keytool(1) ¥»¥­¥å¥ê¥Æ¥£¡¦¥Ä¡¼¥ë keytool(1)

̾Á°

keytool - °Å¹æ²½¸°¡¢X.509¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤ª¤è¤Ó¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¤ò´Þ¤à¥­¡¼¥¹¥È¥¢(¥Ç¡¼¥¿¥Ù¡¼¥¹)¤ò´ÉÍý¤·¤Þ¤¹¡£

³µÍ×

keytool [commands]

commands

¥³¥Þ¥ó¥É¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£¤³¤ì¤é¤Î¥³¥Þ¥ó¥É¤Ï¡¢¼¡¤Î¤è¤¦¤Ë¥¿¥¹¥¯Ê̤ËʬÎव¤ì¤Þ¤¹¡£
•¥­¡¼¥¹¥È¥¢¤Ø¤Î¥Ç¡¼¥¿¤ÎºîÀ®¤Þ¤¿¤ÏÄɲÃ
•-gencert
•-genkeypair
•-genseckey
•-importcert
•-importpassword
•Ê̤Υ­¡¼¥¹¥È¥¢¤ÎÆâÍƤΥ¤¥ó¥Ý¡¼¥È
•-importkeystore
•¾ÚÌÀ½ñ¥ê¥¯¥¨¥¹¥È¤ÎÀ¸À®
•-certreq
•¥Ç¡¼¥¿¤Î¥¨¥¯¥¹¥Ý¡¼¥È
•-exportcert
•¥Ç¡¼¥¿¤Îɽ¼¨
•-list
•-printcert
•-printcertreq
•-printcrl
•¥­¡¼¥¹¥È¥¢¤Î´ÉÍý
•-storepasswd
•-keypasswd
•-delete
•-changealias
•¥Ø¥ë¥×¤Îɽ¼¨
•-help

ÀâÌÀ

keytool¥³¥Þ¥ó¥É¤Ï¡¢¸°¤È¾ÚÌÀ½ñ¤ò´ÉÍý¤¹¤ë¤¿¤á¤Î¥æ¡¼¥Æ¥£¥ê¥Æ¥£¤Ç¤¹¡£¤³¤ì¤Ë¤è¤ê¡¢¥æ¡¼¥¶¡¼¤Ï¼«Ê¬¤Î¸ø³«¸°¤ÈÈëÌ©¸°¤Î¥Ú¥¢¤ª¤è¤Ó´ØÏ¢¤¹¤ë¾ÚÌÀ½ñ¤ò´ÉÍý¤·¡¢¥Ç¥¸¥¿¥ë½ð̾¤ò»ÈÍѤ·¤¿¼«¸Êǧ¾Ú(¾¤Î¥æ¡¼¥¶¡¼¤Þ¤¿¤Ï¥µ¡¼¥Ó¥¹¤ËÂФ·¤Æ¼«Ê¬¼«¿È¤òǧ¾Ú¤¹¤ë¤³¤È)¤ä¡¢¥Ç¡¼¥¿¤ÎÀ°¹çÀ­¤È¾ÚÌÀ½ñ¤Ë´Ø¤¹¤ë¥µ¡¼¥Ó¥¹¤òÍøÍѤ¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£keytool¥³¥Þ¥ó¥É¤Ç¤Ï¡¢ÄÌ¿®¤·¤Æ¤¤¤ë¥Ô¥¢¤Î¸ø³«¸°¤ò¥­¥ã¥Ã¥·¥å¤¹¤ë¤³¤È¤â¤Ç¤­¤Þ¤¹(¾ÚÌÀ½ñ¤Î¥Õ¥©¡¼¥à¤Ç)¡£

¾ÚÌÀ½ñ¤È¤Ï¡¢¤¢¤ë¥¨¥ó¥Æ¥£¥Æ¥£(¿Íʪ¡¢²ñ¼Ò¤Ê¤É)¤«¤é¤Î¥Ç¥¸¥¿¥ë½ð̾ÉÕ¤­¤Îʸ½ñ¤Î¤³¤È¤Ç¤¹¡£¾ÚÌÀ½ñ¤Ë¤Ï¡¢Â¾¤Î¤¢¤ë¥¨¥ó¥Æ¥£¥Æ¥£¤Î¸ø³«¸°(¤ª¤è¤Ó¤½¤Î¾¤Î¾ðÊó)¤¬ÆÃÊ̤ÊÃͤò»ý¤Ã¤Æ¤¤¤ë¤³¤È¤¬½ñ¤«¤ì¤Æ¤¤¤Þ¤¹¡£(¾ÚÌÀ½ñ¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£)¥Ç¡¼¥¿¤Ë¥Ç¥¸¥¿¥ë½ð̾¤¬ÉÕ¤¤¤Æ¤¤¤ë¾ì¹ç¤Ï¡¢¥Ç¥¸¥¿¥ë½ð̾¤ò¸¡¾Ú¤¹¤ë¤³¤È¤Ç¡¢¥Ç¡¼¥¿¤ÎÀ°¹çÀ­¤ª¤è¤Ó¥Ç¡¼¥¿¤¬ËÜʪ¤Ç¤¢¤ë¤³¤È¤ò¥Á¥§¥Ã¥¯¤Ç¤­¤Þ¤¹¡£¥Ç¡¼¥¿¤ÎÀ°¹çÀ­¤È¤Ï¡¢¥Ç¡¼¥¿¤¬Êѹ¹¤µ¤ì¤¿¤ê¡¢²þÊѤµ¤ì¤¿¤ê¤·¤Æ¤¤¤Ê¤¤¤³¤È¤ò°ÕÌ£¤·¤Þ¤¹¡£¤Þ¤¿¡¢¥Ç¡¼¥¿¤¬ËÜʪ¤Ç¤¢¤ë¤È¤Ï¡¢¤½¤Î¥Ç¡¼¥¿¤¬¡¢¥Ç¡¼¥¿¤òºîÀ®¤·¤Æ½ð̾¤·¤¿¤È¾Î¤¹¤ë¿Íʪ¤«¤éÅϤµ¤ì¤¿¥Ç¡¼¥¿¤Ç¤¢¤ë¤³¤È¤ò°ÕÌ£¤·¤Þ¤¹¡£

¤Þ¤¿¡¢keytool¥³¥Þ¥ó¥É¤ò»ÈÍѤ¹¤ì¤Ð¡¢ÂоΰŹ沽/Éü¹æ²½(DES)¤Ç»ÈÍѤµ¤ì¤ëÈëÌ©¸°¤ª¤è¤Ó¥Ñ¥¹¥Õ¥ì¡¼¥º¤ò´ÉÍý¤¹¤ë¤³¤È¤â¤Ç¤­¤Þ¤¹¡£

keytool¥³¥Þ¥ó¥É¤Ï¡¢¸°¤È¾ÚÌÀ½ñ¤ò¥­¡¼¥¹¥È¥¢¤Ë³ÊǼ¤·¤Þ¤¹¡£¥­¡¼¥¹¥È¥¢¤ÎÊÌ̾¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£

¥³¥Þ¥ó¥É¤È¥ª¥×¥·¥ç¥ó¤Ë´Ø¤¹¤ëÃí°Õ

ÍÍ¡¹¤Ê¥³¥Þ¥ó¥É¤È¤½¤ÎÀâÌÀ¤Ë¤Ä¤¤¤Æ¤Ï¡¢¥³¥Þ¥ó¥É¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£

