÎÀ¸À®¤Ë¤ª¤¤¤Æ¡¢½ð̾¥¢¥ë¥´¥ê¥º¥à(-sigalg¥ª¥×¥·¥ç¥ó)¤Ï¡¢´ð¤Ë¤Ê¤ëÈëÌ©¸°¤Î¥¢¥ë¥´¥ê¥º¥à¤«¤éÇÉÀ¸¤·¤Þ¤¹¡£
-keyalg¤ª¤è¤Ó-sigalg°ú¿ô¤Î´°Á´¤Ê¥ê¥¹¥È¤Ë¤Ä¤¤¤Æ¤Ï¡¢ http://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html#AppA¤Î¡ÖJava Cryptography Architecture (JCA) Reference Guide¡×¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£
°ìÈÌ¥ª¥×¥·¥ç¥ó
-v¥ª¥×¥·¥ç¥ó¤Ï¡¢-help¥³¥Þ¥ó¥É¤ò½ü¤¯¤¹¤Ù¤Æ¤Î¥³¥Þ¥ó¥É¤Ç»ÈÍѤǤ¤Þ¤¹¡£-v¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤¿¾ì¹ç¡¢¥³¥Þ¥ó¥É¤Ï¾éĹ¥â¡¼¥É¤Ç¼Â¹Ô¤µ¤ì¡¢¾ÜºÙ¤Ê¾ðÊ󤬽ÐÎϤµ¤ì¤Þ¤¹¡£
Ǥ°Õ¤Î¥³¥Þ¥ó¥É¤Ç»ØÄê¤Ç¤¤ë-Jjavaoption°ú¿ô¤â¤¢¤ê¤Þ¤¹¡£-Jjavaoption¤ò»ØÄꤷ¤¿¾ì¹ç¡¢»ØÄꤵ¤ì¤¿javaoptionʸ»úÎó¤¬Java¥¤¥ó¥¿¥×¥ê¥¿¤ËľÀÜÅϤµ¤ì¤Þ¤¹¡£¤³¤Î¥ª¥×¥·¥ç¥ó¤Ë¤Ï¡¢¶õÇò¤ò´Þ¤á¤ë¤³¤È¤Ï¤Ç¤¤Þ¤»¤ó¡£¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¡¢¼Â¹Ô´Ä¶¤Þ¤¿¤Ï¥á¥â¥ê¡¼»ÈÍѤòÄ´À°¤¹¤ë¾ì¹ç¤ËÊØÍø¤Ç¤¹¡£»ØÄê¤Ç¤¤ë¥¤¥ó¥¿¥×¥ê¥¿¡¦¥ª¥×¥·¥ç¥ó¤ò°ìÍ÷ɽ¼¨¤¹¤ë¤Ë¤Ï¡¢¥³¥Þ¥ó¥É¹Ô¤Çjava -h¤Þ¤¿¤Ïjava -X¤ÈÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£
¼¡¤Î¥ª¥×¥·¥ç¥ó¤Ï¡¢¥¡¼¥¹¥È¥¢¤ËÂФ¹¤ëÁàºî¤ò¹Ô¤¦¤¹¤Ù¤Æ¤Î¥³¥Þ¥ó¥É¤Ç»ØÄê¤Ç¤¤Þ¤¹¡£
-storetype storetype
-keystore keystore
ÆÃÄê¤Îkeytool¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ëºÝ¤Ë¡¢JKS storetype¤¬»ÈÍѤµ¤ì¡¢¤«¤Ä¥¡¼¥¹¥È¥¢¡¦¥Õ¥¡¥¤¥ë¤¬¤Þ¤À¸ºß¤·¤Æ¤¤¤Ê¤«¤Ã¤¿¾ì¹ç¡¢¿·¤·¤¤¥¡¼¥¹¥È¥¢¡¦¥Õ¥¡¥¤¥ë¤¬ºîÀ®¤µ¤ì¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢keytool -genkeypair¤Î¸Æ½Ð¤·»þ¤Ë-keystore¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Ê¤«¤Ã¤¿¾ì¹ç¡¢.keystore¤È¤¤¤¦Ì¾Á°¤Î¥Ç¥Õ¥©¥ë¥È¡¦¥¡¼¥¹¥È¥¢¡¦¥Õ¥¡¥¤¥ë¤¬¥æ¡¼¥¶¡¼¤Î¥Û¡¼¥à¡¦¥Ç¥£¥ì¥¯¥È¥êÆâ¤Ë¤Þ¤À¸ºß¤·¤Æ¤¤¤Ê¤±¤ì¤Ð¡¢¤½¤³¤ËºîÀ®¤µ¤ì¤Þ¤¹¡£Æ±Íͤˡ¢-keystore ks_file¤È¤¤¤¦¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Æ¤â¤½¤Îks_file¤¬Â¸ºß¤·¤Ê¤«¤Ã¤¿¾ì¹ç¡¢¤½¤Î¥Õ¥¡¥¤¥ë¤¬ºîÀ®¤µ¤ì¤Þ¤¹¡£JKS storetype¤Î¾ÜºÙ¤Ï¡¢¤ÎKeyStore¤Î¼ÂÁõ¥¡¼¥¹¥È¥¢¤ÎÊÌ̾¤Ë´Ø¤¹¤ë¹à¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£
-keystore¥ª¥×¥·¥ç¥ó¤«¤é¤ÎÆþÎÏ¥¹¥È¥ê¡¼¥à¤Ï¡¢KeyStore.load¥á¥½¥Ã¥É¤ËÅϤµ¤ì¤Þ¤¹¡£URL¤È¤·¤ÆNONE¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ï¡¢null¤Î¥¹¥È¥ê¡¼¥à¤¬KeyStore.load¥á¥½¥Ã¥É¤ËÅϤµ¤ì¤Þ¤¹¡£NONE¤Ï¡¢KeyStore¤¬¥Õ¥¡¥¤¥ë¥Ù¡¼¥¹¤Ç¤Ï¤Ê¤¤¾ì¹ç¤Ë»ØÄꤷ¤Æ¤¯¤À¤µ¤¤¡£¤¿¤È¤¨¤Ð¡¢¥Ï¡¼¥É¥¦¥§¥¢¡¦¥È¡¼¥¯¥ó¡¦¥Ç¥Ð¥¤¥¹¾å¤Ë¸ºß¤·¤Æ¤¤¤ë¾ì¹ç¤Ê¤É¤Ç¤¹¡£
-storepass[:env| :file] argument
½¤¾þ»Òenv¤Þ¤¿¤Ïfile¤ò»ØÄꤷ¤Ê¤¤¾ì¹ç¡¢¥Ñ¥¹¥ï¡¼¥É¤ÎÃͤÏargument¤Ë¤Ê¤ê¤Þ¤¹¡£¤³¤ÎÃͤϡ¢6ʸ»ú°Ê¾å¤Ë¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¤½¤ì°Ê³°¤Î¾ì¹ç¡¢¥Ñ¥¹¥ï¡¼¥É¤Ï¼¡¤Î¤è¤¦¤Ë¤·¤Æ¼èÆÀ¤µ¤ì¤Þ¤¹¡£
Ãí°Õ: -keypass¡¢-srckeypass¡¢-destkeypass¡¢-srcstorepass¡¢-deststorepass¤Ê¤É¤Î¥Ñ¥¹¥ï¡¼¥É¤òɬÍפȤ¹¤ë¤½¤Î¾¤Î¥ª¥×¥·¥ç¥ó¤Ï¤¹¤Ù¤Æ¡¢env¤ª¤è¤Ófile½¤¾þ»Ò¤ò¼õ¤±ÉÕ¤±¤Þ¤¹¡£¥Ñ¥¹¥ï¡¼¥É¡¦¥ª¥×¥·¥ç¥ó¤È½¤¾þ»Ò¤Ï¡¢É¬¤º¥³¥í¥ó(:)¤Ç¶èÀڤäƤ¯¤À¤µ¤¤¡£
¥Ñ¥¹¥ï¡¼¥É¤Ï¡¢¥¡¼¥¹¥È¥¢¤ÎÆâÍƤ˥¢¥¯¥»¥¹¤¹¤ë¤¹¤Ù¤Æ¤Î¥³¥Þ¥ó¥É¤Ç»ÈÍѤµ¤ì¤Þ¤¹¡£¤³¤Î¼ï¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¤È¤¤Ë¡¢¥³¥Þ¥ó¥É¹Ô¤Ç-storepass¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï¡¢¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£
¥¡¼¥¹¥È¥¢¤«¤é¾ðÊó¤ò¼èÆÀ¤¹¤ë¾ì¹ç¡¢¥Ñ¥¹¥ï¡¼¥É¤Ï¾Êά²Äǽ¤Ç¤¹¡£¥Ñ¥¹¥ï¡¼¥É¤¬»ØÄꤵ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¡¢¼èÆÀ¤·¤¿¾ðÊó¤ÎÀ°¹çÀ¤ò¸¡¾Ú¤Ç¤¤º¡¢·Ù¹ð¤¬É½¼¨¤µ¤ì¤Þ¤¹¡£
-providerName provider_name
-providerClass provider_class_name
-providerArg provider_arg
-protected
-ext {name{:critical} {=value}}
̾Á°ÉÕ¤¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó
keytool¥³¥Þ¥ó¥É¤Ï¡¢¼¡¤Î̾Á°¤Î¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤ò¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Þ¤¹¡£Ì¾Á°¤ÎÂç/¾®Ê¸»ú¤Ï¶èÊ̤µ¤ì¤Þ¤»¤ó¡£
BC¤Þ¤¿¤ÏBasicContraints
KU¤Þ¤¿¤ÏKeyUsage
EKU¤Þ¤¿¤ÏExtendedKeyUsage
SAN¤Þ¤¿¤ÏSubjectAlternativeName
IAN¤Þ¤¿¤ÏIssuerAlternativeName
SIA¤Þ¤¿¤ÏSubjectInfoAccess
AIA¤Þ¤¿¤ÏAuthorityInfoAccess
name¤¬OID¤Î¾ì¹ç¡¢OCTET STRING¥¿¥¤¥×¤ÈŤµ¤Î¥Ð¥¤¥È¤ò½ü³°¤·¤¿¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤Ë¤Ä¤¤¤Æ¤Ï¡¢ÃͤÏextnValue¤Î16¿Ê¥À¥ó¥×¤ÎDER¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°¤Ç¤¹¡£HEXʸ»úÎó¤Ç¤Ï¡¢É¸½à¤Î16¿Ê¿ô(0-9¡¢a-f¡¢A-F)°Ê³°¤Îʸ»ú¤Ï̵»ë¤µ¤ì¤Þ¤¹¡£¤·¤¿¤¬¤Ã¤Æ¡¢01:02:03:04¤È01020304¤ÎξÊý¤È¤âƱ°ì¤ÎÃͤȤ·¤Æ¼õ¤±ÉÕ¤±¤é¤ì¤Þ¤¹¡£Ãͤ¬¤Ê¤¤¾ì¹ç¡¢¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤ÎÃÍ¥Õ¥£¡¼¥ë¥É¤Ï¶õ¤Ë¤Ê¤ê¤Þ¤¹¡£
-gencert¤Ç¤Î¤ß»ÈÍѤ¹¤ëhonored¤È¤¤¤¦ÆÃÊ̤Ê̾Á°¤Ï¡¢¾ÚÌÀ½ñ¥ê¥¯¥¨¥¹¥È¤Ë´Þ¤Þ¤ì¤ë¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤òÍ¥À褹¤ëÊýË¡¤ò¼¨¤·¤Þ¤¹¡£¤³¤Î̾Á°¤ÎÃͤϡ¢all(¥ê¥¯¥¨¥¹¥È¤µ¤ì¤ë¤¹¤Ù¤Æ¤Î¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤¬Í¥À褵¤ì¤ë)¡¢name{:[critical|non-critical]}(̾Á°ÉÕ¤¤Î¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤¬Í¥À褵¤ì¤ë¤¬¡¢Ê̤ÎisCritical°À¤ò»ÈÍѤ¹¤ë)¡¢¤ª¤è¤Ó-name(all¤È¤È¤â¤Ë»ÈÍѤ·¡¢Îã³°¤ò¼¨¤¹)¤Î¥«¥ó¥Þ¶èÀÚ¤ê¥ê¥¹¥È¤Ç¤¹¡£¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢¥ê¥¯¥¨¥¹¥È¤µ¤ì¤ë¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤ÏÍ¥À褵¤ì¤Þ¤»¤ó¡£
-ext honored¥ª¥×¥·¥ç¥ó¤Ë²Ã¤¨¡¢Ê̤Î̾Á°¤Î¡¢¤Þ¤¿¤ÏOID -ext¤Î¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤¿¾ì¹ç¤Ï¡¢¤³¤Î¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤¬¡¢¤¹¤Ç¤ËÍ¥À褵¤ì¤Æ¤¤¤ë¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤ËÄɲ䵤ì¤Þ¤¹¡£¤¿¤À¤·¡¢¤³¤Î̾Á°(¤Þ¤¿¤ÏOID)¤òÍ¥À褵¤ì¤ëÃͤǤâ»ÈÍѤ·¤¿¾ì¹ç¤Ï¡¢¤½¤ÎÃͤȽÅÍ×À¤¬¥ê¥¯¥¨¥¹¥È¤Ë´Þ¤Þ¤ì¤ë¤â¤Î¤ò¥ª¡¼¥Ð¡¼¥é¥¤¥É¤·¤Þ¤¹¡£
subjectKeyIdentifier¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤Ï¾ï¤ËºîÀ®¤µ¤ì¤Þ¤¹¡£¼«¸Ê½ð̾¤Ç¤Ê¤¤¾ÚÌÀ½ñ¤Î¾ì¹ç¤Ï¡¢authorityKeyIdentifier¤¬ºîÀ®¤µ¤ì¤Þ¤¹¡£
Ãí°Õ: ¥æ¡¼¥¶¡¼¤Ï¡¢¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó(¤ª¤è¤Ó¾ÚÌÀ½ñ¤Î¾¤Î¥Õ¥£¡¼¥ë¥É)¤ÎÁȹ礻¤Ë¤è¤Ã¤Æ¤Ï¡¢¥¤¥ó¥¿¡¼¥Í¥Ã¥È¤Îɸ½à¤Ë½àµò¤·¤Ê¤¤¾ì¹ç¤¬¤¢¤ë¤³¤È¤ËÃí°Õ¤·¤Æ¤¯¤À¤µ¤¤¡£¾ÚÌÀ½ñ¤Î½àµò¤Ë´Ø¤¹¤ë·Ù¹ð¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£
¥³¥Þ¥ó¥É
-gencert
{-rfc} {-infile infile} {-outfile outfile} {-alias alias} {-sigalg sigalg}
{-dname dname} {-startdate startdate {-ext ext}* {-validity valDays}
[-keypass keypass] {-keystore keystore} [-storepass storepass]
{-storetype storetype} {-providername provider_name}
{-providerClass provider_class_name {-providerArg provider_arg}}
{-v} {-protected} {-Jjavaoption}
sigalgÃͤˤϡ¢¾ÚÌÀ½ñ¤Ë½ð̾¤òÉÕ¤±¤ë¤È¤¤Ë»ÈÍѤ¹¤ë¥¢¥ë¥´¥ê¥º¥à¤ò»ØÄꤷ¤Þ¤¹¡£startdate°ú¿ô¤Ï¡¢¾ÚÌÀ½ñ¤Î͸ú³«»ÏÆü»þ¤Ç¤¹¡£valDays°ú¿ô¤Ï¡¢¾ÚÌÀ½ñ¤Î͸úÆü¿ô¤ò¼¨¤·¤Þ¤¹¡£
dname¤ò»ØÄꤹ¤ë¤È¡¢À¸À®¤µ¤ì¤ë¾ÚÌÀ½ñ¤Î¼çÂΤȤ·¤Æ»ÈÍѤµ¤ì¤Þ¤¹¡£¤½¤ì°Ê³°¤Î¾ì¹ç¤Ï¡¢¾ÚÌÀ½ñ¥ê¥¯¥¨¥¹¥È¤«¤é¤Î̾Á°¤¬»ÈÍѤµ¤ì¤Þ¤¹¡£
extÃͤϡ¢¾ÚÌÀ½ñ¤ËËä¤á¹þ¤Þ¤ì¤ëX.509¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤ò¼¨¤·¤Þ¤¹¡£-ext¤Î¹½Ê¸¤Ë¤Ä¤¤¤Æ¤Ï¡¢°ìÈÌ¥ª¥×¥·¥ç¥ó¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£
-gencert¥ª¥×¥·¥ç¥ó¤ò»ÈÍѤ¹¤ë¤È¡¢¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤òºîÀ®¤Ç¤¤Þ¤¹¡£¼¡¤ÎÎã¤Ç¤Ï¡¢e1¤È¤¤¤¦¾ÚÌÀ½ñ¤òºîÀ®¤·¤Þ¤¹¡£¤³¤Î¾ÚÌÀ½ñ¤Î¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Ë¤Ï¡¢3¤Ä¤Î¾ÚÌÀ½ñ¤¬´Þ¤Þ¤ì¤Æ¤¤¤Þ¤¹¡£
¼¡¤Î¥³¥Þ¥ó¥É¤Ï¡¢ca¡¢ca1¡¢ca2¤ª¤è¤Óe1¤Î4¤Ä¤Î¸°¥Ú¥¢¤òºîÀ®¤·¤Þ¤¹¡£
keytool -alias ca -dname CN=CA -genkeypair keytool -alias ca1 -dname CN=CA -genkeypair keytool -alias ca2 -dname CN=CA -genkeypair keytool -alias e1 -dname CN=E1 -genkeypair
keytool -alias ca1 -certreq | keytool -alias ca -gencert -ext san=dns:ca1 | keytool -alias ca1 -importcert keytool -alias ca2 -certreq | $KT -alias ca1 -gencert -ext san=dns:ca2 | $KT -alias ca2 -importcert
keytool -alias e1 -certreq | keytool -alias ca2 -gencert > e1.cert
-genkeypair