•¤É¤Î¥³¥Þ¥ó¥É̾¤ª¤è¤Ó¥ª¥×¥·¥ç¥ó̾¤Ë¤âÀèƬ¤Ë¥Þ¥¤¥Ê¥¹µ­¹æ(-)¤¬ÉÕ¤­¤Þ¤¹¡£
•³Æ¥³¥Þ¥ó¥É¤Î¥ª¥×¥·¥ç¥ó¤ÏǤ°Õ¤Î½ç½ø¤Ç»ØÄê¤Ç¤­¤Þ¤¹¡£
•¥¤¥¿¥ê¥Ã¥¯¤Ë¤Ê¤Ã¤Æ¤¤¤Ê¤¤¤¹¤Ù¤Æ¤Î¹àÌÜ¡¢¤Þ¤¿¤ÏÃ楫¥Ã¥³¤«³Ñ¥«¥Ã¥³¤Ç°Ï¤Þ¤ì¤Æ¤¤¤ë¤¹¤Ù¤Æ¤Î¹àÌܤϡ¢¤½¤Î¤È¤ª¤ê¤Ë»ØÄꤹ¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
•¥ª¥×¥·¥ç¥ó¤ò°Ï¤àÃ楫¥Ã¥³¤Ï¡¢¤½¤Î¥ª¥×¥·¥ç¥ó¤ò¥³¥Þ¥ó¥É¹Ô¤Ç»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¤Ë¡¢¥Ç¥Õ¥©¥ë¥ÈÃͤ¬»ÈÍѤµ¤ì¤ë¤³¤È¤ò°ÕÌ£¤·¤Þ¤¹¡£¥ª¥×¥·¥ç¥ó¤Î¥Ç¥Õ¥©¥ë¥ÈÃͤò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£Ã楫¥Ã¥³¤Ï¡¢-v¡¢-rfc¤ª¤è¤Ó-J¥ª¥×¥·¥ç¥ó¤ò°Ï¤à¤¿¤á¤Ë¤â»ÈÍѤµ¤ì¤Þ¤¹¤¬¡¢¤³¤ì¤é¤Î¥ª¥×¥·¥ç¥ó¤Ï¥³¥Þ¥ó¥É¹Ô¤Ç»ØÄꤵ¤ì¤¿¾ì¹ç¤Ë¤Î¤ß°ÕÌ£¤ò»ý¤Á¤Þ¤¹¡£»ØÄꤵ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç°Ê³°¡¢¥Ç¥Õ¥©¥ë¥ÈÃͤϤ¢¤ê¤Þ¤»¤ó¡£
•¥ª¥×¥·¥ç¥ó¤ò°Ï¤à³Ñ¥«¥Ã¥³¤Ï¡¢¤½¤Î¥ª¥×¥·¥ç¥ó¤ò¥³¥Þ¥ó¥É¹Ô¤Ç»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¤Ë¡¢ÃͤÎÆþÎϤòµá¤á¤é¤ì¤ë¤³¤È¤ò°ÕÌ£¤·¤Þ¤¹¡£-keypass¥ª¥×¥·¥ç¥ó¤Î¾ì¹ç¡¢¥ª¥×¥·¥ç¥ó¤ò¥³¥Þ¥ó¥É¹Ô¤Ç»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï¡¢keytool¥³¥Þ¥ó¥É¤¬¤Þ¤º¥­¡¼¥¹¥È¥¢¤Î¥Ñ¥¹¥ï¡¼¥É¤ò»ÈÍѤ·¤ÆÈó¸ø³«/ÈëÌ©¸°¤ÎÉü¸µ¤ò»î¤ß¤Þ¤¹¡£¤³¤Î»î¤ß¤¬¼ºÇÔ¤·¤¿¾ì¹ç¡¢keytool¥³¥Þ¥ó¥É¤Ë¤è¤ê¡¢Èó¸ø³«/ÈëÌ©¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£
•¥¤¥¿¥ê¥Ã¥¯¤Î¹àÌܤμºݤÎÃÍ(¥ª¥×¥·¥ç¥ó¤ÎÃÍ)¤Ï¡¢»ØÄꤹ¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢-printcert¥³¥Þ¥ó¥É¤Î·Á¼°¤Ï¼¡¤Î¤È¤ª¤ê¤Ç¤¹¡£
keytool -printcert {-file cert_file} {-v}

-printcert¥³¥Þ¥ó¥É¤ò»ØÄꤹ¤ë¾ì¹ç¤Ï¡¢cert_file¤ò¼ÂºÝ¤Î¥Õ¥¡¥¤¥ë̾¤ÇÃÖ¤­´¹¤¨¤Þ¤¹¡£Îã: keytool -printcert -file VScert.cer

•¥ª¥×¥·¥ç¥ó¤ÎÃͤ˶õÇò(¥¹¥Ú¡¼¥¹)¤¬´Þ¤Þ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ï¡¢Ãͤò°úÍÑÉä¤Ç°Ï¤àɬÍפ¬¤¢¤ê¤Þ¤¹¡£
-help¥ª¥×¥·¥ç¥ó¤¬¥Ç¥Õ¥©¥ë¥È¤Ç¤¹¡£keytool¥³¥Þ¥ó¥É¤Ï¡¢keytool -help¤ÈƱ¤¸¤Ç¤¹¡£

¥ª¥×¥·¥ç¥ó¤Î¥Ç¥Õ¥©¥ë¥ÈÃÍ

¼¡¤ÎÎã¤Ç¡¢ÍÍ¡¹¤Ê¥ª¥×¥·¥ç¥óÃͤΥǥե©¥ë¥ÈÃͤò¼¨¤·¤Þ¤¹¡£

-alias "mykey"
-keyalg
    "DSA" (when using -genkeypair)
    "DES" (when using -genseckey)
-keysize
    2048 (when using -genkeypair and -keyalg is "RSA")
    1024 (when using -genkeypair and -keyalg is "DSA")
    256 (when using -genkeypair and -keyalg is "EC")
    56 (when using -genseckey and -keyalg is "DES")
    168 (when using -genseckey and -keyalg is "DESede")
-validity 90
-keystore <the file named .keystore in the user's home directory>
-storetype <the value of the "keystore.type" property in the
    security properties file, which is returned by the static
    getDefaultType method in java.security.KeyStore>
-file
    stdin (if reading)
    stdout (if writing)
-protected false

¸ø³«/ÈëÌ©¸°¥Ú¥¢¤ÎÀ¸À®¤Ë¤ª¤¤¤Æ¡¢½ð̾¥¢¥ë¥´¥ê¥º¥à(-sigalg¥ª¥×¥·¥ç¥ó)¤Ï¡¢´ð¤Ë¤Ê¤ëÈëÌ©¸°¤Î¥¢¥ë¥´¥ê¥º¥à¤«¤éÇÉÀ¸¤·¤Þ¤¹¡£

•´ð¤Ë¤Ê¤ëÈëÌ©¸°¤¬DSA¥¿¥¤¥×¤Ç¤¢¤ë¾ì¹ç¤Ï¡¢-sigalg¥ª¥×¥·¥ç¥ó¤Î¥Ç¥Õ¥©¥ë¥ÈÃͤÏSHA1withDSA¤Ë¤Ê¤ê¤Þ¤¹¡£
•´ð¤Ë¤Ê¤ëÈëÌ©¸°¤¬RSA¥¿¥¤¥×¤Ç¤¢¤ë¾ì¹ç¤Ï¡¢-sigalg¥ª¥×¥·¥ç¥ó¤Î¥Ç¥Õ¥©¥ë¥ÈÃͤÏSHA256withRSA¤Ë¤Ê¤ê¤Þ¤¹¡£
•´ð¤Ë¤Ê¤ëÈëÌ©¸°¤¬EC¥¿¥¤¥×¤Ç¤¢¤ë¾ì¹ç¤Ï¡¢-sigalg¥ª¥×¥·¥ç¥ó¤Î¥Ç¥Õ¥©¥ë¥ÈÃͤÏSHA256withECDSA¤Ë¤Ê¤ê¤Þ¤¹¡£

-keyalg¤ª¤è¤Ó-sigalg°ú¿ô¤Î´°Á´¤Ê¥ê¥¹¥È¤Ë¤Ä¤¤¤Æ¤Ï¡¢ http://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html#AppA¤Î¡ÖJava Cryptography Architecture (JCA) Reference Guide¡×¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£

°ìÈÌ¥ª¥×¥·¥ç¥ó

-v¥ª¥×¥·¥ç¥ó¤Ï¡¢-help¥³¥Þ¥ó¥É¤ò½ü¤¯¤¹¤Ù¤Æ¤Î¥³¥Þ¥ó¥É¤Ç»ÈÍѤǤ­¤Þ¤¹¡£-v¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤¿¾ì¹ç¡¢¥³¥Þ¥ó¥É¤Ï¾éĹ¥â¡¼¥É¤Ç¼Â¹Ô¤µ¤ì¡¢¾ÜºÙ¤Ê¾ðÊ󤬽ÐÎϤµ¤ì¤Þ¤¹¡£

Ǥ°Õ¤Î¥³¥Þ¥ó¥É¤Ç»ØÄê¤Ç¤­¤ë-Jjavaoption°ú¿ô¤â¤¢¤ê¤Þ¤¹¡£-Jjavaoption¤ò»ØÄꤷ¤¿¾ì¹ç¡¢»ØÄꤵ¤ì¤¿javaoptionʸ»úÎó¤¬Java¥¤¥ó¥¿¥×¥ê¥¿¤ËľÀÜÅϤµ¤ì¤Þ¤¹¡£¤³¤Î¥ª¥×¥·¥ç¥ó¤Ë¤Ï¡¢¶õÇò¤ò´Þ¤á¤ë¤³¤È¤Ï¤Ç¤­¤Þ¤»¤ó¡£¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¡¢¼Â¹Ô´Ä¶­¤Þ¤¿¤Ï¥á¥â¥ê¡¼»ÈÍѤòÄ´À°¤¹¤ë¾ì¹ç¤ËÊØÍø¤Ç¤¹¡£»ØÄê¤Ç¤­¤ë¥¤¥ó¥¿¥×¥ê¥¿¡¦¥ª¥×¥·¥ç¥ó¤ò°ìÍ÷ɽ¼¨¤¹¤ë¤Ë¤Ï¡¢¥³¥Þ¥ó¥É¹Ô¤Çjava -h¤Þ¤¿¤Ïjava -X¤ÈÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£

¼¡¤Î¥ª¥×¥·¥ç¥ó¤Ï¡¢¥­¡¼¥¹¥È¥¢¤ËÂФ¹¤ëÁàºî¤ò¹Ô¤¦¤¹¤Ù¤Æ¤Î¥³¥Þ¥ó¥É¤Ç»ØÄê¤Ç¤­¤Þ¤¹¡£

-storetype storetype

¤³¤Î½¤¾þ»Ò¤Ï¡¢¥¤¥ó¥¹¥¿¥ó¥¹¤òÀ¸À®¤¹¤ë¥­¡¼¥¹¥È¥¢¤Î¥¿¥¤¥×¤ò»ØÄꤷ¤Þ¤¹¡£

-keystore keystore

¥­¡¼¥¹¥È¥¢¤Î¾ì½ê¤ò»ØÄꤷ¤Þ¤¹¡£

ÆÃÄê¤Îkeytool¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ëºÝ¤Ë¡¢JKS storetype¤¬»ÈÍѤµ¤ì¡¢¤«¤Ä¥­¡¼¥¹¥È¥¢¡¦¥Õ¥¡¥¤¥ë¤¬¤Þ¤À¸ºß¤·¤Æ¤¤¤Ê¤«¤Ã¤¿¾ì¹ç¡¢¿·¤·¤¤¥­¡¼¥¹¥È¥¢¡¦¥Õ¥¡¥¤¥ë¤¬ºîÀ®¤µ¤ì¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢keytool -genkeypair¤Î¸Æ½Ð¤·»þ¤Ë-keystore¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Ê¤«¤Ã¤¿¾ì¹ç¡¢.keystore¤È¤¤¤¦Ì¾Á°¤Î¥Ç¥Õ¥©¥ë¥È¡¦¥­¡¼¥¹¥È¥¢¡¦¥Õ¥¡¥¤¥ë¤¬¥æ¡¼¥¶¡¼¤Î¥Û¡¼¥à¡¦¥Ç¥£¥ì¥¯¥È¥êÆâ¤Ë¤Þ¤À¸ºß¤·¤Æ¤¤¤Ê¤±¤ì¤Ð¡¢¤½¤³¤ËºîÀ®¤µ¤ì¤Þ¤¹¡£Æ±Íͤˡ¢-keystore ks_file¤È¤¤¤¦¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Æ¤â¤½¤Îks_file¤¬Â¸ºß¤·¤Ê¤«¤Ã¤¿¾ì¹ç¡¢¤½¤Î¥Õ¥¡¥¤¥ë¤¬ºîÀ®¤µ¤ì¤Þ¤¹¡£JKS storetype¤Î¾ÜºÙ¤Ï¡¢¤ÎKeyStore¤Î¼ÂÁõ¥­¡¼¥¹¥È¥¢¤ÎÊÌ̾¤Ë´Ø¤¹¤ë¹à¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£

-keystore¥ª¥×¥·¥ç¥ó¤«¤é¤ÎÆþÎÏ¥¹¥È¥ê¡¼¥à¤Ï¡¢KeyStore.load¥á¥½¥Ã¥É¤ËÅϤµ¤ì¤Þ¤¹¡£URL¤È¤·¤ÆNONE¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ï¡¢null¤Î¥¹¥È¥ê¡¼¥à¤¬KeyStore.load¥á¥½¥Ã¥É¤ËÅϤµ¤ì¤Þ¤¹¡£NONE¤Ï¡¢KeyStore¤¬¥Õ¥¡¥¤¥ë¥Ù¡¼¥¹¤Ç¤Ï¤Ê¤¤¾ì¹ç¤Ë»ØÄꤷ¤Æ¤¯¤À¤µ¤¤¡£¤¿¤È¤¨¤Ð¡¢¥Ï¡¼¥É¥¦¥§¥¢¡¦¥È¡¼¥¯¥ó¡¦¥Ç¥Ð¥¤¥¹¾å¤Ë¸ºß¤·¤Æ¤¤¤ë¾ì¹ç¤Ê¤É¤Ç¤¹¡£