{-alias alias} {-keyalg keyalg} {-keysize keysize} {-sigalg sigalg}
[-dname dname] [-keypass keypass] {-startdate value} {-ext ext}*
{-validity valDays} {-storetype storetype} {-keystore keystore}
[-storepass storepass]
{-providerClass provider_class_name {-providerArg provider_arg}}
{-v} {-protected} {-Jjavaoption}
keyalgÃͤϸ°¥Ú¥¢¤ÎÀ¸À®¤Ë»ÈÍѤ¹¤ë¥¢¥ë¥´¥ê¥º¥à¤ò¡¢keysizeÃͤÏÀ¸À®¤¹¤ë³Æ¸°¤Î¥µ¥¤¥º¤ò¡¢¤½¤ì¤¾¤ì»ØÄꤷ¤Þ¤¹¡£sigalgÃͤϡ¢¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Ë½ð̾¤òÉÕ¤±¤ë¤¿¤á¤Ë»ÈÍѤ¹¤ë¥¢¥ë¥´¥ê¥º¥à¤ò»ØÄꤷ¤Þ¤¹¡£¤³¤Î¥¢¥ë¥´¥ê¥º¥à¤ÏkeyalgÃͤȸߴ¹À¤¬¤¢¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
dnameÃͤˤϡ¢aliasÃͤ˴ØÏ¢ÉÕ¤±¡¢¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Îissuer¥Õ¥£¡¼¥ë¥É¤Èsubject¥Õ¥£¡¼¥ë¥É¤È¤·¤Æ»ÈÍѤ¹¤ëX.500¼±ÊÌ̾¤ò»ØÄꤷ¤Þ¤¹¡£¥³¥Þ¥ó¥É¹Ô¤Ç¼±ÊÌ̾¤ò»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï¡¢¼±ÊÌ̾¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£
keypassÃͤˤϡ¢À¸À®¤µ¤ì¤ë¸°¤Î¥Ú¥¢¤Î¤¦¤Á¡¢ÈëÌ©¸°¤òÊݸ¤ë¤Î¤Ë»ÈÍѤ¹¤ë¥Ñ¥¹¥ï¡¼¥É¤ò»ØÄꤷ¤Þ¤¹¡£¥Ñ¥¹¥ï¡¼¥É¤ò»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï¡¢¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£¤³¤Î¤È¤¡¢[Return]¥¡¼¤ò²¡¤¹¤È¡¢¥¡¼¥¹¥È¥¢¤Î¥Ñ¥¹¥ï¡¼¥É¤ÈƱ¤¸¥Ñ¥¹¥ï¡¼¥É¤¬¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤ËÀßÄꤵ¤ì¤Þ¤¹¡£keypassÃͤϡ¢6ʸ»ú°Ê¾å¤Ë¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
startdateÃͤˤϡ¢¾ÚÌÀ½ñ¤Îȯ¹Ô»þ¹ï¤ò»ØÄꤷ¤Þ¤¹¡£¤³¤ì¤Ï¡¢X.509¾ÚÌÀ½ñ¤Î¡ÖValidity¡×¥Õ¥£¡¼¥ë¥É¤Î¡ÖNot Before¡×ÃͤȤâ¸Æ¤Ð¤ì¤Þ¤¹¡£
¥ª¥×¥·¥ç¥ó¤ÎÃͤϡ¢¼¡¤Î2¤Ä¤Î·Á¼°¤Î¤¤¤º¤ì¤«¤ÇÀßÄê¤Ç¤¤Þ¤¹¡£
([+-]nnn[ymdHMS])+
[yyyy/mm/dd] [HH:MM:SS]
ºÇ½é¤Î·Á¼°¤Ç¤Ï¡¢È¯¹Ô»þ¹ï¤Ï¡¢»ØÄꤵ¤ì¤ëÃͤÎʬ¡¢¸½ºß¤Î»þ¹ï¤«¤é°Ü¤ê¤Þ¤¹¡£»ØÄꤵ¤ì¤ëÃͤϡ¢°ìÏ¢¤Î²¼°Ì¤ÎÃͤòÏ¢·ë¤·¤¿¤â¤Î¤Ë¤Ê¤ê¤Þ¤¹¡£²¼°Ì¤Î³ÆÃͤǡ¢¥×¥é¥¹µ¹æ(¡Ö+¡×)¤Ï»þ´Ö¤¬¿Ê¤à¤³¤È¤ò¡¢¥Þ¥¤¥Ê¥¹µ¹æ(¡Ö-¡×)¤Ï»þ´Ö¤¬Ìá¤ë¤³¤È¤ò°ÕÌ£¤·¤Æ¤¤¤Þ¤¹¡£°Ü¤ë»þ´Ö¤Ïnnn¤Ç¡¢Ã±°Ì¤Ïǯ¡¢·î¡¢Æü¡¢»þ´Ö¡¢Ê¬¤Þ¤¿¤ÏÉäǤ¹(¤½¤ì¤¾¤ì¡¢1ʸ»ú¤Îy¡¢m¡¢d¡¢H¡¢M¤Þ¤¿¤ÏS¡×¤Ç¼¨¤µ¤ì¤Æ¤¤¤Þ¤¹)¡£²¼°Ì¤Î³ÆÃͤÇjava.util.GregorianCalendar.add(int field, int amount)¥á¥½¥Ã¥É¤ò»ÈÍѤ¹¤ë¤³¤È¤Ç¡¢È¯¹Ô»þ¹ï¤ÎÄɲäÎÃͤ¬º¸¤«¤é±¦¤Ø·×»»¤µ¤ì¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢»ØÄꤹ¤ë¤È¡¢È¯¹Ô»þ¹ï¤Ï¼¡¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£
Calendar c = new GregorianCalendar(); c.add(Calendar.YEAR, -1); c.add(Calendar.MONTH, 1); c.add(Calendar.DATE, -1); return c.getTime()
¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤Ê¤¤¤È¡¢³«»ÏÆüÉդϸ½ºß¤Î»þ¹ï¤Ë¤Ê¤ê¤Þ¤¹¡£¥ª¥×¥·¥ç¥ó¤Ï¡¢ºÇÂç¤Ç1²ó»ØÄê¤Ç¤¤Þ¤¹¡£
valDays¤ÎÃͤˤϡ¢¾ÚÌÀ½ñ¤Î͸úÆü¿ô¤ò»ØÄꤷ¤Þ¤¹(-startdate¤Ç»ØÄꤵ¤ì¤¿ÆüÉÕ¡¢¤Þ¤¿¤Ï-startdate¤¬»ØÄꤵ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¸½ºß¤ÎÆüÉÕ¤«¤é»Ï¤Þ¤ê¤Þ¤¹)¡£
¤³¤Î¥³¥Þ¥ó¥É¤Ï¡¢°ÊÁ°¤Î¥ê¥ê¡¼¥¹¤Ç¤Ï-genkey¤È¤¤¤¦Ì¾Á°¤Ç¤·¤¿¡£¤³¤Î¥ê¥ê¡¼¥¹¤Ç¤Ï¡¢°ú¤Â³¤¸Å¤¤Ì¾Á°¤¬¥µ¥Ý¡¼¥È¤µ¤ì¤Æ¤¤¤Þ¤¹¡£º£¸å¤Ï¡¢¿·¤·¤¤Ì¾Á°-genkeypair¤¬Í¥À褵¤ì¤Þ¤¹¡£
-genseckey
{-alias alias} {-keyalg keyalg} {-keysize keysize} [-keypass keypass]
{-storetype storetype} {-keystore keystore} [-storepass storepass]
{-providerClass provider_class_name {-providerArg provider_arg}} {-v}
{-protected} {-Jjavaoption}
keyalgÃͤϸ°¥Ú¥¢¤ÎÀ¸À®¤Ë»ÈÍѤ¹¤ë¥¢¥ë¥´¥ê¥º¥à¤ò¡¢keysizeÃͤÏÀ¸À®¤¹¤ë³Æ¸°¤Î¥µ¥¤¥º¤ò¡¢¤½¤ì¤¾¤ì»ØÄꤷ¤Þ¤¹¡£keypassÃͤϡ¢ÈëÌ©¸°¤òÊݸ¤ë¥Ñ¥¹¥ï¡¼¥É¤Ç¤¹¡£¥Ñ¥¹¥ï¡¼¥É¤ò»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï¡¢¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£¤³¤Î¤È¤¡¢[Return]¥¡¼¤ò²¡¤¹¤È¡¢keystore¤Î¥Ñ¥¹¥ï¡¼¥É¤ÈƱ¤¸¥Ñ¥¹¥ï¡¼¥É¤¬¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤ËÀßÄꤵ¤ì¤Þ¤¹¡£keypassÃͤϡ¢6ʸ»ú°Ê¾å¤Ë¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
-importcert
{-alias alias} {-file cert_file} [-keypass keypass] {-noprompt} {-trustcacerts}
{-storetype storetype} {-keystore keystore} [-storepass storepass]
{-providerName provider_name}
{-providerClass provider_class_name {-providerArg provider_arg}}
{-v} {-protected} {-Jjavaoption}
keytool¥³¥Þ¥ó¥É¤Ç¤Ï¡¢X.509 v1¡¢v2¡¢v3¤Î¾ÚÌÀ½ñ¡¢¤ª¤è¤ÓPKCS#7·Á¼°¤Î¾ÚÌÀ½ñ¤«¤é¹½À®¤µ¤ì¤Æ¤¤¤ëPKCS#7·Á¼°¤Î¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤ò¥¤¥ó¥Ý¡¼¥È¤Ç¤¤Þ¤¹¡£¥¤¥ó¥Ý¡¼¥È¤¹¤ë¥Ç¡¼¥¿¤Ï¡¢¥Ð¥¤¥Ê¥êÉä¹æ²½Êý¼°¡¢¤Þ¤¿¤Ï½ÐÎϲÄǽÉä¹æ²½Êý¼°(Base64Éä¹æ²½¤È¤â¸Æ¤Ð¤ì¤ë)¤Î¤É¤Á¤é¤«¤ÇÄ󶡤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£½ÐÎϲÄǽÉä¹æ²½Êý¼°¤Ï¡¢¥¤¥ó¥¿¡¼¥Í¥Ã¥ÈRFC 1421¾ÚÌÀ½ñÉä¹æ²½µ¬³Ê¤ÇÄêµÁ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£¤³¤ÎÉä¹æ²½Êý¼°¤Î¾ì¹ç¡¢¾ÚÌÀ½ñ¤Ï-----BEGIN¤Ç»Ï¤Þ¤ëʸ»úÎó¤Ç³«»Ï¤µ¤ì¡¢-----END¤Ç»Ï¤Þ¤ëʸ»úÎó¤Ç½ªÎ»¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
¾ÚÌÀ½ñ¤Ï¡¢¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¤Î¥ê¥¹¥È¤ËÄɲ乤뤿¤á¡¢¤ª¤è¤Óǧ¾Ú¶É(CA)¤Ë¾ÚÌÀ½ñ½ð̾¥ê¥¯¥¨¥¹¥È¤òÁ÷¿®¤·¤¿·ë²Ì¤È¤·¤ÆCA¤«¤é¼õ¿®¤·¤¿¾ÚÌÀ½ñ±þÅú¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ë¤¿¤á(¤Î-certreq¥³¥Þ¥ó¥É¥ª¥×¥·¥ç¥ó¤ò»²¾È)¤È¤¤¤¦2¤Ä¤ÎÍýͳ¤Ç¥¤¥ó¥Ý¡¼¥È¤·¤Þ¤¹¡£
¤É¤Á¤é¤Î¥¿¥¤¥×¤Î¥¤¥ó¥Ý¡¼¥È¤ò¹Ô¤¦¤«¤Ï¡¢-alias¥ª¥×¥·¥ç¥ó¤ÎÃͤˤè¤Ã¤Æ»ØÄꤷ¤Þ¤¹¡£ÊÌ̾¤¬¥¡¼¡¦¥¨¥ó¥È¥ê¤ò¥Ý¥¤¥ó¥È¤·¤Ê¤¤¾ì¹ç¡¢keytool¥³¥Þ¥ó¥É¤Ï¥æ¡¼¥¶¡¼¤¬¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¥¨¥ó¥È¥ê¤òÄɲ䷤褦¤È¤·¤Æ¤¤¤ë¤â¤Î¤È¤ß¤Ê¤·¤Þ¤¹¡£¤³¤Î¾ì¹ç¡¢ÊÌ̾¤¬¥¡¼¥¹¥È¥¢Æâ¤Ë¸ºß¤·¤Æ¤¤¤Ê¤¤¤³¤È¤¬É¬ÍפǤ¹¡£ÊÌ̾¤¬¤¹¤Ç¤Ë¸ºß¤·¤Æ¤¤¤ë¾ì¹ç¡¢¤½¤ÎÊÌ̾¤Î¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¤¬¤¹¤Ç¤Ë¸ºß¤¹¤ë¤³¤È¤Ë¤Ê¤ë¤Î¤Ç¡¢keytool¥³¥Þ¥ó¥É¤Ï¥¨¥é¡¼¤ò½ÐÎϤ·¡¢¾ÚÌÀ½ñ¤Î¥¤¥ó¥Ý¡¼¥È¤ò¹Ô¤¤¤Þ¤»¤ó¡£ÊÌ̾¤¬¥¡¼¡¦¥¨¥ó¥È¥ê¤ò¥Ý¥¤¥ó¥È¤¹¤ë¾ì¹ç¡¢keytool¥³¥Þ¥ó¥É¤Ï¥æ¡¼¥¶¡¼¤¬¾ÚÌÀ½ñ±þÅú¤ò¥¤¥ó¥Ý¡¼¥È¤·¤è¤¦¤È¤·¤Æ¤¤¤ë¤â¤Î¤È¤ß¤Ê¤·¤Þ¤¹¡£
-importpassword
{-alias alias} [-keypass keypass] {-storetype storetype} {-keystore keystore}
[-storepass storepass]
{-providerClass provider_class_name {-providerArg provider_arg}}
{-v} {-protected} {-Jjavaoption}
-importkeystore
{-srcstoretype srcstoretype} {-deststoretype deststoretype}
[-srcstorepass srcstorepass] [-deststorepass deststorepass] {-srcprotected}
{-destprotected}
{-srcalias srcalias {-destalias destalias} [-srckeypass srckeypass]}
[-destkeypass destkeypass] {-noprompt}
{-srcProviderName src_provider_name} {-destProviderName dest_provider_name}
{-providerClass provider_class_name {-providerArg provider_arg}} {-v}
{-protected} {-Jjavaoption}
-srcalias¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤¿¾ì¹ç¡¢¤³¤Î¥³¥Þ¥ó¥É¤Ï¡¢¤½¤ÎÊÌ̾¤ÇÆÃÄꤵ¤ì¤ëñ°ì¤Î¥¨¥ó¥È¥ê¤ò¥¿¡¼¥²¥Ã¥È¡¦¥¡¼¥¹¥È¥¢¤Ë¥¤¥ó¥Ý¡¼¥È¤·¤Þ¤¹¡£destalias·Ðͳ¤Ç¥¿¡¼¥²¥Ã¥ÈÊÌ̾¤¬»ØÄꤵ¤ì¤Ê¤«¤Ã¤¿¾ì¹ç¡¢srcalias¤¬¥¿¡¼¥²¥Ã¥ÈÊÌ̾¤È¤·¤Æ»ÈÍѤµ¤ì¤Þ¤¹¡£¥½¡¼¥¹¤Î¥¨¥ó¥È¥ê¤¬¥Ñ¥¹¥ï¡¼¥É¤ÇÊݸ¤ì¤Æ¤¤¤¿¾ì¹ç¡¢srckeypass¤ò»ÈÍѤ·¤Æ¤½¤Î¥¨¥ó¥È¥ê¤¬²óÉü¤µ¤ì¤Þ¤¹¡£srckeypass¤¬»ØÄꤵ¤ì¤Ê¤«¤Ã¤¿¾ì¹ç¡¢keytool¥³¥Þ¥ó¥É¤Ïsrcstorepass¤ò»ÈÍѤ·¤Æ¤½¤Î¥¨¥ó¥È¥ê¤ò²óÉü¤·¤è¤¦¤È¤·¤Þ¤¹¡£srcstorepass¤¬»ØÄꤵ¤ì¤Ê¤«¤Ã¤¿¤«Àµ¤·¤¯¤Ê¤«¤Ã¤¿¾ì¹ç¡¢¥æ¡¼¥¶¡¼¤Ï¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£¥¿¡¼¥²¥Ã¥È¤Î¥¨¥ó¥È¥ê¤Ïdestkeypass¤Ë¤è¤Ã¤ÆÊݸ¤ì¤Þ¤¹¡£destkeypass¤¬»ØÄꤵ¤ì¤Ê¤«¤Ã¤¿¾ì¹ç¡¢¥¿¡¼¥²¥Ã¥È¡¦¥¨¥ó¥È¥ê¤Ï¥½¡¼¥¹¡¦¥¨¥ó¥È¥ê¤Î¥Ñ¥¹¥ï¡¼¥É¤Ë¤è¤Ã¤ÆÊݸ¤ì¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢¤Û¤È¤ó¤É¤Î¥µ¡¼¥É¡¦¥Ñ¡¼¥Æ¥£¡¦¥Ä¡¼¥ë¤Ç¤Ï¡¢PKCS #12¥¡¼¥¹¥È¥¢¤Çstorepass¤Èkeypass¤¬Æ±¤¸¤Ç¤¢¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¤³¤ì¤é¤Î¥Ä¡¼¥ë¤ÎPKCS #12¥¡¼¥¹¥È¥¢¤òºîÀ®¤¹¤ë¾ì¹ç¤Ï¡¢¾ï¤Ë-destkeypass¤È-deststorepass¤¬Æ±¤¸¤Ë¤Ê¤ë¤è¤¦¤Ë»ØÄꤷ¤Þ¤¹¡£
-srcalias¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Ê¤«¤Ã¤¿¾ì¹ç¡¢¥½¡¼¥¹¡¦¥¡¼¥¹¥È¥¢Æâ¤Î¤¹¤Ù¤Æ¤Î¥¨¥ó¥È¥ê¤¬¥¿¡¼¥²¥Ã¥È¡¦¥¡¼¥¹¥È¥¢Æâ¤Ë¥¤¥ó¥Ý¡¼¥È¤µ¤ì¤Þ¤¹¡£³Æ¥¿¡¼¥²¥Ã¥È¡¦¥¨¥ó¥È¥ê¤ÏÂбþ¤¹¤ë¥½¡¼¥¹¡¦¥¨¥ó¥È¥ê¤ÎÊÌ̾¤Î²¼¤Ë³ÊǼ¤µ¤ì¤Þ¤¹¡£¥½¡¼¥¹¤Î¥¨¥ó¥È¥ê¤¬¥Ñ¥¹¥ï¡¼¥É¤ÇÊݸ¤ì¤Æ¤¤¤¿¾ì¹ç¡¢srcstorepass¤ò»ÈÍѤ·¤Æ¤½¤Î¥¨¥ó¥È¥ê¤¬²óÉü¤µ¤ì¤Þ¤¹¡£srcstorepass¤¬»ØÄꤵ¤ì¤Ê¤«¤Ã¤¿¤«Àµ¤·¤¯¤Ê¤«¤Ã¤¿¾ì¹ç¡¢¥æ¡¼¥¶¡¼¤Ï¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£¥½¡¼¥¹¡¦¥¡¼¥¹¥È¥¢Æâ¤Î¤¢¤ë¥¨¥ó¥È¥ê¡¦¥¿¥¤¥×¤¬¥¿¡¼¥²¥Ã¥È¡¦¥¡¼¥¹¥È¥¢¤Ç¥µ¥Ý¡¼¥È¤µ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤ä¡¢¤¢¤ë¥¨¥ó¥È¥ê¤ò¥¿¡¼¥²¥Ã¥È¡¦¥¡¼¥¹¥È¥¢¤Ë³ÊǼ¤¹¤ëºÝ¤Ë¥¨¥é¡¼¤¬È¯À¸¤·¤¿¾ì¹ç¡¢¥æ¡¼¥¶¡¼¤Ï¤½¤Î¥¨¥ó¥È¥ê¤ò¥¹¥¥Ã¥×¤·¤Æ½èÍý¤ò³¹Ô¤¹¤ë¤«¡¢¤Þ¤¿¤ÏÃæ»ß¤¹¤ë¤«¤ÎÁªÂò¤òµá¤á¤é¤ì¤Þ¤¹¡£¥¿¡¼¥²¥Ã¥È¡¦¥¨¥ó¥È¥ê¤Ï¥½¡¼¥¹¡¦¥¨¥ó¥È¥ê¤Î¥Ñ¥¹¥ï¡¼¥É¤Ë¤è¤Ã¤ÆÊݸ¤ì¤Þ¤¹¡£
¥¿¡¼¥²¥Ã¥ÈÊÌ̾¤¬¥¿¡¼¥²¥Ã¥È¡¦¥¡¼¥¹¥È¥¢Æâ¤Ë¤¹¤Ç¤Ë¸ºß¤·¤Æ¤¤¤¿¾ì¹ç¡¢¥æ¡¼¥¶¡¼¤Ï¡¢¤½¤Î¥¨¥ó¥È¥ê¤ò¾å½ñ¤¤¹¤ë¤«¡¢¤¢¤ë¤¤¤Ï°Û¤Ê¤ëÊÌ̾¤Î²¼¤Ç¿·¤·¤¤¥¨¥ó¥È¥ê¤òºîÀ®¤¹¤ë¤«¤ÎÁªÂò¤òµá¤á¤é¤ì¤Þ¤¹¡£
-noprompt¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤¿¾ì¹ç¡¢¥æ¡¼¥¶¡¼¤Ï¿·¤·¤¤¥¿¡¼¥²¥Ã¥ÈÊÌ̾¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤»¤ó¡£´û¸¤Î¥¨¥ó¥È¥ê¤¬¤½¤Î¥¿¡¼¥²¥Ã¥ÈÊÌ̾¤Ç¾å½ñ¤¤µ¤ì¤Þ¤¹¡£¥¤¥ó¥Ý¡¼¥È¤Ç¤¤Ê¤¤¥¨¥ó¥È¥ê¤Ï¥¹¥¥Ã¥×¤µ¤ì¡¢·Ù¹ð¤¬½ÐÎϤµ¤ì¤Þ¤¹¡£
-printcertreq
{-file file}
-certreq
{-alias alias} {-dname dname} {-sigalg sigalg} {-file certreq_file}
[-keypass keypass] {-storetype storetype} {-keystore keystore}
[-storepass storepass] {-providerName provider_name}
{-providerClass provider_class_name {-providerArg provider_arg}}
{-v} {-protected} {-Jjavaoption}
CSR¤Ï¡¢¾ÚÌÀ½ñȯ¹Ô¶É(CA)¤ËÁ÷¿®¤¹¤ë¤³¤È¤òÌÜŪ¤È¤·¤¿¤â¤Î¤Ç¤¹¡£CA¤Ï¡¢¾ÚÌÀ½ñÍ×µá¼Ô¤ò(Ä̾ï¤Ï¥ª¥Õ¥é¥¤¥ó¤Ç)ǧ¾Ú¤·¡¢¾ÚÌÀ½ñ¤Þ¤¿¤Ï¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤òÁ÷¤êÊÖ¤·¤Þ¤¹¡£¤³¤Î¾ÚÌÀ½ñ¤Þ¤¿¤Ï¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Ï¡¢¥¡¼¥¹¥È¥¢Æâ¤Î´û¸¤Î¾ÚÌÀ½ñ¥Á¥§¡¼¥ó(ºÇ½é¤Ï1¤Ä¤Î¼«¸Ê½ð̾¾ÚÌÀ½ñ¤«¤é¹½À®¤µ¤ì¤ë)¤ËÃÖ¤´¹¤¨¤Æ»ÈÍѤ·¤Þ¤¹¡£
alias¤Ë´ØÏ¢ÉÕ¤±¤é¤ì¤¿ÈëÌ©¸°¤Ï¡¢PKCS#10¾ÚÌÀ½ñ¥ê¥¯¥¨¥¹¥È¤òºîÀ®¤¹¤ë¤Î¤Ë»ÈÍѤµ¤ì¤Þ¤¹¡£ÈëÌ©¸°¤Ë¥¢¥¯¥»¥¹¤¹¤ë¤Ë¤Ï¡¢Àµ¤·¤¤¥Ñ¥¹¥ï¡¼¥É¤ò»ØÄꤹ¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¥³¥Þ¥ó¥É¹Ô¤Çkeypass¤ò»ØÄꤷ¤Æ¤ª¤é¤º¡¢ÈëÌ©¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤¬¥¡¼¥¹¥È¥¢¤Î¥Ñ¥¹¥ï¡¼¥É¤È°Û¤Ê¤ë¾ì¹ç¤Ï¡¢ÈëÌ©¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£dname¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ï¡¢¤½¤ì¤¬CSR¤Ç¼çÂΤȤ·¤Æ»ÈÍѤµ¤ì¤Þ¤¹¡£¤½¤ì°Ê³°¤Î¾ì¹ç¤Ï¡¢ÊÌ̾¤Ë´ØÏ¢ÉÕ¤±¤é¤ì¤¿X.500¼±ÊÌ̾¤¬»ÈÍѤµ¤ì¤Þ¤¹¡£
sigalgÃͤˤϡ¢CSR¤Ë½ð̾¤òÉÕ¤±¤ë¤È¤¤Ë»ÈÍѤ¹¤ë¥¢¥ë¥´¥ê¥º¥à¤ò»ØÄꤷ¤Þ¤¹¡£
CSR¤Ï¡¢¥Õ¥¡¥¤¥ëcertreq_file¤Ë³ÊǼ¤µ¤ì¤Þ¤¹¡£¥Õ¥¡¥¤¥ë¤¬»ØÄꤵ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¡¢stdout¤ËCSR¤¬½ÐÎϤµ¤ì¤Þ¤¹¡£
CA¤«¤é¤Î¥ì¥¹¥Ý¥ó¥¹¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ë¤Ë¤Ï¡¢importcert¥³¥Þ¥ó¥É¤ò»ÈÍѤ·¤Þ¤¹¡£
-exportcert
{-alias alias} {-file cert_file} {-storetype storetype} {-keystore keystore}
[-storepass storepass] {-providerName provider_name}
{-providerClass provider_class_name {-providerArg provider_arg}}
{-rfc} {-v} {-protected} {-Jjavaoption}
¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢¾ÚÌÀ½ñ¤Ï¥Ð¥¤¥Ê¥êÉä¹æ²½¤Ç½ÐÎϤµ¤ì¤Þ¤¹¡£-rfc¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢½ÐÎϲÄǽÉä¹æ²½Êý¼°¤Î½ÐÎϤϥ¤¥ó¥¿¡¼¥Í¥Ã¥ÈRFC 1421¾ÚÌÀ½ñÉä¹æ²½µ¬³Ê¤ÇÄêµÁ¤µ¤ì¤Þ¤¹¡£
alias¤¬¡¢¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¤ò»²¾È¤·¤Æ¤¤¤ë¾ì¹ç¤Ï¡¢³ºÅö¤¹¤ë¾ÚÌÀ½ñ¤¬½ÐÎϤµ¤ì¤Þ¤¹¡£¤½¤ì°Ê³°¤Î¾ì¹ç¡¢alias¤Ï¡¢´ØÏ¢ÉÕ¤±¤é¤ì¤¿¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤ò»ý¤Ä¸°¥¨¥ó¥È¥ê¤ò»²¾È¤·¤Þ¤¹¡£¤³¤Î¾ì¹ç¤Ï¡¢¥Á¥§¡¼¥óÆâ¤ÎºÇ½é¤Î¾ÚÌÀ½ñ¤¬ÊÖ¤µ¤ì¤Þ¤¹¡£¤³¤Î¾ÚÌÀ½ñ¤Ï¡¢alias¤Ë¤è¤Ã¤Æɽ¤µ¤ì¤ë¥¨¥ó¥Æ¥£¥Æ¥£¤Î¸ø³«¸°¤òǧ¾Ú¤¹¤ë¾ÚÌÀ½ñ¤Ç¤¹¡£
¤³¤Î¥³¥Þ¥ó¥É¤Ï¡¢°ÊÁ°¤Î¥ê¥ê¡¼¥¹¤Ç¤Ï-export¤È¤¤¤¦Ì¾Á°¤Ç¤·¤¿¡£¤³¤Î¥ê¥ê¡¼¥¹¤Ç¤Ï¡¢°ú¤Â³¤¸Å¤¤Ì¾Á°¤¬¥µ¥Ý¡¼¥È¤µ¤ì¤Æ¤¤¤Þ¤¹¡£º£¸å¤Ï¡¢¿·¤·¤¤Ì¾Á°-exportcert¤¬Í¥À褵¤ì¤Þ¤¹¡£
-list
{-alias alias} {-storetype storetype} {-keystore keystore} [-storepass storepass]
{-providerName provider_name}
{-providerClass provider_class_name {-providerArg provider_arg}}
{-v | -rfc} {-protected} {-Jjavaoption}
¤³¤Î¥³¥Þ¥ó¥É¤Ï¡¢¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¾ÚÌÀ½ñ¤ÎSHA1¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤òɽ¼¨¤·¤Þ¤¹¡£ -v¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ï¡¢½êͼԡ¢È¯¹Ô¼Ô¡¢¥·¥ê¥¢¥ëÈֹ桢³ÈÄ¥µ¡Ç½¤Ê¤É¤ÎÉÕ²ÃŪ¤Ê¾ðÊó¤È¤È¤â¤Ë¡¢¿Í´Ö¤¬Æɤळ¤È¤Î¤Ç¤¤ë·Á¼°¤Ç¾ÚÌÀ½ñ¤¬É½¼¨¤µ¤ì¤Þ¤¹¡£-rfc¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ï¡¢½ÐÎϲÄǽÉä¹æ²½Êý¼°¤Ç¾ÚÌÀ½ñ¤ÎÆâÍƤ¬½ÐÎϤµ¤ì¤Þ¤¹¡£½ÐÎϲÄǽÉä¹æ²½Êý¼°¤Ï¡¢¥¤¥ó¥¿¡¼¥Í¥Ã¥ÈRFC 1421¾ÚÌÀ½ñÉä¹æ²½µ¬³Ê¤ÇÄêµÁ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£
-v¥ª¥×¥·¥ç¥ó¤È-rfc¥ª¥×¥·¥ç¥ó¤òƱ»þ¤Ë»ØÄꤹ¤ë¤³¤È¤Ï¤Ç¤¤Þ¤»¤ó¡£
-printcert
{-file cert_file | -sslserver host[:port]} {-jarfile JAR_file {-rfc} {-v}
{-Jjavaoption}
-rfc¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢keytool¥³¥Þ¥ó¥É¤Ï¡¢¥¤¥ó¥¿¡¼¥Í¥Ã¥ÈRFC 1421¾ÚÌÀ½ñÉä¹æ²½É¸½à¤ÇÄêµÁ¤µ¤ì¤Æ¤¤¤ë¤è¤¦¤Ë¡¢PEM¥â¡¼¥É¤Ç¾ÚÌÀ½ñ¤ò½ÐÎϤ·¤Þ¤¹¡£¥¤¥ó¥¿¡¼¥Í¥Ã¥ÈRFC 1421¾ÚÌÀ½ñÉä¹æ²½µ¬³Ê¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£
¥Õ¥¡¥¤¥ë¤Þ¤¿¤Ïstdin¤«¤é¾ÚÌÀ½ñ¤òÆɤ߹þ¤à¾ì¹ç¡¢¤½¤Î¾ÚÌÀ½ñ¤Ï¡¢¥¤¥ó¥¿¡¼¥Í¥Ã¥ÈRFC 1421¾ÚÌÀ½ñÉä¹æ²½É¸½à¤ÇÄêµÁ¤µ¤ì¤Æ¤¤¤ë¤è¤¦¤Ë¡¢¥Ð¥¤¥Ê¥êÉä¹æ²½Êý¼°¤Þ¤¿¤Ï½ÐÎϲÄǽÉä¹æ²½Êý¼°¤Çɽ¼¨¤Ç¤¤Þ¤¹¡£
SSL¥µ¡¼¥Ð¡¼¤¬¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤ÎÇظå¤Ë¤¢¤ë¾ì¹ç¤Ï¡¢-J-Dhttps.proxyHost=proxyhost¤ª¤è¤Ó-J-Dhttps.proxyPort=proxyport¥ª¥×¥·¥ç¥ó¤ò¥³¥Þ¥ó¥É¹Ô¤Ç»ØÄꤷ¤Æ¡¢¥×¥í¥¥·¡¦¥È¥ó¥Í¥ê¥ó¥°¤ò»ÈÍѤǤ¤Þ¤¹¡£http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html¤Î ¡ÖJava Secure Socket Extension (JSSE) Reference Guide¡×¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤
Ãí°Õ: ¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¥¡¼¥¹¥È¥¢¤È¤Ï´Ø·¸¤Ê¤¯»ÈÍѤǤ¤Þ¤¹¡£
-printcrl
-file crl_ {-v}
Ãí°Õ: ¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¥¡¼¥¹¥È¥¢¤È¤Ï´Ø·¸¤Ê¤¯»ÈÍѤǤ¤Þ¤¹¡£
-storepasswd
[-new new_storepass] {-storetype storetype} {-keystore keystore}
[-storepass storepass] {-providerName provider_name}
{-providerClass provider_class_name {-providerArg provider_arg}}
{-v} {-Jjavaoption}
-keypasswd
{-alias alias} [-keypass old_keypass] [-new new_keypass] {-storetype storetype}
{-keystore keystore} [-storepass storepass] {-providerName provider_name}
{-providerClass provider_class_name {-providerArg provider_arg}} {-v}
{-Jjavaoption}
¥³¥Þ¥ó¥É¹Ô¤Ç-keypass¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤Æ¤ª¤é¤º¡¢¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤¬¥¡¼¥¹¥È¥¢¤Î¥Ñ¥¹¥ï¡¼¥É¤È°Û¤Ê¤ë¾ì¹ç¤Ï¡¢¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£
¥³¥Þ¥ó¥É¹Ô¤Ç-new¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï¡¢¿·¤·¤¤¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£
-delete
[-alias alias] {-storetype storetype} {-keystore keystore} [-storepass storepass]
{-providerName provider_name}
{-providerClass provider_class_name {-providerArg provider_arg}}
{-v} {-protected} {-Jjavaoption}
-changealias
{-alias alias} [-destalias destalias] [-keypass keypass] {-storetype storetype}
{-keystore keystore} [-storepass storepass] {-providerName provider_name}
{-providerClass provider_class_name {-providerArg provider_arg}} {-v}
{-protected} {-Jjavaoption}
-help
ÆÃÄê¤Î¥³¥Þ¥ó¥É¤Î¾ÜºÙ¤ò»²¾È¤¹¤ë¤Ë¤Ï¡¢¼¡¤Î¤è¤¦¤ËÆþÎϤ·¤Æ¤¯¤À¤µ¤¤: keytool -command_name -help¡£command_name¤Ï¥³¥Þ¥ó¥É¤Î̾Á°¤Ç¤¹¡£
Îã
¤³¤ÎÎã¤Ç¤Ï¡¢¸ø³«/ÈëÌ©¸°¤Î¥Ú¥¢¤ª¤è¤Ó¿®Íê¤Ç¤¤ë¥¨¥ó¥Æ¥£¥Æ¥£¤«¤é¤Î¾ÚÌÀ½ñ¤ò´ÉÍý¤¹¤ë¤¿¤á¤Î¥¡¼¥¹¥È¥¢¤òºîÀ®¤¹¤ë¼ê½ç¤ò¼¨¤·¤Þ¤¹¡£
¸°¤Î¥Ú¥¢¤ÎÀ¸À®