-storepass[:env| :file] argument

¥­¡¼¥¹¥È¥¢¤ÎÀ°¹çÀ­¤òÊݸ¤ë¤¿¤á¤Ë»ÈÍѤ¹¤ë¥Ñ¥¹¥ï¡¼¥É¤ò»ØÄꤷ¤Þ¤¹¡£

½¤¾þ»Òenv¤Þ¤¿¤Ïfile¤ò»ØÄꤷ¤Ê¤¤¾ì¹ç¡¢¥Ñ¥¹¥ï¡¼¥É¤ÎÃͤÏargument¤Ë¤Ê¤ê¤Þ¤¹¡£¤³¤ÎÃͤϡ¢6ʸ»ú°Ê¾å¤Ë¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¤½¤ì°Ê³°¤Î¾ì¹ç¡¢¥Ñ¥¹¥ï¡¼¥É¤Ï¼¡¤Î¤è¤¦¤Ë¤·¤Æ¼èÆÀ¤µ¤ì¤Þ¤¹¡£

env: argument¤È¤¤¤¦Ì¾Á°¤Î´Ä¶­ÊÑ¿ô¤«¤é¥Ñ¥¹¥ï¡¼¥É¤ò¼èÆÀ¤·¤Þ¤¹¡£
file: argument¤È¤¤¤¦Ì¾Á°¤Î¥Õ¥¡¥¤¥ë¤«¤é¥Ñ¥¹¥ï¡¼¥É¤ò¼èÆÀ¤·¤Þ¤¹¡£

Ãí°Õ: -keypass¡¢-srckeypass¡¢-destkeypass¡¢-srcstorepass¡¢-deststorepass¤Ê¤É¤Î¥Ñ¥¹¥ï¡¼¥É¤òɬÍפȤ¹¤ë¤½¤Î¾¤Î¥ª¥×¥·¥ç¥ó¤Ï¤¹¤Ù¤Æ¡¢env¤ª¤è¤Ófile½¤¾þ»Ò¤ò¼õ¤±ÉÕ¤±¤Þ¤¹¡£¥Ñ¥¹¥ï¡¼¥É¡¦¥ª¥×¥·¥ç¥ó¤È½¤¾þ»Ò¤Ï¡¢É¬¤º¥³¥í¥ó(:)¤Ç¶èÀڤäƤ¯¤À¤µ¤¤¡£

¥Ñ¥¹¥ï¡¼¥É¤Ï¡¢¥­¡¼¥¹¥È¥¢¤ÎÆâÍƤ˥¢¥¯¥»¥¹¤¹¤ë¤¹¤Ù¤Æ¤Î¥³¥Þ¥ó¥É¤Ç»ÈÍѤµ¤ì¤Þ¤¹¡£¤³¤Î¼ï¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¤È¤­¤Ë¡¢¥³¥Þ¥ó¥É¹Ô¤Ç-storepass¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï¡¢¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£

¥­¡¼¥¹¥È¥¢¤«¤é¾ðÊó¤ò¼èÆÀ¤¹¤ë¾ì¹ç¡¢¥Ñ¥¹¥ï¡¼¥É¤Ï¾Êά²Äǽ¤Ç¤¹¡£¥Ñ¥¹¥ï¡¼¥É¤¬»ØÄꤵ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¡¢¼èÆÀ¤·¤¿¾ðÊó¤ÎÀ°¹çÀ­¤ò¸¡¾Ú¤Ç¤­¤º¡¢·Ù¹ð¤¬É½¼¨¤µ¤ì¤Þ¤¹¡£

-providerName provider_name

¥»¥­¥å¥ê¥Æ¥£¡¦¥×¥í¥Ñ¥Æ¥£¡¦¥Õ¥¡¥¤¥ëÆâ¤Ë´Þ¤Þ¤ì¤ë°Å¹æ²½¥µ¡¼¥Ó¥¹¡¦¥×¥í¥Ð¥¤¥À̾¤òÆÃÄꤹ¤ë¤¿¤á¤Ë»ÈÍѤµ¤ì¤Þ¤¹¡£

-providerClass provider_class_name

°Å¹æ²½¥µ¡¼¥Ó¥¹¡¦¥×¥í¥Ð¥¤¥À¤¬¥»¥­¥å¥ê¥Æ¥£¡¦¥×¥í¥Ñ¥Æ¥£¡¦¥Õ¥¡¥¤¥ë¤Ë»ØÄꤵ¤ì¤Æ¤¤¤Ê¤¤¤È¤­¤Ï¡¢¤½¤Î¥Þ¥¹¥¿¡¼¡¦¥¯¥é¥¹¡¦¥Õ¥¡¥¤¥ë¤Î̾Á°¤ò»ØÄꤹ¤ë¤È¤­¤Ë»ÈÍѤµ¤ì¤Þ¤¹¡£

-providerArg provider_arg

-providerClass¥ª¥×¥·¥ç¥ó¤È¤È¤â¤Ë»ÈÍѤµ¤ì¡¢provider_class_name¤Î¥³¥ó¥¹¥È¥é¥¯¥¿¤Î¥ª¥×¥·¥ç¥ó¤Îʸ»úÎóÆþÎÏ°ú¿ô¤òɽ¤·¤Þ¤¹¡£

-protected

true¤Þ¤¿¤Ïfalse¤Î¤¤¤º¤ì¤«¡£¥Ñ¥¹¥ï¡¼¥É¤òÀìÍÑPIN¥ê¡¼¥À¡¼¤Ê¤É¤ÎÊݸ¤ì¤¿Ç§¾Ú¥Ñ¥¹·Ðͳ¤Ç»ØÄꤹ¤ëɬÍפ¬¤¢¤ë¾ì¹ç¤Ï¡¢¤³¤ÎÃͤòtrue¤Ë»ØÄꤹ¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£-importkeystore¥³¥Þ¥ó¥É¤Ë¤Ï2¤Ä¤Î¥­¡¼¥¹¥È¥¢¤¬´ØÏ¢¤·¤Æ¤¤¤ë¤¿¤á¡¢¥½¡¼¥¹¡¦¥­¡¼¥¹¥È¥¢¤È°¸À襭¡¼¥¹¥È¥¢¤Ë¤½¤ì¤¾¤ì¼¡¤Î2¤Ä¤Î¥ª¥×¥·¥ç¥ó¡¢-srcprotected¤È-destprotected¤¬ÍÑ°Õ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£