¤Þ¤º¡¢¥¡¼¥¹¥È¥¢¤òºîÀ®¤·¤Æ¸°¤Î¥Ú¥¢¤òÀ¸À®¤·¤Þ¤¹¡£Ã±°ì¹Ô¤ËÆþÎϤ¹¤ë¡¢¼¡¤Î¤è¤¦¤Ê¥³¥Þ¥ó¥É¤ò»ÈÍѤǤ¤Þ¤¹¡£
keytool -genkeypair -dname "cn=Mark Jones, ou=Java, o=Oracle, c=US" -alias business -keypass <new password for private key> -keystore /working/mykeystore -storepass <new password for keystore> -validity 180
¥³¥Þ¥ó¥É¤Ï¡¢working¥Ç¥£¥ì¥¯¥È¥ê¤Ëmykeystore¤È¤¤¤¦Ì¾Á°¤Î¥¡¼¥¹¥È¥¢¤òºîÀ®¤·(¥¡¼¥¹¥È¥¢¤Ï¤Þ¤À¸ºß¤·¤Æ¤¤¤Ê¤¤¤È²¾Äê)¡¢ºîÀ®¤·¤¿¥¡¼¥¹¥È¥¢¤Ë¡¢<new password for keystore>¤Ç»ØÄꤷ¤¿¥Ñ¥¹¥ï¡¼¥É¤ò³ä¤êÅö¤Æ¤Þ¤¹¡£À¸À®¤¹¤ë¸ø³«¸°¤ÈÈëÌ©¸°¤Î¥Ú¥¢¤ËÂбþ¤¹¤ë¥¨¥ó¥Æ¥£¥Æ¥£¤Î¡Ö¼±ÊÌ̾¡×¤Ï¡¢Ä̾Τ¬Mark Jones¡¢ÁÈ¿¥Ã±°Ì¤¬Java¡¢ÁÈ¿¥¤¬Oracle¡¢2ʸ»ú¤Î¹ñÈֹ椬US¤Ç¤¹¡£¸ø³«¸°¤ÈÈëÌ©¸°¤Î¥µ¥¤¥º¤Ï¤É¤Á¤é¤â1024¥Ó¥Ã¥È¤Ç¡¢¸°¤ÎºîÀ®¤Ë¤Ï¥Ç¥Õ¥©¥ë¥È¤ÎDSA¸°À¸À®¥¢¥ë¥´¥ê¥º¥à¤ò»ÈÍѤ·¤Þ¤¹¡£
¤³¤Î¥³¥Þ¥ó¥É¤Ï¡¢¥Ç¥Õ¥©¥ë¥È¤ÎSHA1withDSA½ð̾¥¢¥ë¥´¥ê¥º¥à¤ò»ÈÍѤ·¤Æ¡¢¸ø³«¸°¤È¼±ÊÌ̾¾ðÊó¤ò´Þ¤à¼«¸Ê½ð̾¾ÚÌÀ½ñ¤òºîÀ®¤·¤Þ¤¹¡£¾ÚÌÀ½ñ¤Î͸ú´ü´Ö¤Ï180Æü¤Ç¤¹¡£¾ÚÌÀ½ñ¤Ï¡¢ÊÌ̾business¤ÇÆÃÄꤵ¤ì¤ë¥¡¼¥¹¥È¥¢¡¦¥¨¥ó¥È¥êÆâ¤ÎÈëÌ©¸°¤Ë´ØÏ¢ÉÕ¤±¤é¤ì¤Þ¤¹¡£ÈëÌ©¸°¤Ë¤Ï¡¢<new password for private key>¤Ç»ØÄꤷ¤¿¥Ñ¥¹¥ï¡¼¥É¤¬³ä¤êÅö¤Æ¤é¤ì¤Þ¤¹¡£
¥ª¥×¥·¥ç¥ó¤Î¥Ç¥Õ¥©¥ë¥ÈÃͤò»ÈÍѤ¹¤ë¾ì¹ç¡¢¥³¥Þ¥ó¥É¤ÏÂçÉý¤Ëû¤¯¤Ê¤ê¤Þ¤¹¡£¤³¤Î¾ì¹ç¡¢¥ª¥×¥·¥ç¥ó¤ÏÉÔÍפǤ¹¡£¥Ç¥Õ¥©¥ë¥ÈÃͤò»ý¤Ä¥ª¥×¥·¥ç¥ó¤Ç¤Ï¡¢¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤Ê¤±¤ì¤Ð¥Ç¥Õ¥©¥ë¥ÈÃͤ¬»ÈÍѤµ¤ì¤Þ¤¹¡£É¬¿ÜÃͤÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£»ÈÍѲÄǽ¤ÊÃͤϼ¡¤Î¤È¤ª¤ê¤Ç¤¹¡£
keytool -genkeypair
¤³¤Î¾ì¹ç¤Ï¡¢mykey¤È¤¤¤¦ÊÌ̾¤Ç¥¡¼¥¹¥È¥¢¡¦¥¨¥ó¥È¥ê¤¬ºîÀ®¤µ¤ì¡¢¿·¤·¤¯À¸À®¤µ¤ì¤¿¸°¤Î¥Ú¥¢¡¢¤ª¤è¤Ó90Æü´Ö͸ú¤Ê¾ÚÌÀ½ñ¤¬¤³¤Î¥¨¥ó¥È¥ê¤Ë³ÊǼ¤µ¤ì¤Þ¤¹¡£¤³¤Î¥¨¥ó¥È¥ê¤Ï¡¢¥Û¡¼¥à¡¦¥Ç¥£¥ì¥¯¥È¥êÆâ¤Î.keystore¤È¤¤¤¦Ì¾Á°¤Î¥¡¼¥¹¥È¥¢¤ËÃÖ¤«¤ì¤Þ¤¹¡£¥¡¼¥¹¥È¥¢¤Ï¡¢¤Þ¤À¸ºß¤·¤Æ¤¤¤Ê¤¤¾ì¹ç¤ËºîÀ®¤µ¤ì¤Þ¤¹¡£¼±ÊÌ̾¾ðÊó¡¢¥¡¼¥¹¥È¥¢¤Î¥Ñ¥¹¥ï¡¼¥É¤ª¤è¤ÓÈëÌ©¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£
°Ê¹ß¤Ç¤Ï¡¢¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤Ê¤¤¤Ç-genkeypair¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤¿¤â¤Î¤È¤·¤ÆÎã¤ò¼¨¤·¤Þ¤¹¡£¾ðÊó¤ÎÆþÎϤòµá¤á¤é¤ì¤¿¾ì¹ç¤Ï¡¢ºÇ½é¤Ë¼¨¤·¤¿-genkeypair¥³¥Þ¥ó¥É¤ÎÃͤòÆþÎϤ·¤¿¤â¤Î¤È¤·¤Þ¤¹¡£¤¿¤È¤¨¤Ð¼±ÊÌ̾¤Ë¤Ïcn=Mark Jones¡¢ou=Java¡¢o=Oracle¡¢c=US¤È»ØÄꤷ¤Þ¤¹¡£
CA¤«¤é¤Î½ð̾ÉÕ¤¾ÚÌÀ½ñ¤Î¥ê¥¯¥¨¥¹¥È
¼«¸Ê½ð̾¾ÚÌÀ½ñ¤òºîÀ®¤¹¤ë¸°¤Î¥Ú¥¢¤ÎÀ¸À®¡£¾ÚÌÀ½ñ¤Ëǧ¾Ú¶É(CA)¤Î½ð̾¤¬ÉÕ¤¤¤Æ¤¤¤ì¤Ð¡¢Â¾¤Î¥æ¡¼¥¶¡¼¤«¤é¾ÚÌÀ½ñ¤¬¿®Íꤵ¤ì¤ë²ÄǽÀ¤â¹â¤¯¤Ê¤ê¤Þ¤¹¡£CA¤Î½ð̾¤ò¼èÆÀ¤¹¤ë¤Ë¤Ï¡¢¤Þ¤º¡¢¾ÚÌÀ½ñ½ð̾¥ê¥¯¥¨¥¹¥È(CSR)¤òÀ¸À®¤·¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢¼¡¤Î¤è¤¦¤Ë¤·¤Þ¤¹¡£
keytool -certreq -file MarkJ.csr
CSR(¥Ç¥Õ¥©¥ë¥ÈÊÌ̾mykey¤Ë¤è¤Ã¤ÆÆÃÄꤵ¤ì¤ë¥¨¥ó¥Æ¥£¥Æ¥£¤ÎCSR)¤¬ºîÀ®¤µ¤ì¡¢MarkJ.csr¤È¤¤¤¦Ì¾Á°¤Î¥Õ¥¡¥¤¥ë¤ËÃÖ¤«¤ì¤Þ¤¹¡£¤³¤Î¥Õ¥¡¥¤¥ë¤òCA (VeriSign¤Ê¤É)¤ËÄó½Ð¤·¤Þ¤¹¡£CA¤ÏÍ×µá¼Ô¤ò(Ä̾ï¤Ï¥ª¥Õ¥é¥¤¥ó¤Ç)ǧ¾Ú¤·¡¢Í×µá¼Ô¤Î¸ø³«¸°¤òǧ¾Ú¤·¤¿½ð̾ÉÕ¤¤Î¾ÚÌÀ½ñ¤òÁ÷¤êÊÖ¤·¤Þ¤¹¡£¾ì¹ç¤Ë¤è¤Ã¤Æ¤Ï¡¢CA¤¬¾ÚÌÀ½ñ¤Î¥Á¥§¡¼¥ó¤òÊÖ¤¹¤³¤È¤â¤¢¤ê¤Þ¤¹¡£¾ÚÌÀ½ñ¤Î¥Á¥§¡¼¥ó¤Ç¤Ï¡¢³Æ¾ÚÌÀ½ñ¤¬¥Á¥§¡¼¥óÆâ¤Î¤½¤ÎÁ°¤Î½ð̾¼Ô¤Î¸ø³«¸°¤òǧ¾Ú¤·¤Þ¤¹¡£
CA¤«¤é¤Î¾ÚÌÀ½ñ¤Î¥¤¥ó¥Ý¡¼¥È
ºîÀ®¤·¤¿¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Ï¡¢¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤ÇÃÖ¤´¹¤¨¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Ç¤Ï¡¢³Æ¾ÚÌÀ½ñ¤¬¡¢¡Ö¥ë¡¼¥È¡×CA¤òµ¯ÅÀ¤È¤¹¤ë¥Á¥§¡¼¥óÆâ¤Î¼¡¤Î¾ÚÌÀ½ñ¤Î½ð̾¼Ô¤Î¸ø³«¸°¤òǧ¾Ú¤·¤Þ¤¹¡£
CA¤«¤é¤Î¾ÚÌÀ½ñ±þÅú¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ë¤Ë¤Ï¡¢¥¡¼¥¹¥È¥¢¤«¡¢cacerts¥¡¼¥¹¥È¥¢¡¦¥Õ¥¡¥¤¥ëÆâ¤Ë1¤Ä°Ê¾å¤Î¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¤¬¤¢¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¥³¥Þ¥ó¥É¤Î-importcert¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£
cacerts¥¡¼¥¹¥È¥¢¡¦¥Õ¥¡¥¤¥ë¤Ï¡¢¤¤¤¯¤Ä¤«¤ÎVeriSign¥ë¡¼¥ÈCA¾ÚÌÀ½ñ¤ò´Þ¤ó¤À¾õÂ֤ǽв٤µ¤ì¤Æ¤¤¤ë¤Î¤Ç¡¢VeriSign¤Î¾ÚÌÀ½ñ¤ò¡¢¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¤È¤·¤Æ¥¡¼¥¹¥È¥¢Æâ¤Ë¥¤¥ó¥Ý¡¼¥È¤¹¤ëɬÍפ¬¤Ê¤¤¾ì¹ç¤¬¤¢¤ê¤Þ¤¹¡£¤¿¤À¤·¡¢Â¾¤ÎCA¤ËÂФ·¤Æ½ð̾ÉÕ¤¾ÚÌÀ½ñ¤ò¥ê¥¯¥¨¥¹¥È¤·¤Æ¤¤¤Æ¡¢¤³¤ÎCA¤Î¸ø³«¸°¤òǧ¾Ú¤¹¤ë¾ÚÌÀ½ñ¤¬¡¢cacerts¤Ë¤Þ¤ÀÄɲ䵤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¡¢³ºÅö¤¹¤ëCA¤«¤é¤Î¾ÚÌÀ½ñ¤ò¡¢¡Ö¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¡×¤È¤·¤Æ¥¤¥ó¥Ý¡¼¥È¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
Ä̾CA¤«¤é¤Î¾ÚÌÀ½ñ¤Ï¡¢¼«¸Ê½ð̾¾ÚÌÀ½ñ¡¢¤Þ¤¿¤Ï¾¤ÎCA¤Ë¤è¤Ã¤Æ½ð̾¤µ¤ì¤¿¾ÚÌÀ½ñ¤Ç¤¹(¸å¼Ô¤Î¾ì¹ç¤Ï¡¢³ºÅö¤¹¤ë¾¤ÎCA¤Î¸ø³«¸°¤òǧ¾Ú¤¹¤ë¾ÚÌÀ½ñ¤¬É¬Í×)¡£ABC, Inc.,¤¬CA¤Ç¡¢ABC¤«¤é¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Ç¤¢¤ëABCCA.cer¤È¤¤¤¦Ì¾Á°¤Î¥Õ¥¡¥¤¥ë¤ò¼èÆÀ¤·¤¿¤È¤·¤Þ¤¹(¤³¤Î¾ÚÌÀ½ñ¤ÏCA¤Î¸ø³«¸°¤òǧ¾Ú¤·¤Þ¤¹)¡£¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¤È¤·¤Æ¾ÚÌÀ½ñ¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ë¤È¤¤Ï¡¢¾ÚÌÀ½ñ¤¬Í¸ú¤Ç¤¢¤ë¤³¤È¤ò³Îǧ¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¤Þ¤º¡¢¾ÚÌÀ½ñ¤ÎÆâÍƤòɽ¼¨¤·¡¢keytool -printcert¥³¥Þ¥ó¥É¤ò»ÈÍѤ¹¤ë¤«¡¢¤Þ¤¿¤Ï-noprompt¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤Ê¤¤¤Çkeytool -importcert¥³¥Þ¥ó¥É¤ò»ÈÍѤ·¡¢É½¼¨¤µ¤ì¤¿¾ÚÌÀ½ñ¤Î¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤¬¡¢´üÂÔ¤µ¤ì¤ë¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤È°ìÃפ¹¤ë¤«¤É¤¦¤«¤ò³Îǧ¤·¤Þ¤¹¡£¾ÚÌÀ½ñ¤òÁ÷¿®¤·¤¿¿Íʪ¤ËÏ¢Íí¤·¡¢¤³¤Î¿Íʪ¤¬Ä󼨤·¤¿(¤Þ¤¿¤Ï°ÂÁ´¤Ê¸ø³«¸°¤Î¥ê¥Ý¥¸¥È¥ê¤Ë¤è¤Ã¤ÆÄ󼨤µ¤ì¤ë)¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤È¡¢¾å¤Î¥³¥Þ¥ó¥É¤Çɽ¼¨¤µ¤ì¤¿¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤È¤òÈæ³Ó¤·¤Þ¤¹¡£¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤¬°ìÃפ¹¤ì¤Ð¡¢Á÷¿®ÅÓÃæ¤Ç¾¤Î²¿¼Ô¤«(¹¶·â¼Ô¤Ê¤É)¤Ë¤è¤ë¾ÚÌÀ½ñ¤Î¤¹¤êÂؤ¨¤¬¹Ô¤ï¤ì¤Æ¤¤¤Ê¤¤¤³¤È¤ò³Îǧ¤Ç¤¤Þ¤¹¡£Á÷¿®ÅÓÃæ¤Ç¤³¤Î¼ï¤Î¹¶·â¤¬¹Ô¤ï¤ì¤Æ¤¤¤¿¾ì¹ç¡¢¥Á¥§¥Ã¥¯¤ò¹Ô¤ï¤º¤Ë¾ÚÌÀ½ñ¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ë¤È¡¢¹¶·â¼Ô¤Ë¤è¤Ã¤Æ½ð̾¤µ¤ì¤¿¤¹¤Ù¤Æ¤Î¤â¤Î¤ò¿®Íꤹ¤ë¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£
¾ÚÌÀ½ñ¤¬Í¸ú¤Ç¤¢¤ë¤È¿®Íꤹ¤ë¾ì¹ç¤Ï¡¢¼¡¤Î¥³¥Þ¥ó¥É¤Ç¥¡¼¥¹¥È¥¢¤ËÄɲäǤ¤Þ¤¹¡£
keytool -importcert -alias abc -file ABCCA.cer
ABCCA.cer¥Õ¥¡¥¤¥ë¤Î¥Ç¡¼¥¿¤ò´Þ¤à¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¤Î¥¨¥ó¥È¥ê¤¬¥¡¼¥¹¥È¥¢Æâ¤ËºîÀ®¤µ¤ì¡¢³ºÅö¤¹¤ë¥¨¥ó¥È¥ê¤Ëabc¤È¤¤¤¦ÊÌ̾¤¬³ä¤êÅö¤Æ¤é¤ì¤Þ¤¹¡£
CA¤«¤é¤Î¾ÚÌÀ½ñ±þÅú¤Î¥¤¥ó¥Ý¡¼¥È
¾ÚÌÀ½ñ½ð̾¥ê¥¯¥¨¥¹¥È¤ÎÄó½ÐÀè¤ÎCA¤Î¸ø³«¸°¤òǧ¾Ú¤¹¤ë¾ÚÌÀ½ñ¤ò¥¤¥ó¥Ý¡¼¥È¤·¤¿¸å¤Ï(¤Þ¤¿¤ÏƱ¼ï¤Î¾ÚÌÀ½ñ¤¬¤¹¤Ç¤Ëcacerts¥Õ¥¡¥¤¥ëÆâ¤Ë¸ºß¤·¤Æ¤¤¤ë¾ì¹ç¤Ï)¡¢¾ÚÌÀ±þÅú¤ò¥¤¥ó¥Ý¡¼¥È¤·¡¢¼«¸Ê½ð̾¾ÚÌÀ½ñ¤ò¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤ÇÃÖ¤´¹¤¨¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£¤³¤Î¥Á¥§¡¼¥ó¤Ï¡¢CA¤Î±þÅú¤¬¥Á¥§¡¼¥ó¤Î¾ì¹ç¤Ë¡¢¥ê¥¯¥¨¥¹¥È¤ËÂФ¹¤ë¥ì¥¹¥Ý¥ó¥¹¤È¤·¤ÆCA¤«¤éÁ÷¤êÊÖ¤µ¤ì¤¿¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Ç¤¹¡£¤Þ¤¿¡¢CA¤Î±þÅú¤¬Ã±°ì¤Î¾ÚÌÀ½ñ¤Î¾ì¹ç¤Ï¡¢¤³¤Î¾ÚÌÀ±þÅú¤È¡¢¥¤¥ó¥Ý¡¼¥ÈÀè¤Î¥¡¼¥¹¥È¥¢Æâ¤Þ¤¿¤Ïcacerts¥¡¼¥¹¥È¥¢¥Õ¥¡¥¤¥ëÆâ¤Ë¤¹¤Ç¤Ë¸ºß¤¹¤ë¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¤È¤ò»ÈÍѤ·¤Æ¹½ÃÛ¤·¤¿¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Ç¤¹¡£
¤¿¤È¤¨¤Ð¡¢¾ÚÌÀ½ñ½ð̾¥ê¥¯¥¨¥¹¥È¤òVeriSign¤ËÁ÷¿®¤¹¤ë¾ì¹ç¡¢Á÷¤êÊÖ¤µ¤ì¤¿¾ÚÌÀ½ñ¤Î̾Á°¤¬VSMarkJ.cer¤À¤È¤¹¤ë¤È¡¢¼¡¤Î¤è¤¦¤Ë¤·¤Æ±þÅú¤ò¥¤¥ó¥Ý¡¼¥È¤Ç¤¤Þ¤¹¡£
keytool -importcert -trustcacerts -file VSMarkJ.cer
¸ø³«¸°¤òǧ¾Ú¤¹¤ë¾ÚÌÀ½ñ¤Î¥¨¥¯¥¹¥Ý¡¼¥È
jarsigner¥³¥Þ¥ó¥É¤ò»ÈÍѤ·¤ÆJava Archive (JAR)¥Õ¥¡¥¤¥ë¤Ë½ð̾¤¹¤ë¾ì¹ç¡¢¤³¤Î¥Õ¥¡¥¤¥ë¤ò»ÈÍѤ¹¤ë¥¯¥é¥¤¥¢¥ó¥È¤Ï½ð̾¤òǧ¾Ú¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¥¯¥é¥¤¥¢¥ó¥È¤¬½ð̾¤òǧ¾Ú¤¹¤ëÊýË¡¤Î1¤Ä¤Ë¡¢¤Þ¤º¼«Ê¬¤Î¸ø³«¸°¤Î¾ÚÌÀ½ñ¤ò¿®Íê¤Ç¤¤ë¥¨¥ó¥È¥ê¤È¤·¤Æ¥¯¥é¥¤¥¢¥ó¥È¤Î¥¡¼¥¹¥È¥¢¤Ë¥¤¥ó¥Ý¡¼¥È¤¹¤ëÊýË¡¤¬¤¢¤ê¤Þ¤¹¡£
¤½¤Î¤¿¤á¤Ë¤Ï¡¢¾ÚÌÀ½ñ¤ò¥¨¥¯¥¹¥Ý¡¼¥È¤·¤Æ¡¢¥¯¥é¥¤¥¢¥ó¥È¤ËÄ󶡤·¤Þ¤¹¡£Îã¤È¤·¤Æ¡¢¼¡¤Î¥³¥Þ¥ó¥É¤ò»ÈÍѤ·¤Æ¡¢MJ.cer¤È¤¤¤¦Ì¾Á°¤Î¥Õ¥¡¥¤¥ë¤Ë¾ÚÌÀ½ñ¤ò¥³¥Ô¡¼¤Ç¤¤Þ¤¹¡£¤³¤Î¥³¥Þ¥ó¥É¤Ç¤Ï¡¢¥¨¥ó¥È¥ê¤ËÊÌ̾mykey¤¬¤¢¤ë¤È²¾Äꤷ¤Æ¤¤¤Þ¤¹¡£