-ext {name{:critical} {=value}}

X.509¾ÚÌÀ½ñ¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤ò¼¨¤·¤Þ¤¹¡£¤³¤Î¥ª¥×¥·¥ç¥ó¤ò-genkeypair¤ª¤è¤Ó-gencert¤Ç»ÈÍѤ·¤Æ¡¢À¸À®¤µ¤ì¤ë¾ÚÌÀ½ñ¤Þ¤¿¤Ï-certreq¤Ë¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤òËä¤á¹þ¤ß¡¢¾ÚÌÀ½ñ¥ê¥¯¥¨¥¹¥È¤Ç¥ê¥¯¥¨¥¹¥È¤µ¤ì¤ë¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤ò¼¨¤¹¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£¤³¤Î¥ª¥×¥·¥ç¥ó¤ÏÊ£¿ô²ó»ØÄê¤Ç¤­¤Þ¤¹¡£name°ú¿ô¤Ë¤Ï¡¢¥µ¥Ý¡¼¥È¤µ¤ì¤Æ¤¤¤ë¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó̾(̾Á°ÉÕ¤­¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤ò»²¾È)¤Þ¤¿¤ÏǤ°Õ¤ÎOIDÈÖ¹æ¤ò»ØÄê¤Ç¤­¤Þ¤¹¡£»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢value°ú¿ô¤Ï¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤Î°ú¿ô¤ò»Ø¤·¤Þ¤¹¡£value¤ò¾Êά¤·¤¿¾ì¹ç¡¢¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤Î¥Ç¥Õ¥©¥ë¥ÈÃͤޤ¿¤Ï¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤¬°ú¿ô¤òɬÍפȤ·¤Ê¤¤¤³¤È¤ò¼¨¤·¤Þ¤¹¡£:critical½¤¾þ»Ò¤¬»ØÄꤵ¤ì¤¿¾ì¹ç¡¢¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤ÎisCritical°À­¤Ïtrue¤Ç¡¢»ØÄꤵ¤ì¤Ê¤¤¾ì¹ç¤Ïfalse¤Ç¤¹¡£:critical¤Î¤«¤ï¤ê¤Ë:c¤ò»ÈÍѤǤ­¤Þ¤¹¡£

̾Á°ÉÕ¤­¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó

keytool¥³¥Þ¥ó¥É¤Ï¡¢¼¡¤Î̾Á°¤Î¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤ò¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Þ¤¹¡£Ì¾Á°¤ÎÂç/¾®Ê¸»ú¤Ï¶èÊ̤µ¤ì¤Þ¤»¤ó¡£

BC¤Þ¤¿¤ÏBasicContraints

ÃÍ: ´°Á´¤Ê·Á¼°¤Ï¡¢ca:{true|false}[,pathlen:<len>]¤Þ¤¿¤Ï<len>(ca:true,pathlen:<len>¤Îû½Ì·Á)¤Ç¤¹¡£<len>¤ò¾Êά¤¹¤ë¤È¡¢ca:true¤Î°ÕÌ£¤Ë¤Ê¤ê¤Þ¤¹¡£

KU¤Þ¤¿¤ÏKeyUsage

ÃÍ: usage(usage)*¡¢usage¤Ë¤ÏdigitalSignature¡¢nonRepudiation (contentCommitment)¡¢keyEncipherment¡¢dataEncipherment¡¢keyAgreement¡¢keyCertSign¡¢cRLSign¡¢encipherOnly¡¢decipherOnly¤Î¤¤¤º¤ì¤«¤ò»ØÄê¤Ç¤­¤Þ¤¹¡£usage°ú¿ô¤Ï¡¢ÉÔÌÀ³Î¤Ë¤Ê¤é¤Ê¤¤¤«¤®¤ê¡¢ºÇ½é¤Î¿ôʸ»ú(digitalSignature¤Î¾ì¹ç¤Ïdig)¤Þ¤¿¤Ï¥­¥ã¥á¥ë¥±¡¼¥¹¡¦¥¹¥¿¥¤¥ë(digitalSignature¤Î¾ì¹ç¤ÏdS¡¢cRLSign¤Î¾ì¹ç¤ÏcRLS)¤Ç¾Êάɽµ­¤Ç¤­¤Þ¤¹¡£usageÃͤϡ¢Âçʸ»ú¤È¾®Ê¸»ú¤¬¶èÊ̤µ¤ì¤Þ¤¹¡£

EKU¤Þ¤¿¤ÏExtendedKeyUsage

ÃÍ: usage(usage)*¡¢usage¤Ë¤ÏanyExtendedKeyUsage¡¢serverAuth¡¢clientAuth¡¢codeSigning¡¢emailProtection¡¢timeStamping¡¢OCSPSigning¤Þ¤¿¤ÏǤ°Õ¤ÎOIDʸ»úÎó¤Î¤¤¤º¤ì¤«¤ò»ØÄê¤Ç¤­¤Þ¤¹¡£usage°ú¿ô¤Ï¡¢ÉÔÌÀ³Î¤Ë¤Ê¤é¤Ê¤¤¤«¤®¤ê¡¢ºÇ½é¤Î¿ôʸ»ú¤Þ¤¿¤Ï¥­¥ã¥á¥ë¥±¡¼¥¹¡¦¥¹¥¿¥¤¥ë¤Ç¾Êάɽµ­¤Ç¤­¤Þ¤¹¡£usageÃͤϡ¢Âçʸ»ú¤È¾®Ê¸»ú¤¬¶èÊ̤µ¤ì¤Þ¤¹¡£

SAN¤Þ¤¿¤ÏSubjectAlternativeName

ÃÍ: type:value(type:value)*¡¢type¤Ë¤ÏEMAIL¡¢URI¡¢DNS¡¢IP¤Þ¤¿¤ÏOID¤ò»ØÄê¤Ç¤­¤Þ¤¹¡£value°ú¿ô¤Ï¡¢type¤Îʸ»úÎó·Á¼°¤ÎÃͤǤ¹¡£

IAN¤Þ¤¿¤ÏIssuerAlternativeName

ÃÍ: SubjectAlternativeName¤ÈƱ¤¸¤Ç¤¹¡£

SIA¤Þ¤¿¤ÏSubjectInfoAccess

ÃÍ: method:location-type:location-value (method:location-type:location-value)*¡¢method¤Ë¤ÏtimeStamping¡¢caRepository¤Þ¤¿¤ÏǤ°Õ¤ÎOID¤ò»ØÄê¤Ç¤­¤Þ¤¹¡£location-type¤ª¤è¤Ólocation-value°ú¿ô¤Ë¤Ï¡¢SubjectAlternativeName¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤Ç¥µ¥Ý¡¼¥È¤µ¤ì¤ëǤ°Õ¤Îtype:value¤ò»ØÄê¤Ç¤­¤Þ¤¹¡£

AIA¤Þ¤¿¤ÏAuthorityInfoAccess

ÃÍ: SubjectInfoAccess¤ÈƱ¤¸¤Ç¤¹¡£method°ú¿ô¤Ë¤Ï¡¢ocsp¡¢caIssuers¤Þ¤¿¤ÏǤ°Õ¤ÎOID¤ò»ØÄê¤Ç¤­¤Þ¤¹¡£

name¤¬OID¤Î¾ì¹ç¡¢OCTET STRING¥¿¥¤¥×¤ÈŤµ¤Î¥Ð¥¤¥È¤ò½ü³°¤·¤¿¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤Ë¤Ä¤¤¤Æ¤Ï¡¢ÃͤÏextnValue¤Î16¿Ê¥À¥ó¥×¤ÎDER¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°¤Ç¤¹¡£HEXʸ»úÎó¤Ç¤Ï¡¢É¸½à¤Î16¿Ê¿ô(0-9¡¢a-f¡¢A-F)°Ê³°¤Îʸ»ú¤Ï̵»ë¤µ¤ì¤Þ¤¹¡£¤·¤¿¤¬¤Ã¤Æ¡¢01:02:03:04¤È01020304¤ÎξÊý¤È¤âƱ°ì¤ÎÃͤȤ·¤Æ¼õ¤±ÉÕ¤±¤é¤ì¤Þ¤¹¡£Ãͤ¬¤Ê¤¤¾ì¹ç¡¢¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤ÎÃÍ¥Õ¥£¡¼¥ë¥É¤Ï¶õ¤Ë¤Ê¤ê¤Þ¤¹¡£