keytool -exportcert -alias mykey -file MJ.cer
¾ÚÌÀ½ñ¤È½ð̾ÉÕ¤JAR¥Õ¥¡¥¤¥ë¤òÆþ¼ê¤·¤¿¥¯¥é¥¤¥¢¥ó¥È¤Ï¡¢jarsigner¥³¥Þ¥ó¥É¤ò»ÈÍѤ·¤Æ½ð̾¤òǧ¾Ú¤Ç¤¤Þ¤¹¡£
¥¡¼¥¹¥È¥¢¤Î¥¤¥ó¥Ý¡¼¥È
¥³¥Þ¥ó¥Éimportkeystore¤ò»ÈÍѤ¹¤ì¤Ð¡¢¤¢¤ë¥¡¼¥¹¥È¥¢¤ÎÁ´ÂΤòÊ̤Υ¡¼¥¹¥È¥¢Æâ¤Ë¥¤¥ó¥Ý¡¼¥È¤Ç¤¤Þ¤¹¡£¤³¤ì¤Ï¡¢¸°¤ä¾ÚÌÀ½ñ¤È¤¤¤Ã¤¿¥½¡¼¥¹¥¡¼¥¹¥È¥¢Æâ¤Î¤¹¤Ù¤Æ¤Î¥¨¥ó¥È¥ê¤¬¡¢Ã±°ì¤Î¥³¥Þ¥ó¥É¤ò»ÈÍѤ·¤Æ¥¿¡¼¥²¥Ã¥È¥¡¼¥¹¥È¥¢Æâ¤Ë¥¤¥ó¥Ý¡¼¥È¤µ¤ì¤ë¤³¤È¤ò°ÕÌ£¤·¤Þ¤¹¡£¤³¤Î¥³¥Þ¥ó¥É¤ò»ÈÍѤ¹¤ì¤Ð¡¢°Û¤Ê¤ë¥¿¥¤¥×¤Î¥¡¼¥¹¥È¥¢Æâ¤Ë´Þ¤Þ¤ì¤ë¥¨¥ó¥È¥ê¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£¥¤¥ó¥Ý¡¼¥È»þ¤Ë¤Ï¡¢¥¿¡¼¥²¥Ã¥È¡¦¥¡¼¥¹¥È¥¢Æâ¤Î¿·¤·¤¤¥¨¥ó¥È¥ê¤Ï¤¹¤Ù¤Æ¡¢¸µ¤ÈƱ¤¸ÊÌ̾¤ª¤è¤Ó(ÈëÌ©¸°¤äÈëÌ©¸°¤Î¾ì¹ç¤Ï)ÊݸîÍѥѥ¹¥ï¡¼¥É¤ò»ý¤Á¤Þ¤¹¡£¥½¡¼¥¹¥¡¼¥¹¥È¥¢Æâ¤ÎÈó¸ø³«/ÈëÌ©¸°¤ò¥ê¥«¥Ð¥ê¤Ç¤¤Ê¤¤¾ì¹ç¡¢keytool¥³¥Þ¥ó¥É¤Ï¥æ¡¼¥¶¡¼¤Ë¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤Þ¤¹¡£¤³¤Î¥³¥Þ¥ó¥É¤Ï¡¢ÊÌ̾¤Î½ÅÊ£¤ò¸¡½Ð¤¹¤ë¤È¡¢¥æ¡¼¥¶¡¼¤Ë¿·¤·¤¤ÊÌ̾¤ÎÆþÎϤòµá¤á¤Þ¤¹¡£¥æ¡¼¥¶¡¼¤Ï¡¢¿·¤·¤¤ÊÌ̾¤ò»ØÄꤹ¤ë¤³¤È¤â¡¢Ã±½ã¤Ë´û¸¤ÎÊÌ̾¤Î¾å½ñ¤¤òkeytool¥³¥Þ¥ó¥É¤Ëµö²Ä¤¹¤ë¤³¤È¤â¤Ç¤¤Þ¤¹¡£
¤¿¤È¤¨¤Ð¡¢Ä̾ï¤ÎJKS¥¿¥¤¥×¤Î¥¡¼¥¹¥È¥¢key.jksÆâ¤Î¥¨¥ó¥È¥ê¤òPKCS#11¥¿¥¤¥×¤Î¥Ï¡¼¥É¥¦¥§¥¢¡¦¥Ù¡¼¥¹¤Î¥¡¼¥¹¥È¥¢Æâ¤Ë¥¤¥ó¥Ý¡¼¥È¤¹¤ë¤Ë¤Ï¡¢¼¡¤Î¥³¥Þ¥ó¥É¤ò»ÈÍѤ·¤Þ¤¹¡£
keytool -importkeystore -srckeystore key.jks -destkeystore NONE -srcstoretype JKS -deststoretype PKCS11 -srcstorepass <src keystore password> -deststorepass <destination keystore pwd>
¤Þ¤¿¡¢importkeystore¥³¥Þ¥ó¥É¤ò»ÈÍѤ¹¤ì¤Ð¡¢¤¢¤ë¥½¡¼¥¹¡¦¥¡¼¥¹¥È¥¢Æâ¤Îñ°ì¤Î¥¨¥ó¥È¥ê¤ò¥¿¡¼¥²¥Ã¥È¡¦¥¡¼¥¹¥È¥¢¤Ë¥¤¥ó¥Ý¡¼¥È¤¹¤ë¤³¤È¤â¤Ç¤¤Þ¤¹¡£¤³¤Î¾ì¹ç¤Ï¡¢Á°Îã¤Î¥ª¥×¥·¥ç¥ó¤Ë²Ã¤¨¤Æ¡¢¥¤¥ó¥Ý¡¼¥È¤¹¤ëÊÌ̾¤ò»ØÄꤹ¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£-srcalias¥ª¥×¥·¥ç¥ó¤ò»ØÄꤹ¤ë¾ì¹ç¤Ë¤Ï¡¢¥¿¡¼¥²¥Ã¥ÈÊÌ̾¤â¥³¥Þ¥ó¥É¹Ô¤«¤é»ØÄê¤Ç¤¤ë¤Û¤«¡¢ÈëÌ©/ÈëÌ©¸°¤ÎÊݸîÍѥѥ¹¥ï¡¼¥É¤ä¥¿¡¼¥²¥Ã¥ÈÊݸîÍѥѥ¹¥ï¡¼¥É¤â»ØÄê¤Ç¤¤Þ¤¹¡£¤½¤ÎÊýË¡¤ò¼¨¤¹¥³¥Þ¥ó¥É¤ò¼¡¤Ë¼¨¤·¤Þ¤¹¡£
keytool -importkeystore -srckeystore key.jks -destkeystore NONE -srcstoretype JKS -deststoretype PKCS11 -srcstorepass <src keystore password> -deststorepass <destination keystore pwd> -srcalias myprivatekey -destalias myoldprivatekey -srckeypass <source entry password> -destkeypass <destination entry password> -noprompt
SSL¥µ¡¼¥Ð¡¼¤Î¾ÚÌÀ½ñ¤ÎÀ¸À®
¼¡¤Ë¡¢3¤Ä¤Î¥¨¥ó¥Æ¥£¥Æ¥£¡¢¤Ä¤Þ¤ê¥ë¡¼¥ÈCA(root)¡¢Ãæ´ÖCA(ca)¤ª¤è¤ÓSSL¥µ¡¼¥Ð¡¼(server)ÍѤθ°¥Ú¥¢¤È¾ÚÌÀ½ñ¤òÀ¸À®¤¹¤ëkeytool¥³¥Þ¥ó¥É¤ò¼¨¤·¤Þ¤¹¡£¤¹¤Ù¤Æ¤Î¾ÚÌÀ½ñ¤òƱ¤¸¥¡¼¥¹¥È¥¢¤Ë³ÊǼ¤¹¤ë¤è¤¦¤Ë¤·¤Æ¤¯¤À¤µ¤¤¡£¤³¤ì¤é¤ÎÎã¤Ç¤Ï¡¢RSA¤¬¿ä¾©¤µ¤ì¤ë¸°¤Î¥¢¥ë¥´¥ê¥º¥à¤Ç¤¹¡£
keytool -genkeypair -keystore root.jks -alias root -ext bc:c keytool -genkeypair -keystore ca.jks -alias ca -ext bc:c keytool -genkeypair -keystore server.jks -alias server keytool -keystore root.jks -alias root -exportcert -rfc > root.pem keytool -storepass <storepass> -keystore ca.jks -certreq -alias ca | keytool -storepass <storepass> -keystore root.jks -gencert -alias root -ext BC=0 -rfc > ca.pem keytool -keystore ca.jks -importcert -alias ca -file ca.pem keytool -storepass <storepass> -keystore server.jks -certreq -alias server | keytool -storepass <storepass> -keystore ca.jks -gencert -alias ca -ext ku:c=dig,kE -rfc > server.pem cat root.pem ca.pem server.pem | keytool -keystore server.jks -importcert -alias server
ÍѸì
¥¡¼¥¹¥È¥¢
¥¡¼¥¹¥È¥¢¤Î¥¨¥ó¥È¥ê
¸°¤Î¥¨¥ó¥È¥ê - ³Æ¥¨¥ó¥È¥ê¤Ï¡¢Èó¾ï¤Ë½ÅÍפʰŹ沽¤Î¸°¤Î¾ðÊó¤òÊÝ»ý¤·¤Þ¤¹¡£¤³¤Î¾ðÊó¤Ï¡¢µö²Ä¤·¤Æ¤¤¤Ê¤¤¥¢¥¯¥»¥¹¤òËɤ°¤¿¤á¤Ë¡¢Êݸ¤ì¤¿·Á¤Ç³ÊǼ¤µ¤ì¤Þ¤¹¡£°ìÈ̤ˡ¢¤³¤Î¼ï¤Î¥¨¥ó¥È¥ê¤È¤·¤Æ³ÊǼ¤µ¤ì¤ë¸°¤Ï¡¢ÈëÌ©¸°¤«¡¢Âбþ¤¹¤ë¸ø³«¸°¤Î¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤òȼ¤¦ÈëÌ©¸°¤Ç¤¹¡£¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£keytool¥³¥Þ¥ó¥É¤¬¤³¤ÎξÊý¤Î¥¿¥¤¥×¤Î¥¨¥ó¥È¥ê¤ò½èÍý¤Ç¤¤ë¤Î¤ËÂФ·¡¢jarsigner¥Ä¡¼¥ë¤Ï¸å¼Ô¤Î¥¿¥¤¥×¤Î¥¨¥ó¥È¥ê¡¢¤Ä¤Þ¤êÈëÌ©¸°¤È¤½¤ì¤Ë´ØÏ¢ÉÕ¤±¤é¤ì¤¿¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Î¤ß¤ò½èÍý¤·¤Þ¤¹¡£
¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¤Î¥¨¥ó¥È¥ê: ³Æ¥¨¥ó¥È¥ê¤Ï¡¢Âè»°¼Ô¤«¤é¤Î¸ø³«¸°¾ÚÌÀ½ñ¤ò1¤Ä´Þ¤ó¤Ç¤¤¤Þ¤¹¡£¤³¤Î¥¨¥ó¥È¥ê¤Ï¡¢¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¤È¸Æ¤Ð¤ì¤Þ¤¹¡£¤½¤ì¤Ï¡¢¾ÚÌÀ½ñÆâ¤Î¸ø³«¸°¤¬¡¢¾ÚÌÀ½ñ¤ÎSubject(½êͼÔ)¤Ë¤è¤Ã¤ÆÆÃÄꤵ¤ì¤ë¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¤ËͳÍ褹¤ë¤â¤Î¤Ç¤¢¤ë¤³¤È¤ò¡¢¥¡¼¥¹¥È¥¢¤Î½êͼԤ¬¿®Íꤹ¤ë¤«¤é¤Ç¤¹¡£¾ÚÌÀ½ñ¤Îȯ¹Ô¼Ô¤Ï¡¢¾ÚÌÀ½ñ¤Ë½ð̾¤òÉÕ¤±¤ë¤³¤È¤Ë¤è¤Ã¤Æ¡¢¤½¤ÎÆâÍƤòÊݾڤ·¤Þ¤¹¡£
¥¡¼¥¹¥È¥¢¤ÎÊÌ̾
ÊÌ̾¤ò»ØÄꤹ¤ë¤Î¤Ï¡¢-genseckey¥³¥Þ¥ó¥É¤ò»ÈÍѤ·¤ÆÈëÌ©¸°¤òÀ¸À®¤·¤¿¤ê¡¢-genkeypair¥³¥Þ¥ó¥É¤ò»ÈÍѤ·¤Æ¸°¥Ú¥¢(¸ø³«¸°¤ÈÈëÌ©¸°)¤òÀ¸À®¤·¤¿¤ê¡¢-importcert¥³¥Þ¥ó¥É¤ò»ÈÍѤ·¤Æ¾ÚÌÀ½ñ¤Þ¤¿¤Ï¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤ò¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¤Î¥ê¥¹¥È¤ËÄɲ乤ë¤Ê¤É¡¢ÆÃÄê¤Î¥¨¥ó¥Æ¥£¥Æ¥£¤ò¥¡¼¥¹¥È¥¢¤ËÄɲ乤ë¾ì¹ç¤Ç¤¹¡£¤³¤ì°Ê¸å¡¢keytool¥³¥Þ¥ó¥É¤Ç¥¨¥ó¥Æ¥£¥Æ¥£¤ò»²¾È¤¹¤ë¾ì¹ç¤Ï¡¢¤³¤Î¤È¤¤Ë»ØÄꤷ¤¿ÊÌ̾¤ò»ÈÍѤ¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
¤¿¤È¤¨¤Ð¡¢duke¤È¤¤¤¦ÊÌ̾¤ò»ÈÍѤ·¤Æ¿·¤·¤¤¸ø³«¸°¤ÈÈëÌ©¸°¤Î¥Ú¥¢¤òÀ¸À®¤·¡¢¸ø³«¸°¤ò¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Ç¥é¥Ã¥×¤¹¤ë¤È¤·¤Þ¤¹¡£¤³¤Î¾ì¹ç¤Ï¡¢¼¡¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Þ¤¹¡£¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£
keytool -genkeypair -alias duke -keypass dukekeypasswd
keytool -keypasswd -alias duke -keypass dukekeypasswd -new newpass
¥¡¼¥¹¥È¥¢¤Î¼ÂÁõ
¸½ºß¡¢keytool¤Èjarsigner¤Î2¤Ä¤Î¥³¥Þ¥ó¥É¹Ô¥Ä¡¼¥ë¤È¡¢Policy Tool¤È¤¤¤¦Ì¾Á°¤ÎGUI¥Ù¡¼¥¹¤Î¥Ä¡¼¥ë¤¬¡¢¥¡¼¥¹¥È¥¢¤Î¼ÂÁõ¤ò»ÈÍѤ·¤Æ¤¤¤Þ¤¹¡£KeyStore¥¯¥é¥¹¤Ïpublic¤Ç¤¢¤ë¤¿¤á¡¢¥æ¡¼¥¶¡¼¤ÏKeyStore¤ò»ÈÍѤ·¤¿Â¾¤Î¥»¥¥å¥ê¥Æ¥£¡¦¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤âºîÀ®¤Ç¤¤Þ¤¹¡£
¥¡¼¥¹¥È¥¢¤Ë¤Ï¡¢Oracle¤¬Ä󶡤¹¤ëÁȹþ¤ß¤Î¥Ç¥Õ¥©¥ë¥È¤Î¼ÂÁõ¤¬¤¢¤ê¤Þ¤¹¡£¤³¤ì¤Ï¡¢JKS¤È¤¤¤¦Ì¾Á°¤ÎÆȼ«¤Î¥¡¼¥¹¥È¥¢¡¦¥¿¥¤¥×(·Á¼°)¤òÍøÍѤ¹¤ë¤â¤Î¤Ç¡¢¥¡¼¥¹¥È¥¢¤ò¥Õ¥¡¥¤¥ë¤È¤·¤Æ¼ÂÁõ¤·¤Æ¤¤¤Þ¤¹¡£¤³¤Î¼ÂÁõ¤Ç¤Ï¡¢¸Ä¡¹¤ÎÈëÌ©¸°¤Ï¸ÄÊ̤Υѥ¹¥ï¡¼¥É¤Ë¤è¤Ã¤ÆÊݸ¤ì¡¢¥¡¼¥¹¥È¥¢Á´ÂΤÎÀ°¹çÀ¤â(ÈëÌ©¸°¤È¤ÏÊ̤Î)¥Ñ¥¹¥ï¡¼¥É¤Ë¤è¤Ã¤ÆÊݸ¤ì¤Þ¤¹¡£
¥¡¼¥¹¥È¥¢¤Î¼ÂÁõ¤Ï¡¢¥×¥í¥Ð¥¤¥À¥Ù¡¼¥¹¤Ç¤¹¡£¶ñÂÎŪ¤Ë¤Ï¡¢KeyStore¤Ë¤è¤Ã¤ÆÄ󶡤µ¤ì¤ë¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¡¦¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤¬¥µ¡¼¥Ó¥¹¡¦¥×¥í¥Ð¥¤¥À¡¦¥¤¥ó¥¿¥Õ¥§¡¼¥¹(SPI)¤Ë´ð¤Å¤¤¤Æ¼ÂÁõ¤µ¤ì¤Þ¤¹¡£¤Ä¤Þ¤ê¡¢Âбþ¤¹¤ëKeystoreSpiÃê¾Ý¥¯¥é¥¹(¤³¤ì¤âjava.security¥Ñ¥Ã¥±¡¼¥¸¤Ë´Þ¤Þ¤ì¤Æ¤¤¤Þ¤¹)¤¬¤¢¤ê¡¢¤³¤Î¥¯¥é¥¹¤¬¡¢¥×¥í¥Ð¥¤¥À¤¬¼ÂÁõ¤¹¤ëɬÍפΤ¢¤ëService Provider Interface¤Î¥á¥½¥Ã¥É¤òÄêµÁ¤·¤Æ¤¤¤Þ¤¹¡£¤³¤³¤Ç¡¢¥×¥í¥Ð¥¤¥À¤È¤Ï¡¢Java Security API¤Ë¤è¤Ã¤Æ¥¢¥¯¥»¥¹²Äǽ¤Ê¥µ¡¼¥Ó¥¹¤Î¥µ¥Ö¥»¥Ã¥È¤ËÂФ·¡¢¤½¤Î¸ÇÄê¼ÂÁõ¤òÄ󶡤¹¤ë¥Ñ¥Ã¥±¡¼¥¸¤Þ¤¿¤Ï¥Ñ¥Ã¥±¡¼¥¸¤Î½¸¹ç¤Î¤³¤È¤Ç¤¹¡£¥¡¼¥¹¥È¥¢¤Î¼ÂÁõ¤òÄ󶡤¹¤ë¤Ë¤Ï¡¢http://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/HowToImplAProvider.html¤Ë¤¢¤ë Java°Å¹æ²½¥¢¡¼¥¥Æ¥¯¥Á¥ã¤Î¥×¥í¥Ð¥¤¥À¤Î¼ÂÁõÊýË¡¤ÇÀâÌÀ¤·¤Æ¤¤¤ë¤è¤¦¤Ë¡¢¥¯¥é¥¤¥¢¥ó¥È¤Ï¥×¥í¥Ð¥¤¥À¤ò¼ÂÁõ¤·¡¢KeystoreSpi¥µ¥Ö¥¯¥é¥¹¤Î¼ÂÁõ¤òÄ󶡤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ç¤Ï¡¢KeyStore¥¯¥é¥¹¤¬Ä󶡤¹¤ëgetInstance¥Õ¥¡¥¯¥È¥ê¡¦¥á¥½¥Ã¥É¤ò»ÈÍѤ¹¤ë¤³¤È¤Ç¡¢ÍÍ¡¹¤Ê¥×¥í¥Ð¥¤¥À¤«¤é°Û¤Ê¤ë¥¿¥¤¥×¤Î¥¡¼¥¹¥È¥¢¤Î¼ÂÁõ¤òÁªÂò¤Ç¤¤Þ¤¹¡£¥¡¼¥¹¥È¥¢¤Î¥¿¥¤¥×¤Ï¡¢¥¡¼¥¹¥È¥¢¾ðÊó¤Î³ÊǼ·Á¼°¤È¥Ç¡¼¥¿·Á¼°¤òÄêµÁ¤¹¤ë¤È¤È¤â¤Ë¡¢¥¡¼¥¹¥È¥¢Æâ¤ÎÈó¸ø³«/ÈëÌ©¸°¤È¥¡¼¥¹¥È¥¢¤ÎÀ°¹çÀ¤òÊݸ¤ë¤¿¤á¤Ë»ÈÍѤµ¤ì¤ë¥¢¥ë¥´¥ê¥º¥à¤òÄêµÁ¤·¤Þ¤¹¡£°Û¤Ê¤ë¥¿¥¤¥×¤Î¥¡¼¥¹¥È¥¢¤Î¼ÂÁõ¤Ë¤Ï¡¢¸ß´¹À¤Ï¤¢¤ê¤Þ¤»¤ó¡£
keytool¥³¥Þ¥ó¥É¤Ï¡¢Ç¤°Õ¤Î¥Õ¥¡¥¤¥ë¥Ù¡¼¥¹¤Î¥¡¼¥¹¥È¥¢¼ÂÁõ¤ÇÆ°ºî¤·¤Þ¤¹¡£¥³¥Þ¥ó¥É¹Ô¤ÇÅϤµ¤ì¤¿¥¡¼¥¹¥È¥¢¤Î¾ì½ê¤ò¥Õ¥¡¥¤¥ë̾¤È¤·¤Æ°·¤Ã¤Æ¡¢FileInputStream¤ËÊÑ´¹¤·¡¢¤³¤³¤«¤é¥¡¼¥¹¥È¥¢¾ðÊó¤ò¥í¡¼¥É¤·¤Þ¤¹¡£jarsigner¤ª¤è¤Ópolicytool¥³¥Þ¥ó¥É¤Ï¡¢URL¤Ç»ØÄê¤Ç¤¤ëǤ°Õ¤Î¾ì½ê¤«¤é¥¡¼¥¹¥È¥¢¤òÆɤ߼è¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£