-gencert¤Ç¤Î¤ß»ÈÍѤ¹¤ëhonored¤È¤¤¤¦ÆÃÊ̤Ê̾Á°¤Ï¡¢¾ÚÌÀ½ñ¥ê¥¯¥¨¥¹¥È¤Ë´Þ¤Þ¤ì¤ë¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤òÍ¥À褹¤ëÊýË¡¤ò¼¨¤·¤Þ¤¹¡£¤³¤Î̾Á°¤ÎÃͤϡ¢all(¥ê¥¯¥¨¥¹¥È¤µ¤ì¤ë¤¹¤Ù¤Æ¤Î¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤¬Í¥À褵¤ì¤ë)¡¢name{:[critical|non-critical]}(̾Á°ÉÕ¤­¤Î¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤¬Í¥À褵¤ì¤ë¤¬¡¢Ê̤ÎisCritical°À­¤ò»ÈÍѤ¹¤ë)¡¢¤ª¤è¤Ó-name(all¤È¤È¤â¤Ë»ÈÍѤ·¡¢Îã³°¤ò¼¨¤¹)¤Î¥«¥ó¥Þ¶èÀÚ¤ê¥ê¥¹¥È¤Ç¤¹¡£¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢¥ê¥¯¥¨¥¹¥È¤µ¤ì¤ë¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤ÏÍ¥À褵¤ì¤Þ¤»¤ó¡£

-ext honored¥ª¥×¥·¥ç¥ó¤Ë²Ã¤¨¡¢Ê̤Î̾Á°¤Î¡¢¤Þ¤¿¤ÏOID -ext¤Î¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤¿¾ì¹ç¤Ï¡¢¤³¤Î¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤¬¡¢¤¹¤Ç¤ËÍ¥À褵¤ì¤Æ¤¤¤ë¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤ËÄɲ䵤ì¤Þ¤¹¡£¤¿¤À¤·¡¢¤³¤Î̾Á°(¤Þ¤¿¤ÏOID)¤òÍ¥À褵¤ì¤ëÃͤǤâ»ÈÍѤ·¤¿¾ì¹ç¤Ï¡¢¤½¤ÎÃͤȽÅÍ×À­¤¬¥ê¥¯¥¨¥¹¥È¤Ë´Þ¤Þ¤ì¤ë¤â¤Î¤ò¥ª¡¼¥Ð¡¼¥é¥¤¥É¤·¤Þ¤¹¡£

subjectKeyIdentifier¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤Ï¾ï¤ËºîÀ®¤µ¤ì¤Þ¤¹¡£¼«¸Ê½ð̾¤Ç¤Ê¤¤¾ÚÌÀ½ñ¤Î¾ì¹ç¤Ï¡¢authorityKeyIdentifier¤¬ºîÀ®¤µ¤ì¤Þ¤¹¡£

Ãí°Õ: ¥æ¡¼¥¶¡¼¤Ï¡¢¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó(¤ª¤è¤Ó¾ÚÌÀ½ñ¤Î¾¤Î¥Õ¥£¡¼¥ë¥É)¤ÎÁȹ礻¤Ë¤è¤Ã¤Æ¤Ï¡¢¥¤¥ó¥¿¡¼¥Í¥Ã¥È¤Îɸ½à¤Ë½àµò¤·¤Ê¤¤¾ì¹ç¤¬¤¢¤ë¤³¤È¤ËÃí°Õ¤·¤Æ¤¯¤À¤µ¤¤¡£¾ÚÌÀ½ñ¤Î½àµò¤Ë´Ø¤¹¤ë·Ù¹ð¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£

¥³¥Þ¥ó¥É

-gencert

{-rfc} {-infile infile} {-outfile outfile} {-alias alias} {-sigalg sigalg}
{-dname dname} {-startdate startdate {-ext ext}* {-validity valDays}
[-keypass keypass] {-keystore keystore} [-storepass storepass]
{-storetype storetype} {-providername provider_name}
{-providerClass provider_class_name {-providerArg provider_arg}}
{-v} {-protected} {-Jjavaoption}
¾ÚÌÀ½ñ¥ê¥¯¥¨¥¹¥È¡¦¥Õ¥¡¥¤¥ë(keytool -certreq¥³¥Þ¥ó¥É¤ÇºîÀ®²Äǽ)¤ËÂФ¹¤ë¥ì¥¹¥Ý¥ó¥¹¤È¤·¤Æ¾ÚÌÀ½ñ¤òÀ¸À®¤·¤Þ¤¹¡£¤³¤Î¥³¥Þ¥ó¥É¤Ï¡¢infile¤«¤é(¾Êά¤·¤¿¾ì¹ç¤Ï¡¢É¸½àÆþÎϤ«¤é)¥ê¥¯¥¨¥¹¥È¤òÆɤ߹þ¤ß¡¢ÊÌ̾¤ÎÈëÌ©¸°¤ò»ÈÍѤ·¤Æ¤½¤Î¥ê¥¯¥¨¥¹¥È¤Ë½ð̾¤·¤Æ¡¢X.509¾ÚÌÀ½ñ¤òoutfile¤Ë(¾Êά¤·¤¿¾ì¹ç¤Ï¡¢É¸½à½ÐÎϤË)½ÐÎϤ·¤Þ¤¹¡£-rfc¤ò»ØÄꤷ¤¿¾ì¹ç¡¢½ÐÎÏ·Á¼°¤ÏBASE64Éä¹æ²½¤ÎPEM¤Ë¤Ê¤ê¤Þ¤¹¡£¤½¤ì°Ê³°¤Î¾ì¹ç¤Ï¡¢¥Ð¥¤¥Ê¥êDER¤¬ºîÀ®¤µ¤ì¤Þ¤¹¡£

sigalgÃͤˤϡ¢¾ÚÌÀ½ñ¤Ë½ð̾¤òÉÕ¤±¤ë¤È¤­¤Ë»ÈÍѤ¹¤ë¥¢¥ë¥´¥ê¥º¥à¤ò»ØÄꤷ¤Þ¤¹¡£startdate°ú¿ô¤Ï¡¢¾ÚÌÀ½ñ¤ÎÍ­¸ú³«»ÏÆü»þ¤Ç¤¹¡£valDays°ú¿ô¤Ï¡¢¾ÚÌÀ½ñ¤ÎÍ­¸úÆü¿ô¤ò¼¨¤·¤Þ¤¹¡£

dname¤ò»ØÄꤹ¤ë¤È¡¢À¸À®¤µ¤ì¤ë¾ÚÌÀ½ñ¤Î¼çÂΤȤ·¤Æ»ÈÍѤµ¤ì¤Þ¤¹¡£¤½¤ì°Ê³°¤Î¾ì¹ç¤Ï¡¢¾ÚÌÀ½ñ¥ê¥¯¥¨¥¹¥È¤«¤é¤Î̾Á°¤¬»ÈÍѤµ¤ì¤Þ¤¹¡£

extÃͤϡ¢¾ÚÌÀ½ñ¤ËËä¤á¹þ¤Þ¤ì¤ëX.509¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤ò¼¨¤·¤Þ¤¹¡£-ext¤Î¹½Ê¸¤Ë¤Ä¤¤¤Æ¤Ï¡¢°ìÈÌ¥ª¥×¥·¥ç¥ó¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£

-gencert¥ª¥×¥·¥ç¥ó¤ò»ÈÍѤ¹¤ë¤È¡¢¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤òºîÀ®¤Ç¤­¤Þ¤¹¡£¼¡¤ÎÎã¤Ç¤Ï¡¢e1¤È¤¤¤¦¾ÚÌÀ½ñ¤òºîÀ®¤·¤Þ¤¹¡£¤³¤Î¾ÚÌÀ½ñ¤Î¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Ë¤Ï¡¢3¤Ä¤Î¾ÚÌÀ½ñ¤¬´Þ¤Þ¤ì¤Æ¤¤¤Þ¤¹¡£

¼¡¤Î¥³¥Þ¥ó¥É¤Ï¡¢ca¡¢ca1¡¢ca2¤ª¤è¤Óe1¤Î4¤Ä¤Î¸°¥Ú¥¢¤òºîÀ®¤·¤Þ¤¹¡£

keytool -alias ca -dname CN=CA -genkeypair
keytool -alias ca1 -dname CN=CA -genkeypair
keytool -alias ca2 -dname CN=CA -genkeypair
keytool -alias e1 -dname CN=E1 -genkeypair
¼¡¤Î2¤Ä¤Î¥³¥Þ¥ó¥É¤Ï¡¢½ð̾ÉÕ¤­¾ÚÌÀ½ñ¤Î¥Á¥§¡¼¥ó¤òºîÀ®¤·¤Þ¤¹¡£ca¤Ïca1¤Ë½ð̾¤·¡¢ca1¤Ïca2¤Ë½ð̾¤·¤Þ¤¹¡£¤¹¤Ù¤Æ¼«¸Êȯ¹Ô¤Ç¤¹¡£
keytool -alias ca1 -certreq |
    keytool -alias ca -gencert -ext san=dns:ca1 |
    keytool -alias ca1 -importcert
keytool -alias ca2 -certreq |
    $KT -alias ca1 -gencert -ext san=dns:ca2 |
    $KT -alias ca2 -importcert
¼¡¤Î¥³¥Þ¥ó¥É¤Ï¡¢¾ÚÌÀ½ñe1¤òºîÀ®¤·¤Æ¥Õ¥¡¥¤¥ëe1.cert¤Ë³ÊǼ¤·¤Þ¤¹¡£¤³¤Î¾ÚÌÀ½ñ¤Ïca2¤Ë¤è¤Ã¤Æ½ð̾¤µ¤ì¤Þ¤¹¡£¤½¤Î·ë²Ì¡¢e1¤Î¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Ë¤Ïca¡¢ca1¤ª¤è¤Óca2¤¬´Þ¤Þ¤ì¤ë¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£
keytool -alias e1 -certreq | keytool -alias ca2 -gencert > e1.cert

-genkeypair

{-alias alias} {-keyalg keyalg} {-keysize keysize} {-sigalg sigalg}
[-dname dname] [-keypass keypass] {-startdate value} {-ext ext}*
{-validity valDays} {-storetype storetype} {-keystore keystore}
[-storepass storepass]
{-providerClass provider_class_name {-providerArg provider_arg}}
{-v} {-protected} {-Jjavaoption}
¸°¤Î¥Ú¥¢(¸ø³«¸°¤ª¤è¤Ó´ØÏ¢¤¹¤ëÈëÌ©¸°)¤òÀ¸À®¤·¤Þ¤¹¡£¸ø³«¸°¤ÏX.509 v3¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Ç¥é¥Ã¥×¤µ¤ì¤Þ¤¹¡£¾ÚÌÀ½ñ¤Ï¡¢Ã±°ì¤ÎÍ×ÁǤò»ý¤Ä¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤È¤·¤Æ³ÊǼ¤µ¤ì¤Þ¤¹¡£¤³¤Î¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤ÈÈëÌ©¸°¤Ï¡¢alias¤ÇÆÃÄꤵ¤ì¤ë¿·¤·¤¤¥­¡¼¥¹¥È¥¢¡¦¥¨¥ó¥È¥ê¤Ë³ÊǼ¤µ¤ì¤Þ¤¹¡£

keyalgÃͤϸ°¥Ú¥¢¤ÎÀ¸À®¤Ë»ÈÍѤ¹¤ë¥¢¥ë¥´¥ê¥º¥à¤ò¡¢keysizeÃͤÏÀ¸À®¤¹¤ë³Æ¸°¤Î¥µ¥¤¥º¤ò¡¢¤½¤ì¤¾¤ì»ØÄꤷ¤Þ¤¹¡£sigalgÃͤϡ¢¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Ë½ð̾¤òÉÕ¤±¤ë¤¿¤á¤Ë»ÈÍѤ¹¤ë¥¢¥ë¥´¥ê¥º¥à¤ò»ØÄꤷ¤Þ¤¹¡£¤³¤Î¥¢¥ë¥´¥ê¥º¥à¤ÏkeyalgÃͤȸߴ¹À­¤¬¤¢¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£

dnameÃͤˤϡ¢aliasÃͤ˴ØÏ¢ÉÕ¤±¡¢¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Îissuer¥Õ¥£¡¼¥ë¥É¤Èsubject¥Õ¥£¡¼¥ë¥É¤È¤·¤Æ»ÈÍѤ¹¤ëX.500¼±ÊÌ̾¤ò»ØÄꤷ¤Þ¤¹¡£¥³¥Þ¥ó¥É¹Ô¤Ç¼±ÊÌ̾¤ò»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï¡¢¼±ÊÌ̾¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£

keypassÃͤˤϡ¢À¸À®¤µ¤ì¤ë¸°¤Î¥Ú¥¢¤Î¤¦¤Á¡¢ÈëÌ©¸°¤òÊݸ¤ë¤Î¤Ë»ÈÍѤ¹¤ë¥Ñ¥¹¥ï¡¼¥É¤ò»ØÄꤷ¤Þ¤¹¡£¥Ñ¥¹¥ï¡¼¥É¤ò»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï¡¢¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£¤³¤Î¤È¤­¡¢[Return]¥­¡¼¤ò²¡¤¹¤È¡¢¥­¡¼¥¹¥È¥¢¤Î¥Ñ¥¹¥ï¡¼¥É¤ÈƱ¤¸¥Ñ¥¹¥ï¡¼¥É¤¬¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤ËÀßÄꤵ¤ì¤Þ¤¹¡£keypassÃͤϡ¢6ʸ»ú°Ê¾å¤Ë¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£

startdateÃͤˤϡ¢¾ÚÌÀ½ñ¤Îȯ¹Ô»þ¹ï¤ò»ØÄꤷ¤Þ¤¹¡£¤³¤ì¤Ï¡¢X.509¾ÚÌÀ½ñ¤Î¡ÖValidity¡×¥Õ¥£¡¼¥ë¥É¤Î¡ÖNot Before¡×ÃͤȤâ¸Æ¤Ð¤ì¤Þ¤¹¡£