keytool¤Èjarsigner¤Î¾ì¹ç¡¢-storetype¥ª¥×¥·¥ç¥ó¤ò»ÈÍѤ·¤Æ¥³¥Þ¥ó¥É¹Ô¤Ç¥¡¼¥¹¥È¥¢¤Î¥¿¥¤¥×¤ò»ØÄê¤Ç¤¤Þ¤¹¡£Policy Tool¤Î¾ì¹ç¤Ï¡¢¡Ö¥¡¼¥¹¥È¥¢¡×¥á¥Ë¥å¡¼¤Ë¤è¤Ã¤Æ¥¡¼¥¹¥È¥¢¤Î¥¿¥¤¥×¤ò»ØÄê¤Ç¤¤Þ¤¹¡£
¥æ¡¼¥¶¡¼¤¬¥¡¼¥¹¥È¥¢¤Î¥¿¥¤¥×¤òÌÀ¼¨Åª¤Ë»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¡¢¥»¥¥å¥ê¥Æ¥£¡¦¥×¥í¥Ñ¥Æ¥£¡¦¥Õ¥¡¥¤¥ë¤Ç»ØÄꤵ¤ì¤¿keystore.type¥×¥í¥Ñ¥Æ¥£¤ÎÃͤ˴ð¤Å¤¤¤Æ¡¢¥Ä¡¼¥ë¤Ë¤è¤Ã¤Æ¥¡¼¥¹¥È¥¢¤Î¼ÂÁõ¤¬ÁªÂò¤µ¤ì¤Þ¤¹¡£¤³¤Î¥»¥¥å¥ê¥Æ¥£¡¦¥×¥í¥Ñ¥Æ¥£¡¦¥Õ¥¡¥¤¥ë¤Ïjava.security¤È¸Æ¤Ð¤ì¡¢Windows¤Ç¤Ï¥»¥¥å¥ê¥Æ¥£¡¦¥×¥í¥Ñ¥Æ¥£¡¦¥Ç¥£¥ì¥¯¥È¥êjava.home\lib\security¡¢Oracle Solaris¤Ç¤Ïjava.home/lib/security¤Ë¤¢¤ê¤Þ¤¹¡£java.home¤Ï¡¢¼Â¹Ô»þ´Ä¶¤Î¥Ç¥£¥ì¥¯¥È¥ê¤Ç¤¹¡£jre¥Ç¥£¥ì¥¯¥È¥ê¤Ï¡¢SDK¤Þ¤¿¤ÏJava Runtime Environment (JRE)¤ÎºÇ¾å°Ì¤Î¥Ç¥£¥ì¥¯¥È¥ê¤Ë¤¢¤ê¤Þ¤¹¡£
³Æ¥Ä¡¼¥ë¤Ï¡¢keystore.type¤ÎÃͤò¼èÆÀ¤·¡¢¤³¤ÎÃͤǻØÄꤵ¤ì¤¿¥¿¥¤¥×¤Î¥¡¼¥¹¥È¥¢¤ò¼ÂÁõ¤·¤Æ¤¤¤ë¥×¥í¥Ð¥¤¥À¤¬¸«¤Ä¤«¤ë¤Þ¤Ç¡¢¸½ºß¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Æ¤¤¤ë¤¹¤Ù¤Æ¤Î¥×¥í¥Ð¥¤¥À¤òÄ´¤Ù¤Þ¤¹¡£¤½¤Î¥×¥í¥Ð¥¤¥À¤«¤é¤Î¥¡¼¥¹¥È¥¢¤Î¼ÂÁõ¤ò»ÈÍѤ·¤Þ¤¹¡£KeyStore¥¯¥é¥¹¤ËÄêµÁ¤µ¤ì¤Æ¤¤¤ëstatic¥á¥½¥Ã¥ÉgetDefaultType¤ò»ÈÍѤ¹¤ë¤È¡¢¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ä¥¢¥×¥ì¥Ã¥È¤«¤ékeystore.type¥×¥í¥Ñ¥Æ¥£¤ÎÃͤò¼èÆÀ¤Ç¤¤Þ¤¹¡£¼¡¤Î¥³¡¼¥É¤Ï¡¢¥Ç¥Õ¥©¥ë¥È¤Î¥¡¼¥¹¥È¥¢¡¦¥¿¥¤¥×(keystore.type¥×¥í¥Ñ¥Æ¥£¤Ç»ØÄꤵ¤ì¤¿¥¿¥¤¥×)¤Î¥¤¥ó¥¹¥¿¥ó¥¹¤òÀ¸À®¤·¤Þ¤¹¡£
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.type=jks
keystore.type=pkcs12
¾ÚÌÀ½ñ
¸ø³«¸°: ¸ø³«¸°¤Ï¡¢ÆÃÄê¤Î¥¨¥ó¥Æ¥£¥Æ¥£¤Ë´ØÏ¢ÉÕ¤±¤é¤ì¤¿¿ô¤Ç¤¹¡£¸ø³«¸°¤Ï¡¢³ºÅö¤¹¤ë¥¨¥ó¥Æ¥£¥Æ¥£¤È¤Î´Ö¤Ë¿®Íê¤Ç¤¤ë´Ø·¸¤ò»ý¤ÄɬÍפ¬¤¢¤ë¤¹¤Ù¤Æ¤Î¿Í¤ËÂФ·¤Æ¸ø³«¤¹¤ë¤³¤È¤ò°Õ¿Þ¤·¤¿¤â¤Î¤Ç¤¹¡£¸ø³«¸°¤Ï¡¢½ð̾¤ò¸¡¾Ú¤¹¤ë¤Î¤Ë»ÈÍѤµ¤ì¤Þ¤¹¡£
¥Ç¥¸¥¿¥ë½ð̾: ¥Ç¡¼¥¿¤¬¥Ç¥¸¥¿¥ë½ð̾¤µ¤ì¤ë¤È¡¢¤½¤Î¥Ç¡¼¥¿¤Ï¡¢¥¨¥ó¥Æ¥£¥Æ¥£¤Î¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¤È¡¢¤½¤Î¥¨¥ó¥Æ¥£¥Æ¥£¤¬¥Ç¡¼¥¿¤ÎÆâÍƤˤĤ¤¤ÆÃΤäƤ¤¤ë¤³¤È¤ò¾ÚÌÀ½ñ¤¹¤ë½ð̾¤È¤È¤â¤Ë³ÊǼ¤µ¤ì¤Þ¤¹¡£¥¨¥ó¥Æ¥£¥Æ¥£¤ÎÈëÌ©¸°¤ò»ÈÍѤ·¤Æ¥Ç¡¼¥¿¤Ë½ð̾¤òÉÕ¤±¤ë¤È¡¢¥Ç¡¼¥¿¤Îµ¶Â¤¤ÏÉÔ²Äǽ¤Ë¤Ê¤ê¤Þ¤¹¡£
¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£: ¥¨¥ó¥Æ¥£¥Æ¥£¤ò¥¢¥É¥ì¥¹»ØÄꤹ¤ë´ûÃΤÎÊýË¡¡£¥·¥¹¥Æ¥à¤Ë¤è¤Ã¤Æ¤Ï¡¢¸ø³«¸°¤ò¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¤Ë¤¹¤ë¤â¤Î¤¬¤¢¤ê¤Þ¤¹¡£¸ø³«¸°¤Î¾¤Ë¤â¡¢Oracle Solaris UID¤äÅŻҥ᡼¥ë¡¦¥¢¥É¥ì¥¹¡¢X.509¼±ÊÌ̾¤Ê¤É¡¢ÍÍ¡¹¤Ê¤â¤Î¤ò¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¤È¤¹¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£
½ð̾: ½ð̾¤Ï¡¢¤Ê¤ó¤é¤«¤Î¥Ç¡¼¥¿¤ò´ð¤Ë¥¨¥ó¥Æ¥£¥Æ¥£¤ÎÈëÌ©¸°¤ò»ÈÍѤ·¤Æ·×»»¤µ¤ì¤Þ¤¹¡£½ð̾¼Ô¡¢¾ÚÌÀ½ñ¤Î¾ì¹ç¤Ïȯ¹Ô¼Ô¤È¤â¸Æ¤Ð¤ì¤Þ¤¹¡£
ÈëÌ©¸°: ÈëÌ©¸°¤ÏÆÃÄê¤Î¥¨¥ó¥Æ¥£¥Æ¥£¤Î¤ß¤¬ÃΤäƤ¤¤ë¿ô¤Î¤³¤È¤Ç¡¢¤³¤Î¿ô¤Î¤³¤È¤ò¡¢¤½¤Î¥¨¥ó¥Æ¥£¥Æ¥£¤ÎÈëÌ©¸°¤È¤¤¤¤¤Þ¤¹¡£ÈëÌ©¸°¤Ï¡¢Â¾¤ËÃΤé¤ì¤Ê¤¤¤è¤¦¤ËÈëÌ©¤Ë¤·¤Æ¤ª¤¯¤³¤È¤¬Á°Äó¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£ÈëÌ©¸°¤È¸ø³«¸°¤Ï¡¢¤¹¤Ù¤Æ¤Î¸ø³«¸°°Å¹æ²½¥·¥¹¥Æ¥à¤ÇÂФˤʤäƸºß¤·¤Æ¤¤¤Þ¤¹¡£DSA¤Ê¤É¤Îŵ·¿Åª¤Ê¸ø³«¸°°Å¹æ²½¥·¥¹¥Æ¥à¤Î¾ì¹ç¡¢1¤Ä¤ÎÈëÌ©¸°¤ÏÀµ³Î¤Ë1¤Ä¤Î¸ø³«¸°¤ËÂбþ¤·¤Þ¤¹¡£ÈëÌ©¸°¤Ï¡¢½ð̾¤ò·×»»¤¹¤ë¤Î¤Ë»ÈÍѤµ¤ì¤Þ¤¹¡£
¥¨¥ó¥Æ¥£¥Æ¥£: ¥¨¥ó¥Æ¥£¥Æ¥£¤Ï¡¢¿Í¡¢ÁÈ¿¥¡¢¥×¥í¥°¥é¥à¡¢¥³¥ó¥Ô¥å¡¼¥¿¡¢´ë¶È¡¢¶ä¹Ô¤Ê¤É¡¢°ìÄê¤ÎÅٹ礤¤Ç¿®Íê¤ÎÂоݤȤʤëÍÍ¡¹¤Ê¤â¤Î¤ò»Ø¤·¤Þ¤¹¡£
¸ø³«¸°°Å¹æ²½¤Ç¤Ï¡¢¥æ¡¼¥¶¡¼¤Î¸ø³«¸°¤Ë¥¢¥¯¥»¥¹¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£Â絬ÌϤʥͥåȥ¥¯´Ä¶¤Ç¤Ï¡¢¸ß¤¤¤ËÄÌ¿®¤·¤Æ¤¤¤ë¥¨¥ó¥Æ¥£¥Æ¥£´Ö¤Ç°ÊÁ°¤Î´Ø·¸¤¬°ú³¤³ÎΩ¤µ¤ì¤Æ¤¤¤ë¤È²¾Äꤷ¤¿¤ê¡¢»ÈÍѤµ¤ì¤Æ¤¤¤ë¤¹¤Ù¤Æ¤Î¸ø³«¸°¤ò¼ý¤á¤¿¿®Íê¤Ç¤¤ë¥ê¥Ý¥¸¥È¥ê¤¬Â¸ºß¤¹¤ë¤È²¾Äꤷ¤¿¤ê¤¹¤ë¤³¤È¤ÏÉÔ²Äǽ¤Ç¤¹¡£¤³¤Î¤è¤¦¤Ê¸ø³«¸°¤ÎÇÛÉۤ˴ؤ¹¤ëÌäÂê¤ò²ò·è¤¹¤ë¤¿¤á¤Ë¾ÚÌÀ½ñ¤¬¹Í°Æ¤µ¤ì¤Þ¤·¤¿¡£¸½ºß¤Ç¤Ï¡¢Ç§¾Ú¶É(CA)¤¬¿®Íê¤Ç¤¤ëÂè»°¼Ô¤È¤·¤Æµ¡Ç½¤·¤Þ¤¹¡£CA¤Ï¡¢Â¾¤Î¥¨¥ó¥Æ¥£¥Æ¥£¤Î¾ÚÌÀ½ñ¤Ë½ð̾¤¹¤ë(ȯ¹Ô¤¹¤ë)¹Ô°Ù¤ò¡¢¿®Íꤷ¤ÆǤ¤µ¤ì¤Æ¤¤¤ë¥¨¥ó¥Æ¥£¥Æ¥£(´ë¶È¤Ê¤É)¤Ç¤¹¡£CA¤ÏˡΧ¾å¤Î·ÀÌó¤Ë¹´Â«¤µ¤ì¤ë¤Î¤Ç¡¢Í¸ú¤«¤Ä¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¤Î¤ß¤òºîÀ®¤¹¤ë¤â¤Î¤È¤·¤Æ°·¤ï¤ì¤Þ¤¹¡£VeriSign¡¢Thawte¡¢Entrust¤ò¤Ï¤¸¤á¡¢Â¿¤¯¤Î¸øŪ¤Êǧ¾Ú¶É¤¬Â¸ºß¤·¤Þ¤¹¡£
Microsoft¤Îǧ¾Ú¥µ¡¼¥Ð¡¼¡¢Entrust¤ÎCAÀ½Éʤʤɤò½ê°ÁÈ¿¥Æâ¤ÇÍøÍѤ¹¤ì¤Ð¡¢Æȼ«¤Îǧ¾Ú¶É¤ò±¿±Ä¤¹¤ë¤³¤È¤â²Äǽ¤Ç¤¹¡£keytool¥³¥Þ¥ó¥É¤ò»ÈÍѤ¹¤ë¤È¡¢¾ÚÌÀ½ñ¤Îɽ¼¨¡¢¥¤¥ó¥Ý¡¼¥È¤ª¤è¤Ó¥¨¥¯¥¹¥Ý¡¼¥È¤ò¹Ô¤¦¤³¤È¤¬¤Ç¤¤Þ¤¹¡£¤Þ¤¿¡¢¼«¸Ê½ð̾¾ÚÌÀ½ñ¤òÀ¸À®¤¹¤ë¤³¤È¤â¤Ç¤¤Þ¤¹¡£
¸½ºß¡¢keytool¥³¥Þ¥ó¥É¤ÏX.509¾ÚÌÀ½ñ¤òÂоݤˤ·¤Æ¤¤¤Þ¤¹¡£
X.509¾ÚÌÀ½ñ
¤¹¤Ù¤Æ¤ÎX.509¾ÚÌÀ½ñ¤Ï¡¢½ð̾¤Î¾¤Ë¼¡¤Î¥Ç¡¼¥¿¤ò´Þ¤ó¤Ç¤¤¤Þ¤¹¡£
¥Ð¡¼¥¸¥ç¥ó: ¾ÚÌÀ½ñ¤ËŬÍѤµ¤ì¤ëX.509µ¬³Ê¤Î¥Ð¡¼¥¸¥ç¥ó¤òÆÃÄꤷ¤Þ¤¹¡£¾ÚÌÀ½ñ¤Ë»ØÄê¤Ç¤¤ë¾ðÊó¤Ï¡¢¥Ð¡¼¥¸¥ç¥ó¤Ë¤è¤Ã¤Æ°Û¤Ê¤ê¤Þ¤¹¡£º£¤Î¤È¤³¤í¡¢3¤Ä¤Î¥Ð¡¼¥¸¥ç¥ó¤¬ÄêµÁ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£keytool¥³¥Þ¥ó¥É¤Ç¤Ï¡¢v1¡¢v2¡¢v3¤Î¾ÚÌÀ½ñ¤ò¥¤¥ó¥Ý¡¼¥È¤ª¤è¤Ó¥¨¥¯¥¹¥Ý¡¼¥È¤Ç¤¤Þ¤¹¡£v3¤Î¾ÚÌÀ½ñ¤òÀ¸À®¤·¤Þ¤¹¡£
X.509 Version 1¤Ï¡¢1988ǯ¤«¤éÍøÍѤµ¤ì¤Æ¹¤¯ÉáµÚ¤·¤Æ¤ª¤ê¡¢ºÇ¤â°ìÈÌŪ¤Ç¤¹¡£
X.509 Version 2¤Ç¤Ï¡¢Subject¤äȯ¹Ô¼Ô¤Î̾Á°¤ò¤¢¤È¤ÇºÆÍøÍѤǤ¤ë¤è¤¦¤Ë¤¹¤ë¤¿¤á¤Ë¡¢Subject¤Èȯ¹Ô¼Ô¤Î°ì°Õ¼±Ê̻ҤγµÇ°¤¬Æ³Æþ¤µ¤ì¤Þ¤·¤¿¡£¤Û¤È¤ó¤É¤Î¾ÚÌÀ½ñ¥×¥í¥Õ¥¡¥¤¥ëʸ½ñ¤Ç¤Ï¡¢Ì¾Á°¤òºÆ»ÈÍѤ·¤Ê¤¤¤³¤È¤È¡¢¾ÚÌÀ½ñ¤Ç°ì°Õ¤Î¼±Ê̻Ҥò»ÈÍѤ·¤Ê¤¤¤³¤È¤¬¡¢¶¯¤¯¿ä¾©¤µ¤ì¤Æ¤¤¤Þ¤¹¡£Version 2¤Î¾ÚÌÀ½ñ¤Ï¡¢¹¤¯¤Ï»ÈÍѤµ¤ì¤Æ¤¤¤Þ¤»¤ó¡£
X.509 Version 3¤ÏºÇ¤â¿·¤·¤¤(1996ǯ)µ¬³Ê¤Ç¡¢¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤Î³µÇ°¤ò¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Þ¤¹¡£¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤Ïï¤Ç¤âÄêµÁ¤¹¤ë¤³¤È¤¬¤Ç¤¡¢¾ÚÌÀ½ñ¤Ë´Þ¤á¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£°ìÈÌŪ¤Ê¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤È¤·¤Æ¤Ï¡¢KeyUsage(½ð̾ÀìÍѤʤɡ¢¸°¤Î»ÈÍѤòÆÃÄê¤ÎÌÜŪ¤ËÀ©¸Â¤¹¤ë)¡¢AlternativeNames(DNS̾¡¢ÅŻҥ᡼¥ë¡¦¥¢¥É¥ì¥¹¡¢IP¥¢¥É¥ì¥¹¤Ê¤É¡¢Â¾¤Î¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¤ò¸ø³«¸°¤Ë´ØÏ¢ÉÕ¤±¤ë¤³¤È¤¬¤Ç¤¤ë)¤Ê¤É¤¬¤¢¤ê¤Þ¤¹¡£¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤Ë¤Ï¡¢critical¤È¤¤¤¦¥Þ¡¼¥¯¤òÉÕ¤±¤Æ¡¢¤½¤Î¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤Î¥Á¥§¥Ã¥¯¤È»ÈÍѤòµÁ̳¤Å¤±¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢critical¤È¥Þ¡¼¥¯¤µ¤ì¡¢keyCertSign¤¬ÀßÄꤵ¤ì¤¿KeyUsage¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤¬¾ÚÌÀ½ñ¤Ë´Þ¤Þ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢¤³¤Î¾ÚÌÀ½ñ¤òSSLÄÌ¿®Ãæ¤ËÄ󼨤¹¤ë¤È¡¢¾ÚÌÀ½ñ¤¬µñÈݤµ¤ì¤Þ¤¹¡£¤³¤ì¤Ï¡¢¾ÚÌÀ½ñ¤Î¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤Ë¤è¤Ã¤Æ¡¢´ØÏ¢¤¹¤ëÈëÌ©¸°¤¬¾ÚÌÀ½ñ¤Î½ð̾ÀìÍѤȤ·¤Æ»ØÄꤵ¤ì¤Æ¤ª¤ê¡¢SSL¤Ç¤Ï»ÈÍѤǤ¤Ê¤¤¤¿¤á¤Ç¤¹¡£
¥·¥ê¥¢¥ëÈÖ¹æ: ¾ÚÌÀ½ñ¤òºîÀ®¤·¤¿¥¨¥ó¥Æ¥£¥Æ¥£¤Ï¡¢¤½¤Î¥¨¥ó¥Æ¥£¥Æ¥£¤¬È¯¹Ô¤¹¤ë¾¤Î¾ÚÌÀ½ñ¤È¶èÊ̤¹¤ë¤¿¤á¤Ë¡¢¾ÚÌÀ½ñ¤Ë¥·¥ê¥¢¥ëÈÖ¹æ¤ò³ä¤êÅö¤Æ¤Þ¤¹¡£¤³¤Î¾ðÊó¤Ï¡¢ÍÍ¡¹¤ÊÊýË¡¤Ç»ÈÍѤµ¤ì¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢¾ÚÌÀ½ñ¤¬¼è¤ê¾Ã¤µ¤ì¤ë¤È¡¢¥·¥ê¥¢¥ëÈֹ椬¾ÚÌÀ½ñ¼º¸ú¥ê¥¹¥È(CRL)¤Ë³ÊǼ¤µ¤ì¤Þ¤¹¡£
¾ÚÌÀ½ñ¥¢¥ë¥´¥ê¥º¥à¼±ÊÌ»Ò: ¾ÚÌÀ½ñ¤Ë½ð̾¤òÉÕ¤±¤ë¤È¤¤ËCA¤¬»ÈÍѤ·¤¿¥¢¥ë¥´¥ê¥º¥à¤òÆÃÄꤷ¤Þ¤¹¡£
ȯ¹Ô¼Ô̾: ¾ÚÌÀ½ñ¤Ë½ð̾¤òÉÕ¤±¤¿¥¨¥ó¥Æ¥£¥Æ¥£¤ÎX.500¼±ÊÌ̾¤Ç¤¹¡£X.500¼±ÊÌ̾¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£Ä̾ï¤ÏCA¤Ç¤¹¡£¤³¤Î¾ÚÌÀ½ñ¤ò»ÈÍѤ¹¤ë¤³¤È¤Ï¡¢¾ÚÌÀ½ñ¤Ë½ð̾¤òÉÕ¤±¤¿¥¨¥ó¥Æ¥£¥Æ¥£¤ò¿®Íꤹ¤ë¤³¤È¤ò°ÕÌ£¤·¤Þ¤¹¡£¥ë¡¼¥È¤Ä¤Þ¤ê¥È¥Ã¥×¥ì¥Ù¥ë¤ÎCA¤Î¾ÚÌÀ½ñ¤Ê¤É¡¢¾ì¹ç¤Ë¤è¤Ã¤Æ¤Ïȯ¹Ô¼Ô¤¬¼«¿È¤Î¾ÚÌÀ½ñ¤Ë½ð̾¤òÉÕ¤±¤ë¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£
͸ú´ü´Ö: ³Æ¾ÚÌÀ½ñ¤Ï¸Â¤é¤ì¤¿´ü´Ö¤Î¤ß͸ú¤Ç¤¹¡£¤³¤Î´ü´Ö¤Ï³«»Ï¤ÎÆü»þ¤È½ªÎ»¤ÎÆü»þ¤Ë¤è¤Ã¤Æ»ØÄꤵ¤ì¡¢¿ôÉäÎû¤¤´ü´Ö¤«¤é100ǯ¤È¤¤¤¦Ä¹´ü¤Ë¤ï¤¿¤ë¤³¤È¤â¤¢¤ê¤Þ¤¹¡£ÁªÂò¤µ¤ì¤ë͸ú´ü´Ö¤Ï¡¢¾ÚÌÀ½ñ¤Ø¤Î½ð̾¤Ë»ÈÍѤµ¤ì¤ëÈëÌ©¸°¤Î¶¯ÅÙ¤ä¾ÚÌÀ½ñ¤Ë»Ùʧ¤¦¶â³Û¤Ê¤É¡¢ÍÍ¡¹¤ÊÍ×°ø¤Ç°Û¤Ê¤ê¤Þ¤¹¡£Í¸ú´ü´Ö¤Ï¡¢´ØÏ¢¤¹¤ëÈëÌ©¸°¤¬Â»¤ï¤ì¤Ê¤¤¾ì¹ç¤Ë¡¢¥¨¥ó¥Æ¥£¥Æ¥£¤¬¸ø³«¸°¤ò¿®Íê¤Ç¤¤ë¤È´üÂÔ¤µ¤ì¤ë´ü´Ö¤Ç¤¹¡£
¼çÂÎ̾: ¾ÚÌÀ½ñ¤Ç¸ø³«¸°¤òǧ¾Ú¤¹¤ë¥¨¥ó¥Æ¥£¥Æ¥£¤Î̾Á°¡£¤³¤Î̾Á°¤ÏX.500ɸ½à¤ò»ÈÍѤ¹¤ë¤Î¤Ç¡¢¥¤¥ó¥¿¡¼¥Í¥Ã¥ÈÁ´ÂΤǰì°Õ¤Ê¤â¤Î¤ÈÁÛÄꤵ¤ì¤Þ¤¹¡£¤³¤ì¤Ï¡¢¥¨¥ó¥Æ¥£¥Æ¥£¤ÎX.500¼±ÊÌ̾(DN)¤Ç¤¹¡£X.500¼±ÊÌ̾¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£¼¡¤ËÎã¤ò¼¨¤·¤Þ¤¹¡£
CN=Java Duke, OU=Java Software Division, O=Oracle Corporation, C=US
¼çÂΤθø³«¸°¾ðÊó: ̾Á°¤òÉÕ¤±¤é¤ì¤¿¥¨¥ó¥Æ¥£¥Æ¥£¤Î¸ø³«¸°¤È¥¢¥ë¥´¥ê¥º¥à¼±Ê̻ҤǤ¹¡£¥¢¥ë¥´¥ê¥º¥à¼±Ê̻ҤǤϡ¢¸ø³«¸°¤ËÂФ·¤Æ»ÈÍѤµ¤ì¤Æ¤¤¤ë¸ø³«¸°°Å¹æ²½¥·¥¹¥Æ¥à¤ª¤è¤Ó´ØÏ¢¤¹¤ë¸°¥Ñ¥é¥á¡¼¥¿¤¬»ØÄꤵ¤ì¤Æ¤¤¤Þ¤¹¡£
¾ÚÌÀ½ñ¥Á¥§¡¼¥ó
¸°¤ò½é¤á¤ÆºîÀ®¤¹¤ë¤È¡¢¼«¸Ê½ð̾¾ÚÌÀ½ñ¤È¤¤¤¦1¤Ä¤ÎÍ×ÁǤΤߤò´Þ¤à¥Á¥§¡¼¥ó¤¬³«»Ï¤µ¤ì¤Þ¤¹¡£¥³¥Þ¥ó¥É¤Î-genkeypair¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Ïȯ¹Ô¼Ô(½ð̾¼Ô)¤¬¼çÂΤÈƱ¤¸¤Ç¤¹¡£¼çÂΤϡ¢¤½¤Î¸ø³«¸°¤¬¾ÚÌÀ½ñ¤Ë¤è¤Ã¤Æǧ¾Ú¤µ¤ì¤ë¥¨¥ó¥Æ¥£¥Æ¥£¤Ç¤¹¡£-genkeypair¥³¥Þ¥ó¥É¤ò¸Æ¤Ó½Ð¤·¤Æ¿·¤·¤¤¸ø³«¸°¤ÈÈëÌ©¸°¤Î¥Ú¥¢¤òºîÀ®¤¹¤ë¤È¡¢¸ø³«¸°¤Ï¾ï¤Ë¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Ç¥é¥Ã¥×¤µ¤ì¤Þ¤¹¡£
¤³¤Î¸å¡¢¾ÚÌÀ½ñ½ð̾¥ê¥¯¥¨¥¹¥È(CSR)¤¬-certreq¥³¥Þ¥ó¥É¤ÇÀ¸À®¤µ¤ì¤Æ¡¢CSR¤¬Ç§¾Ú¶É(CA)¤ËÁ÷¿®¤µ¤ì¤ë¤È¡¢CA¤«¤é¤Î¥ì¥¹¥Ý¥ó¥¹¤¬-importcert¤Ç¥¤¥ó¥Ý¡¼¥È¤µ¤ì¡¢¸µ¤Î¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Ï¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Ë¤è¤Ã¤ÆÃÖ¤´¹¤¨¤é¤ì¤Þ¤¹¡£¤Î-certreq¤ª¤è¤Ó-importcert¥³¥Þ¥ó¥É¥ª¥×¥·¥ç¥ó¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£¥Á¥§¡¼¥ó¤ÎºÇ¸å¤Ë¤¢¤ë¤Î¤Ï¡¢Subject¤Î¸ø³«¸°¤òǧ¾Ú¤·¤¿CA¤¬È¯¹Ô¤·¤¿¾ÚÌÀ½ñ(±þÅú)¤Ç¤¹¡£¥Á¥§¡¼¥óÆâ¤Î¤½¤ÎÁ°¤Î¾ÚÌÀ½ñ¤Ï¡¢CA¤Î¸ø³«¸°¤òǧ¾Ú¤¹¤ë¾ÚÌÀ½ñ¤Ç¤¹¡£
CA¤Î¸ø³«¸°¤òǧ¾Ú¤¹¤ë¾ÚÌÀ½ñ¤Ï¡¢Â¿¤¯¤Î¾ì¹ç¡¢¼«¸Ê½ð̾¾ÚÌÀ½ñ(¤Ä¤Þ¤êCA¤¬¼«¿È¤Î¸ø³«¸°¤òǧ¾Ú¤·¤¿¾ÚÌÀ½ñ)¤Ç¤¢¤ê¡¢¤³¤ì¤Ï¥Á¥§¡¼¥ó¤ÎºÇ½é¤Î¾ÚÌÀ½ñ¤Ë¤Ê¤ê¤Þ¤¹¡£¾ì¹ç¤Ë¤è¤Ã¤Æ¤Ï¡¢CA¤¬¾ÚÌÀ½ñ¤Î¥Á¥§¡¼¥ó¤òÊÖ¤¹¤³¤È¤â¤¢¤ê¤Þ¤¹¡£¤³¤Î¾ì¹ç¡¢¥Á¥§¡¼¥óÆâ¤ÎºÇ¸å¤Î¾ÚÌÀ½ñ(CA¤Ë¤è¤Ã¤Æ½ð̾¤µ¤ì¡¢¸°¥¨¥ó¥È¥ê¤Î¸ø³«¸°¤òǧ¾Ú¤¹¤ë¾ÚÌÀ½ñ)¤ËÊѤï¤ê¤Ï¤¢¤ê¤Þ¤»¤ó¤¬¡¢¥Á¥§¡¼¥óÆâ¤Î¤½¤ÎÁ°¤Î¾ÚÌÀ½ñ¤Ï¡¢CSR¤ÎÁ÷¿®Àè¤ÎCA¤È¤ÏÊ̤ÎCA¤Ë¤è¤Ã¤Æ½ð̾¤µ¤ì¡¢CSR¤ÎÁ÷¿®Àè¤ÎCA¤Î¸ø³«¸°¤òǧ¾Ú¤¹¤ë¾ÚÌÀ½ñ¤Ë¤Ê¤ê¤Þ¤¹¡£¥Á¥§¡¼¥óÆâ¤Î¤½¤ÎÁ°¤Î¾ÚÌÀ½ñ¤Ï¡¢¼¡¤ÎCA¤Î¸°¤òǧ¾Ú¤¹¤ë¾ÚÌÀ½ñ¤Ë¤Ê¤ê¤Þ¤¹¡£°Ê²¼Æ±Íͤˡ¢¼«¸Ê½ð̾¤µ¤ì¤¿¡Ö¥ë¡¼¥È¡×¾ÚÌÀ½ñ¤Ë㤹¤ë¤Þ¤Ç¥Á¥§¡¼¥ó¤¬Â³¤¤Þ¤¹¡£¤·¤¿¤¬¤Ã¤Æ¡¢¥Á¥§¡¼¥óÆâ¤Î(ºÇ½é¤Î¾ÚÌÀ½ñ°Ê¸å¤Î)³Æ¾ÚÌÀ½ñ¤Ç¤Ï¡¢¥Á¥§¡¼¥óÆâ¤Î¼¡¤Î¾ÚÌÀ½ñ¤Î½ð̾¼Ô¤Î¸ø³«¸°¤¬Ç§¾Ú¤µ¤ì¤Æ¤¤¤ë¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£
¿¤¯¤ÎCA¤Ï¡¢¥Á¥§¡¼¥ó¤ò¥µ¥Ý¡¼¥È¤»¤º¤Ëȯ¹ÔºÑ¤Î¾ÚÌÀ½ñ¤Î¤ß¤òÊÖ¤·¤Þ¤¹¡£Æäˡ¢Ãæ´Ö¤ÎCA¤¬Â¸ºß¤·¤Ê¤¤¥Õ¥é¥Ã¥È¤Ê³¬Áع½Â¤¤Î¾ì¹ç¤Ï¡¢¤½¤Î·¹¸þ¤¬¸²Ãø¤Ç¤¹¡£¤³¤Î¤è¤¦¤Ê¾ì¹ç¤Ï¡¢¥¡¼¥¹¥È¥¢¤Ë¤¹¤Ç¤Ë³ÊǼ¤µ¤ì¤Æ¤¤¤ë¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¾ðÊ󤫤顢¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤ò³ÎΩ¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
Ê̤αþÅú·Á¼°(PKCS#7¤ÇÄêµÁ¤µ¤ì¤Æ¤¤¤ë·Á¼°)¤Ç¤Ï¡¢È¯¹ÔºÑ¾ÚÌÀ½ñ¤Ë²Ã¤¨¡¢¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Î¥µ¥Ý¡¼¥È¤¬´Þ¤Þ¤ì¤Æ¤¤¤Þ¤¹¡£keytool¥³¥Þ¥ó¥É¤Ç¤Ï¡¢¤É¤Á¤é¤Î±þÅú·Á¼°¤â°·¤¦¤³¤È¤¬¤Ç¤¤Þ¤¹¡£
¥È¥Ã¥×¥ì¥Ù¥ë(¥ë¡¼¥È)CA¤Î¾ÚÌÀ½ñ¤Ï¡¢¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Ç¤¹¡£¤¿¤À¤·¡¢¥ë¡¼¥È¤Î¸ø³«¸°¤Ø¤Î¿®Íê¤Ï¡¢¥ë¡¼¥È¾ÚÌÀ½ñ¼«ÂΤ«¤é¤Ç¤Ï¤Ê¤¯¡¢¿·Ê¹¤Ê¤É¾¤Î¥½¡¼¥¹¤«¤é¼èÆÀ¤µ¤ì¤Þ¤¹¡£¤³¤ì¤Ï¡¢VeriSign¥ë¡¼¥ÈCA¤Ê¤É¤Î¼±ÊÌ̾¤ò»ÈÍѤ·¤Æ¡¢Ã¯¤Ç¤â¼«¸Ê½ð̾·¿¾ÚÌÀ½ñ¤òÀ¸À®¤Ç¤¤ë¤¿¤á¤Ç¤¹¡£¥ë¡¼¥ÈCA¤Î¸ø³«¸°¤Ï¹¤¯ÃΤé¤ì¤Æ¤¤¤Þ¤¹¡£¥ë¡¼¥ÈCA¤Î¸ø³«¸°¤ò¾ÚÌÀ½ñ¤Ë³ÊǼ¤¹¤ëÍýͳ¤Ï¡¢¾ÚÌÀ½ñ¤È¤¤¤¦·Á¼°¤Ë¤¹¤ë¤³¤È¤Ç¿¤¯¤Î¥Ä¡¼¥ë¤«¤éÍøÍѤǤ¤ë¤è¤¦¤Ë¤Ê¤ë¤«¤é¤Ë¤¹¤®¤Þ¤»¤ó¡£¤Ä¤Þ¤ê¡¢¾ÚÌÀ½ñ¤Ï¡¢¥ë¡¼¥ÈCA¤Î¸ø³«¸°¤ò±¿¤Ö¡ÖÇÞÂΡפȤ·¤ÆÍøÍѤµ¤ì¤ë¤Î¤ß¤Ç¤¹¡£¥ë¡¼¥ÈCA¤Î¾ÚÌÀ½ñ¤ò¥¡¼¥¹¥È¥¢¤ËÄɲ乤ë¤È¤¤Ï¡¢-printcert¥ª¥×¥·¥ç¥ó¤ò»ÈÍѤ·¤Æ¡¢¤½¤ÎÁ°¤Ë¾ÚÌÀ½ñ¤ÎÆâÍƤòɽ¼¨¤·¡¢É½¼¨¤µ¤ì¤¿¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤È¡¢¿·Ê¹¤ä¥ë¡¼¥ÈCA¤ÎWeb¥Ú¡¼¥¸¤Ê¤É¤«¤éÆþ¼ê¤·¤¿´ûÃΤΥե£¥ó¥¬¡¼¥×¥ê¥ó¥È¤È¤òÈæ³Ó¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
cacerts¾ÚÌÀ½ñ¥Õ¥¡¥¤¥ë
cacerts¥Õ¥¡¥¤¥ë¤Ï¡¢CA¤Î¾ÚÌÀ½ñ¤ò´Þ¤à¡¢¥·¥¹¥Æ¥àÁ´ÂΤΥ¡¼¥¹¥È¥¢¤Ç¤¹¡£¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ï¡¢¥¡¼¥¹¥È¥¢¡¦¥¿¥¤¥×¤Ëjks¤ò»ØÄꤹ¤ë¤³¤È¤Ç¡¢keytool¥³¥Þ¥ó¥É¤ò»ÈÍѤ·¤Æ¤³¤Î¥Õ¥¡¥¤¥ë¤Î¹½À®¤È´ÉÍý¤ò¹Ô¤¦¤³¤È¤¬¤Ç¤¤Þ¤¹¡£cacerts¥¡¼¥¹¥È¥¢¡¦¥Õ¥¡¥¤¥ë¤Ï¡¢¥ë¡¼¥ÈCA¾ÚÌÀ½ñ¤Î¥Ç¥Õ¥©¥ë¥È¡¦¥»¥Ã¥È¤ò´Þ¤ó¤À¾õÂ֤ǽв٤µ¤ì¤Æ¤¤¤Þ¤¹¡£¥Ç¥Õ¥©¥ë¥È¤Î¾ÚÌÀ½ñ¤ò°ìÍ÷ɽ¼¨¤¹¤ë¤Ë¤Ï¡¢¼¡¤Î¥³¥Þ¥ó¥É¤ò»ÈÍѤ·¤Þ¤¹¡£
keytool -list -keystore java.home/lib/security/cacerts
Ãí°Õ: cacerts¥Õ¥¡¥¤¥ë¤ò³Îǧ¤¹¤ë¤³¤È¤¬½ÅÍפǤ¹¡£cacerts¥Õ¥¡¥¤¥ëÆâ¤ÎCA¤Ï¡¢½ð̾¤ª¤è¤Ó¾¤Î¥¨¥ó¥Æ¥£¥Æ¥£¤Ø¤Î¾ÚÌÀ½ñȯ¹Ô¤Î¤¿¤á¤Î¥¨¥ó¥Æ¥£¥Æ¥£¤È¤·¤Æ¿®Íꤵ¤ì¤ë¤¿¤á¡¢cacerts¥Õ¥¡¥¤¥ë¤Î´ÉÍý¤Ï¿µ½Å¤Ë¹Ô¤¦É¬Íפ¬¤¢¤ê¤Þ¤¹¡£cacerts¥Õ¥¡¥¤¥ë¤Ë¤Ï¡¢¿®Íꤹ¤ëCA¤Î¾ÚÌÀ½ñ¤Î¤ß¤¬´Þ¤Þ¤ì¤Æ¤¤¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¥æ¡¼¥¶¡¼¤Ï¡¢¼«¿È¤ÎÀÕǤ¤Ë¤ª¤¤¤Æ¡¢cacerts¥Õ¥¡¥¤¥ë¤Ë¥Ð¥ó¥É¥ë¤µ¤ì¤Æ¤¤¤ë¿®Íê¤Ç¤¤ë¥ë¡¼¥ÈCA¾ÚÌÀ½ñ¤ò¸¡¾Ú¤·¡¢¿®ÍêÀ¤Ë´Ø¤¹¤ëÆȼ«¤Î·èÄê¤ò¹Ô¤¤¤Þ¤¹¡£
¿®Íê¤Ç¤¤Ê¤¤CA¾ÚÌÀ½ñ¤òcacerts¥Õ¥¡¥¤¥ë¤«¤éºï½ü¤¹¤ë¤Ë¤Ï¡¢keytool¥³¥Þ¥ó¥É¤Îdelete¥ª¥×¥·¥ç¥ó¤ò»ÈÍѤ·¤Þ¤¹¡£cacerts¥Õ¥¡¥¤¥ë¤ÏJRE¤Î¥¤¥ó¥¹¥È¡¼¥ë¡¦¥Ç¥£¥ì¥¯¥È¥ê¤Ë¤¢¤ê¤Þ¤¹¡£¤³¤Î¥Õ¥¡¥¤¥ë¤òÊÔ½¸¤¹¤ë¥¢¥¯¥»¥¹¸¢¤¬¤Ê¤¤¾ì¹ç¤Ï¡¢¥·¥¹¥Æ¥à´ÉÍý¼Ô¤ËÏ¢Íí¤·¤Æ¤¯¤À¤µ¤¤
¥¤¥ó¥¿¡¼¥Í¥Ã¥ÈRFC 1421¾ÚÌÀ½ñÉä¹æ²½µ¬³Ê
-importcert¤È-printcert¥³¥Þ¥ó¥É¤Ç¤Ï¡¢¤³¤Î·Á¼°¤Î¾ÚÌÀ½ñ¤È¥Ð¥¤¥Ê¥êÉä¹æ²½¤Î¾ÚÌÀ½ñ¤òÆɤ߹þ¤à¤³¤È¤¬¤Ç¤¤Þ¤¹¡£-exportcert¥³¥Þ¥ó¥É¤Ç¤Ï¡¢¥Ç¥Õ¥©¥ë¥È¤Ç¥Ð¥¤¥Ê¥êÉä¹æ²½¤Î¾ÚÌÀ½ñ¤¬½ÐÎϤµ¤ì¤Þ¤¹¡£¤¿¤À¤·¡¢-rfc¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤¿¾ì¹ç¤Ï¡¢½ÐÎϲÄǽÉä¹æ²½Êý¼°¤Î¾ÚÌÀ½ñ¤¬½ÐÎϤµ¤ì¤Þ¤¹¡£
-list¥³¥Þ¥ó¥É¤Ç¤Ï¡¢¥Ç¥Õ¥©¥ë¥È¤Ç¾ÚÌÀ½ñ¤ÎSHA1¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤¬½ÐÎϤµ¤ì¤Þ¤¹¡£-v¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢¾ÚÌÀ½ñ¤Ï¿Í¤¬Íý²ò¤Ç¤¤ë·Á¼°¤Ç½ÐÎϤµ¤ì¤Þ¤¹¡£-rfc¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢¾ÚÌÀ½ñ¤Ï½ÐÎϲÄǽÉä¹æ²½Êý¼°¤Ç½ÐÎϤµ¤ì¤Þ¤¹¡£
½ÐÎϲÄǽÉä¹æ²½Êý¼°¤ÇÉä¹æ²½¤µ¤ì¤¿¾ÚÌÀ½ñ¤Ï¡¢¼¡¤Î¥Æ¥¥¹¥È¤Ç»Ï¤Þ¤ê¡¢¼¡¤Î¥Æ¥¥¹¥È¤Ç½ªÎ»¤·¤Þ¤¹¡£
-----BEGIN CERTIFICATE----- encoded certificate goes here. -----END CERTIFICATE-----
X.500¼±ÊÌ̾
commonName: Susan Jones¤Ê¤É¡¢¿Í¤ÎÄ̾Ρ£
organizationUnit: ¾®¤µ¤ÊÁÈ¿¥(Éô¡¢²Ý¤Ê¤É)¤Î̾¾Î¡£Purchasing¤Ê¤É¤Ç¤¹¡£
localityName: ÃÏ°è(ÅÔ»Ô)̾¡£Palo Alto¤Ê¤É¡£
stateName: ½£Ì¾¤Þ¤¿¤ÏÃÏÊý̾¡£California¤Ê¤É¡£
country: 2ʸ»ú¤Î¹ñ¥³¡¼¥É¡£CH¤Ê¤É¡£
¼±ÊÌ̾ʸ»úÎó¤ò-dname¥ª¥×¥·¥ç¥ó¤ÎÃͤȤ·¤Æ»ØÄꤹ¤ë¾ì¹ç(¤¿¤È¤¨¤Ð-genkeypair¥³¥Þ¥ó¥É¤Ë)¡¢Ê¸»úÎó¤Ï¼¡¤Î·Á¼°¤Ë¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
CN=cName, OU=orgUnit, O=org, L=city, S=state, C=countryCode
CN=commonName OU=organizationUnit O=organizationName L=localityName S=stateName C=country
CN=Mark Smith, OU=Java, O=Oracle, L=Cupertino, S=California, C=US
keytool -genkeypair -dname "CN=Mark Smith, OU=Java, O=Oracle, L=Cupertino, S=California, C=US" -alias mark
°ìÊý¡¢¥¡¼¥ï¡¼¥É¤Î»ØÄê½ç½ø¤Ë¤Ï°ÕÌ£¤¬¤¢¤ê¡¢³Æ¥µ¥Ö¥³¥ó¥Ý¡¼¥Í¥ó¥È¤Ï¾å¤Ë¼¨¤·¤¿½ç½ø¤Ç»ØÄꤹ¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¤¿¤À¤·¡¢¥µ¥Ö¥³¥ó¥Ý¡¼¥Í¥ó¥È¤ò¤¹¤Ù¤Æ»ØÄꤹ¤ëɬÍפϤ¢¤ê¤Þ¤»¤ó¡£¤¿¤È¤¨¤Ð¡¢¼¡¤Î¤è¤¦¤Ë°ìÉô¤Î¥µ¥Ö¥³¥ó¥Ý¡¼¥Í¥ó¥È¤Î¤ß¤ò»ØÄê¤Ç¤¤Þ¤¹¡£
CN=Steve Meier, OU=Java, O=Oracle, C=US
cn=Peter Schuster, ou=Java\, Product Development, o=Oracle, c=US
·Ù¹ð
¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¤Î¥¤¥ó¥Ý¡¼¥È·Ù¹ð
½ÅÍ×: ¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¤È¤·¤Æ¾ÚÌÀ½ñ¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ëÁ°¤Ë¡¢¾ÚÌÀ½ñ¤ÎÆâÍƤò¿µ½Å¤ËÄ´¤Ù¤Æ¤¯¤À¤µ¤¤¡£
Windows¤ÎÎã:
¤Þ¤º¡¢-noprompt¥ª¥×¥·¥ç¥ó¤ò»ØÄꤻ¤º¤Ë-printcert¥³¥Þ¥ó¥É¤Þ¤¿¤Ï-importcert¥³¥Þ¥ó¥É¤ò»ÈÍѤ·¤Æ¡¢¾ÚÌÀ½ñ¤òɽ¼¨¤·¤Þ¤¹¡£É½¼¨¤µ¤ì¤¿¾ÚÌÀ½ñ¤Î¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤¬¡¢´üÂÔ¤µ¤ì¤ë¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤È°ìÃפ¹¤ë¤³¤È¤ò³Îǧ¤·¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢¾ÚÌÀ½ñ¤¬Á÷¤é¤ì¤Æ¤¤Æ¡¢¤³¤Î¾ÚÌÀ½ñ¤ò\tmp\cert¤È¤¤¤¦Ì¾Á°¤Ç¥Õ¥¡¥¤¥ë¤Ë³ÊǼ¤·¤Æ¤¤¤ë¤È¤·¤Þ¤¹¡£¤³¤Î¾ì¹ç¤Ï¡¢¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¤Î¥ê¥¹¥È¤Ë¤³¤Î¾ÚÌÀ½ñ¤òÄɲ乤ëÁ°¤Ë¡¢-printcert¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Æ¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤òɽ¼¨¤Ç¤¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢¼¡¤Î¤è¤¦¤Ë¤·¤Þ¤¹¡£
keytool -printcert -file \tmp\cert Owner: CN=ll, OU=ll, O=ll, L=ll, S=ll, C=ll Issuer: CN=ll, OU=ll, O=ll, L=ll, S=ll, C=ll Serial Number: 59092b34 Valid from: Thu Sep 25 18:01:13 PDT 1997 until: Wed Dec 24 17:01:13 PST 1997 Certificate Fingerprints: MD5: 11:81:AD:92:C8:E5:0E:A2:01:2E:D4:7A:D7:5F:07:6F SHA1: 20:B6:17:FA:EF:E5:55:8A:D0:71:1F:E8:D6:9D:C0:37:13:0E:5E:FE SHA256: 90:7B:70:0A:EA:DC:16:79:92:99:41:FF:8A:FE:EB:90: 17:75:E0:90:B2:24:4D:3A:2A:16:A6:E4:11:0F:67:A4
Oracle Solaris¤ÎÎã:
¤Þ¤º¡¢-noprompt¥ª¥×¥·¥ç¥ó¤ò»ØÄꤻ¤º¤Ë-printcert¥³¥Þ¥ó¥É¤Þ¤¿¤Ï-importcert¥³¥Þ¥ó¥É¤ò»ÈÍѤ·¤Æ¡¢¾ÚÌÀ½ñ¤òɽ¼¨¤·¤Þ¤¹¡£É½¼¨¤µ¤ì¤¿¾ÚÌÀ½ñ¤Î¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤¬¡¢´üÂÔ¤µ¤ì¤ë¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤È°ìÃפ¹¤ë¤³¤È¤ò³Îǧ¤·¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢¤¢¤ë¥æ¡¼¥¶¡¼¤«¤é¾ÚÌÀ½ñ¤¬Á÷¤é¤ì¤Æ¤¤Æ¡¢¤³¤Î¾ÚÌÀ½ñ¤ò/tmp/cert¤È¤¤¤¦Ì¾Á°¤Ç¥Õ¥¡¥¤¥ë¤Ë³ÊǼ¤·¤Æ¤¤¤ë¤È¤·¤Þ¤¹¡£¤³¤Î¾ì¹ç¤Ï¡¢¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¤Î¥ê¥¹¥È¤Ë¤³¤Î¾ÚÌÀ½ñ¤òÄɲ乤ëÁ°¤Ë¡¢-printcert¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Æ¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤òɽ¼¨¤Ç¤¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢¼¡¤Î¤è¤¦¤Ë¤·¤Þ¤¹¡£
keytool -printcert -file /tmp/cert Owner: CN=ll, OU=ll, O=ll, L=ll, S=ll, C=ll Issuer: CN=ll, OU=ll, O=ll, L=ll, S=ll, C=ll Serial Number: 59092b34 Valid from: Thu Sep 25 18:01:13 PDT 1997 until: Wed Dec 24 17:01:13 PST 1997 Certificate Fingerprints: MD5: 11:81:AD:92:C8:E5:0E:A2:01:2E:D4:7A:D7:5F:07:6F SHA1: 20:B6:17:FA:EF:E5:55:8A:D0:71:1F:E8:D6:9D:C0:37:13:0E:5E:FE SHA256: 90:7B:70:0A:EA:DC:16:79:92:99:41:FF:8A:FE:EB:90: 17:75:E0:90:B2:24:4D:3A:2A:16:A6:E4:11:0F:67:A4
¼¡¤Ë¡¢¾ÚÌÀ½ñ¤òÁ÷¿®¤·¤¿¿Íʪ¤ËÏ¢Íí¤·¡¢¤³¤Î¿Íʪ¤¬Ä󼨤·¤¿¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤È¡¢¾å¤Î¥³¥Þ¥ó¥É¤Çɽ¼¨¤µ¤ì¤¿¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤È¤òÈæ³Ó¤·¤Þ¤¹¡£¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤¬°ìÃפ¹¤ì¤Ð¡¢Á÷¿®ÅÓÃæ¤Ç¾¤Î²¿¼Ô¤«(¹¶·â¼Ô¤Ê¤É)¤Ë¤è¤ë¾ÚÌÀ½ñ¤Î¤¹¤êÂؤ¨¤¬¹Ô¤ï¤ì¤Æ¤¤¤Ê¤¤¤³¤È¤ò³Îǧ¤Ç¤¤Þ¤¹¡£Á÷¿®ÅÓÃæ¤Ç¤³¤Î¼ï¤Î¹¶·â¤¬¹Ô¤ï¤ì¤Æ¤¤¤¿¾ì¹ç¡¢¥Á¥§¥Ã¥¯¤ò¹Ô¤ï¤º¤Ë¾ÚÌÀ½ñ¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ë¤È¡¢¹¶·â¼Ô¤Ë¤è¤Ã¤Æ½ð̾¤µ¤ì¤¿¤¹¤Ù¤Æ¤Î¤â¤Î(¹¶·âŪ°Õ¿Þ¤ò»ý¤Ä¥¯¥é¥¹¡¦¥Õ¥¡¥¤¥ë¤ò´Þ¤ó¤ÀJAR¥Õ¥¡¥¤¥ë¤Ê¤É)¤ò¿®Íꤹ¤ë¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£
Ãí°Õ: ¾ÚÌÀ½ñ¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ëÁ°¤Ë-printcert¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ëɬÍפϤ¢¤ê¤Þ¤»¤ó¡£¥¡¼¥¹¥È¥¢Æâ¤Î¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¤Î¥ê¥¹¥È¤Ë¾ÚÌÀ½ñ¤òÄɲ乤ëÁ°¤Ë¡¢-importcert¥³¥Þ¥ó¥É¤Ë¤è¤Ã¤Æ¾ÚÌÀ½ñ¤Î¾ðÊó¤¬É½¼¨¤µ¤ì¡¢³Îǧ¤òµá¤á¤ë¥á¥Ã¥»¡¼¥¸¤¬É½¼¨¤µ¤ì¤ë¤¿¤á¤Ç¤¹¡£¥æ¡¼¥¶¡¼¤Ï¥¤¥ó¥Ý¡¼¥ÈÁàºî¤òÄä»ß¤Ç¤¤Þ¤¹¡£¤¿¤À¤·¡¢¤³¤ì¤ò¼Â¹Ô¤Ç¤¤ë¤Î¤Ï¡¢-noprompt¥ª¥×¥·¥ç¥ó¤ò»ØÄꤻ¤º¤Ë-importcert¥³¥Þ¥ó¥É¤ò¸Æ¤Ó½Ð¤¹¾ì¹ç¤Î¤ß¤Ç¤¹¡£-noprompt¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢¥æ¡¼¥¶¡¼¤È¤ÎÂÐÏäϹԤï¤ì¤Þ¤»¤ó¡£
¥Ñ¥¹¥ï¡¼¥É·Ù¹ð
¥¡¼¥¹¥È¥¢¤ËÂФ¹¤ëÁàºî¤ò¹Ô¤¦¤Û¤È¤ó¤É¤Î¥³¥Þ¥ó¥É¤Ç¤Ï¡¢¥¹¥È¥¢¤Î¥Ñ¥¹¥ï¡¼¥É¤¬É¬ÍפǤ¹¡£¤Þ¤¿¡¢°ìÉô¤Î¥³¥Þ¥ó¥É¤Ç¤Ï¡¢Èó¸ø³«/ÈëÌ©¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤¬É¬Íפˤʤ뤳¤È¤¬¤¢¤ê¤Þ¤¹¡£¥Ñ¥¹¥ï¡¼¥É¤Ï¥³¥Þ¥ó¥É¹Ô¤Ç»ØÄê¤Ç¤¤Þ¤¹(-storepass¥ª¥×¥·¥ç¥ó¤È-keypass¥ª¥×¥·¥ç¥ó¤ò»ÈÍÑ)¡£¤¿¤À¤·¡¢¥Æ¥¹¥ÈÌÜŪ¤Î¾ì¹ç¡¢¤Þ¤¿¤Ï¥»¥¥å¥¢¤Ê¥·¥¹¥Æ¥à¤ò»ÈÍѤ·¤Æ¤¤¤ë¾ì¹ç°Ê³°¤Ï¡¢¥³¥Þ¥ó¥É¹Ô¤ä¥¹¥¯¥ê¥×¥È¤Ç¥Ñ¥¹¥ï¡¼¥É¤ò»ØÄꤷ¤Ê¤¤¤Ç¤¯¤À¤µ¤¤¡£É¬Íפʥѥ¹¥ï¡¼¥É¤Î¥ª¥×¥·¥ç¥ó¤ò¥³¥Þ¥ó¥É¹Ô¤Ç»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï¡¢¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£
¾ÚÌÀ½ñ¤Î½àµò¤Ë´Ø¤¹¤ë·Ù¹ð
¥¤¥ó¥¿¡¼¥Í¥Ã¥Èɸ½àRFC 5280¤Ç¤Ï¡¢X.509¾ÚÌÀ½ñ¤Î½àµò¤Ë´Ø¤¹¤ë¥×¥í¥Õ¥¡¥¤¥ë¤¬ÄêµÁ¤µ¤ì¤Æ¤ª¤ê¡¢¾ÚÌÀ½ñ¤Î¥Õ¥£¡¼¥ë¥É¤ª¤è¤Ó¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤Ë͸ú¤ÊÃͤª¤è¤ÓÃͤÎÁȹ礻¤¬µºÜ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£É¸½à¤Ë¤Ä¤¤¤Æ¤Ï¡¢ http://tools.ietf.org/rfc/rfc5280.txt¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤
keytool¥³¥Þ¥ó¥É¤Ç¤Ï¡¢¤³¤ì¤é¤Î¥ë¡¼¥ë¤¹¤Ù¤Æ¤¬Å¬ÍѤµ¤ì¤ë¤ï¤±¤Ç¤Ï¤Ê¤¤¤¿¤á¡¢É¸½à¤Ë½àµò¤·¤Ê¤¤¾ÚÌÀ½ñ¤òÀ¸À®¤Ç¤¤Þ¤¹¡£É¸½à¤Ë½àµò¤·¤Ê¤¤¾ÚÌÀ½ñ¤Ï¡¢JRE¤ä¾¤Î¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÇµñÈݤµ¤ì¤ë¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£¥æ¡¼¥¶¡¼¤Ï¡¢-dname¤ä-ext¤Ê¤É¤ÇŬÀµ¤Ê¥ª¥×¥·¥ç¥ó¤ò»ØÄꤹ¤ë¤è¤¦¤Ë¤·¤Æ¤¯¤À¤µ¤¤¡£
Ãí°Õ
¿·¤·¤¤¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¤Î¥¤¥ó¥Ý¡¼¥È
keytool¥³¥Þ¥ó¥É¤Ï¡¢¥¡¼¥¹¥È¥¢¤Ë¾ÚÌÀ½ñ¤òÄɲ乤ëÁ°¤Ë¡¢¥¡¼¥¹¥È¥¢Æâ¤Ë¤¹¤Ç¤Ë¸ºß¤¹¤ë¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¤ò»ÈÍѤ·¤Æ¡¢¥¤¥ó¥Ý¡¼¥È¤¹¤ë¾ÚÌÀ½ñ¤«¤é(¥ë¡¼¥ÈCA¤Î)¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Ë»ê¤ë¤Þ¤Ç¤Î¿®Íê¤Î¥Á¥§¡¼¥ó¤Î¹½ÃÛ¤ò»î¤ß¤Þ¤¹¡£
-trustcacerts¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤¿¾ì¹ç¡¢ÄɲäξÚÌÀ½ñ¤Ï¿®Íê¤Ç¤¤ë¤¹¤Ê¤ï¤Ácacerts¤È¤¤¤¦Ì¾Á°¤Î¥Õ¥¡¥¤¥ë¤Ë´Þ¤Þ¤ì¤ë¾ÚÌÀ½ñ¤Î¥Á¥§¡¼¥ó¤È¤ß¤Ê¤µ¤ì¤Þ¤¹¡£
keytool¥³¥Þ¥ó¥É¤¬¡¢¥¤¥ó¥Ý¡¼¥È¤¹¤ë¾ÚÌÀ½ñ¤«¤é¼«¸Ê½ð̾¾ÚÌÀ½ñ(¥¡¼¥¹¥È¥¢¤Þ¤¿¤Ïcacerts¥Õ¥¡¥¤¥ë¤Ë´Þ¤Þ¤ì¤Æ¤¤¤ë¼«¸Ê½ð̾¾ÚÌÀ½ñ)¤Ë»ê¤ë¤Þ¤Ç¤Î¿®Íê¤Î¥Ñ¥¹¤Î¹½Ãۤ˼ºÇÔ¤·¤¿¾ì¹ç¤Ï¡¢¥¤¥ó¥Ý¡¼¥È¤¹¤ë¾ÚÌÀ½ñ¤Î¾ðÊó¤òɽ¼¨¤·¡¢¥æ¡¼¥¶¡¼¤Ë³Îǧ¤òµá¤á¤Þ¤¹¡£¤³¤Î¾ì¹ç¤Ï¡¢É½¼¨¤µ¤ì¤¿¾ÚÌÀ½ñ¤Î¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤È¡¢Â¾¤Î¤Ê¤ó¤é¤«¤Î(¿®Íê¤Ç¤¤ë)¾ðÊó¸»(¾ÚÌÀ½ñ¤Î½êͼԤʤÉ)¤«¤éÆþ¼ê¤·¤¿¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤È¤òÈæ³Ó¤·¤Þ¤¹¡£¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¤È¤·¤Æ¾ÚÌÀ½ñ¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ë¤È¤¤Ï¡¢¾ÚÌÀ½ñ¤¬Í¸ú¤Ç¤¢¤ë¤³¤È¤ò¿µ½Å¤Ë³Îǧ¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¤Î¥¤¥ó¥Ý¡¼¥È·Ù¹ð¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£¥¤¥ó¥Ý¡¼¥ÈÁàºî¤Ï¡¢¾ÚÌÀ½ñ¤ò³Îǧ¤¹¤ë»þÅÀ¤ÇÃæ»ß¤Ç¤¤Þ¤¹¡£-noprompt¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢¥æ¡¼¥¶¡¼¤È¤ÎÂÐÏäϹԤï¤ì¤Þ¤»¤ó¡£
¾ÚÌÀ½ñ±þÅú¤Î¥¤¥ó¥Ý¡¼¥È
¾ÚÌÀ½ñ±þÅú¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ë¤È¤¤Ï¡¢¥¡¼¥¹¥È¥¢Æâ¤Î¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¡¢¤ª¤è¤Ó(-trustcacerts¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ï)cacerts¥¡¼¥¹¥È¥¢¡¦¥Õ¥¡¥¤¥ë¤Ç¹½À®¤µ¤ì¤¿¾ÚÌÀ½ñ¤ò»ÈÍѤ·¤Æ¾ÚÌÀ½ñ±þÅú¤¬¸¡ºº¤µ¤ì¤Þ¤¹¡£cacerts¾ÚÌÀ½ñ¥Õ¥¡¥¤¥ë¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£
¾ÚÌÀ½ñ±þÅú¤¬¿®Íê¤Ç¤¤ë¤«¤É¤¦¤«¤ò·èÄꤹ¤ëÊýË¡¤Ï¼¡¤Î¤È¤ª¤ê¤Ç¤¹¡£
¾ÚÌÀ½ñ±þÅúÆâ¤Î¸ø³«¸°¤¬alias¤Ç¤¹¤Ç¤Ë³ÊǼ¤µ¤ì¤Æ¤¤¤ë¥æ¡¼¥¶¡¼¤Î¸ø³«¸°¤Ë°ìÃפ·¤¿¾ì¹ç¡¢¸Å¤¤¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤¬±þÅúÆâ¤Î¿·¤·¤¤¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤ÇÃÖ¤´¹¤¨¤é¤ì¤Þ¤¹¡£°ÊÁ°¤Î¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤ò͸ú¤Êkeypass¤ÇÃÖ¤´¹¤¨¤ë¤³¤È¤¬¤Ç¤¤ë¤Î¤Ï¡¢¥¨¥ó¥È¥ê¤ÎÈëÌ©¸°¤òÊݸ¤ë¤¿¤á¤Î¥Ñ¥¹¥ï¡¼¥É¤ò»ØÄꤷ¤¿¾ì¹ç¤Î¤ß¤Ç¤¹¡£¥Ñ¥¹¥ï¡¼¥É¤ò»ØÄꤷ¤Æ¤ª¤é¤º¡¢ÈëÌ©¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤¬¥¡¼¥¹¥È¥¢¤Î¥Ñ¥¹¥ï¡¼¥É¤È°Û¤Ê¤ë¾ì¹ç¤Ï¡¢ÈëÌ©¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£
¤³¤Î¥³¥Þ¥ó¥É¤Ï¡¢°ÊÁ°¤Î¥ê¥ê¡¼¥¹¤Ç¤Ï-import¤È¤¤¤¦Ì¾Á°¤Ç¤·¤¿¡£¤³¤Î¥ê¥ê¡¼¥¹¤Ç¤Ï¡¢°ú¤Â³¤¸Å¤¤Ì¾Á°¤¬¥µ¥Ý¡¼¥È¤µ¤ì¤Æ¤¤¤Þ¤¹¡£º£¸å¤Ï¡¢¿·¤·¤¤Ì¾Á°-importcert¤¬Í¥À褵¤ì¤Þ¤¹¡£
´ØÏ¢¹àÌÜ
2015ǯ3·î3Æü | JDK 8 |