¥ª¥×¥·¥ç¥ó¤ÎÃͤϡ¢¼¡¤Î2¤Ä¤Î·Á¼°¤Î¤¤¤º¤ì¤«¤ÇÀßÄê¤Ç¤­¤Þ¤¹¡£

([+-]nnn[ymdHMS])+

[yyyy/mm/dd] [HH:MM:SS]

ºÇ½é¤Î·Á¼°¤Ç¤Ï¡¢È¯¹Ô»þ¹ï¤Ï¡¢»ØÄꤵ¤ì¤ëÃͤÎʬ¡¢¸½ºß¤Î»þ¹ï¤«¤é°Ü¤ê¤Þ¤¹¡£»ØÄꤵ¤ì¤ëÃͤϡ¢°ìÏ¢¤Î²¼°Ì¤ÎÃͤòÏ¢·ë¤·¤¿¤â¤Î¤Ë¤Ê¤ê¤Þ¤¹¡£²¼°Ì¤Î³ÆÃͤǡ¢¥×¥é¥¹µ­¹æ(¡Ö+¡×)¤Ï»þ´Ö¤¬¿Ê¤à¤³¤È¤ò¡¢¥Þ¥¤¥Ê¥¹µ­¹æ(¡Ö-¡×)¤Ï»þ´Ö¤¬Ìá¤ë¤³¤È¤ò°ÕÌ£¤·¤Æ¤¤¤Þ¤¹¡£°Ü¤ë»þ´Ö¤Ïnnn¤Ç¡¢Ã±°Ì¤Ïǯ¡¢·î¡¢Æü¡¢»þ´Ö¡¢Ê¬¤Þ¤¿¤ÏÉäǤ¹(¤½¤ì¤¾¤ì¡¢1ʸ»ú¤Îy¡¢m¡¢d¡¢H¡¢M¤Þ¤¿¤ÏS¡×¤Ç¼¨¤µ¤ì¤Æ¤¤¤Þ¤¹)¡£²¼°Ì¤Î³ÆÃͤÇjava.util.GregorianCalendar.add(int field, int amount)¥á¥½¥Ã¥É¤ò»ÈÍѤ¹¤ë¤³¤È¤Ç¡¢È¯¹Ô»þ¹ï¤ÎÄɲäÎÃͤ¬º¸¤«¤é±¦¤Ø·×»»¤µ¤ì¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢»ØÄꤹ¤ë¤È¡¢È¯¹Ô»þ¹ï¤Ï¼¡¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£

Calendar c = new GregorianCalendar();
c.add(Calendar.YEAR, -1);
c.add(Calendar.MONTH, 1);
c.add(Calendar.DATE, -1);
return c.getTime()
2ÈÖÌܤηÁ¼°¤Ç¤Ï¡¢¥æ¡¼¥¶¡¼¤Ï¡¢Ç¯/·î/Æü¤È»þ´Ö:ʬ:ÉäÎ2¤Ä¤ÎÉôʬ¤Ç¸·Ì©¤Ê³«»Ï»þ¹ï¤òÀßÄꤷ¤Þ¤¹(Ãϸµ¤Î»þ´ÖÂÓ¤ò»ÈÍÑ)¡£¥æ¡¼¥¶¡¼¤Ï¡¢1¤Ä¤ÎÉôʬ¤Î¤ß¤ò»ØÄê¤Ç¤­¤Þ¤¹¡£¤³¤ì¤Ï¡¢¤â¤¦1¤Ä¤ÎÉôʬ¤Ï¸½ºß¤ÎÆüÉÕ(¤Þ¤¿¤Ï»þ¹ï)¤ÈƱ¤¸¤Ë¤Ê¤ë¤È¤¤¤¦¤³¤È¤Ç¤¹¡£¥æ¡¼¥¶¡¼¤Ï¡¢·Á¼°¤ÎÄêµÁ¤Ë¼¨¤µ¤ì¤Æ¤¤¤ë¤è¤¦¤Ë¡¢·å¿ô¤ò¸·Ì©¤Ë»ØÄꤹ¤ëɬÍפ¬¤¢¤ê¤Þ¤¹(û¤¤¾ì¹ç¤Ï0¤ÇËä¤á¤Þ¤¹)¡£ÆüÉդȻþ¹ï¤ÎξÊý¤¬»ØÄꤵ¤ì¤¿¾õÂ֤ǡ¢2¤Ä¤ÎÉôʬ¤Î´Ö¤Ë¶õÇòʸ»ú¤¬1¤Ä(1¤Ä¤Î¤ß)¤¢¤ê¤Þ¤¹¡£»þ´Ö¤Ï¾ï¤Ë24»þ´Ö·Á¼°¤Ç»ØÄꤷ¤Æ¤¯¤À¤µ¤¤¡£

¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤Ê¤¤¤È¡¢³«»ÏÆüÉդϸ½ºß¤Î»þ¹ï¤Ë¤Ê¤ê¤Þ¤¹¡£¥ª¥×¥·¥ç¥ó¤Ï¡¢ºÇÂç¤Ç1²ó»ØÄê¤Ç¤­¤Þ¤¹¡£

valDays¤ÎÃͤˤϡ¢¾ÚÌÀ½ñ¤ÎÍ­¸úÆü¿ô¤ò»ØÄꤷ¤Þ¤¹(-startdate¤Ç»ØÄꤵ¤ì¤¿ÆüÉÕ¡¢¤Þ¤¿¤Ï-startdate¤¬»ØÄꤵ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¸½ºß¤ÎÆüÉÕ¤«¤é»Ï¤Þ¤ê¤Þ¤¹)¡£

¤³¤Î¥³¥Þ¥ó¥É¤Ï¡¢°ÊÁ°¤Î¥ê¥ê¡¼¥¹¤Ç¤Ï-genkey¤È¤¤¤¦Ì¾Á°¤Ç¤·¤¿¡£¤³¤Î¥ê¥ê¡¼¥¹¤Ç¤Ï¡¢°ú¤­Â³¤­¸Å¤¤Ì¾Á°¤¬¥µ¥Ý¡¼¥È¤µ¤ì¤Æ¤¤¤Þ¤¹¡£º£¸å¤Ï¡¢¿·¤·¤¤Ì¾Á°-genkeypair¤¬Í¥À褵¤ì¤Þ¤¹¡£

-genseckey

{-alias alias} {-keyalg keyalg} {-keysize keysize} [-keypass keypass]
{-storetype storetype} {-keystore keystore} [-storepass storepass]
{-providerClass provider_class_name {-providerArg provider_arg}} {-v}
{-protected} {-Jjavaoption}
ÈëÌ©¸°¤òÀ¸À®¤·¡¢¤½¤ì¤ò¿·¤·¤¤KeyStore.SecretKeyEntry(alias¤ÇÆÃÄꤵ¤ì¤ë)Æâ¤Ë³ÊǼ¤·¤Þ¤¹¡£

keyalgÃͤϸ°¥Ú¥¢¤ÎÀ¸À®¤Ë»ÈÍѤ¹¤ë¥¢¥ë¥´¥ê¥º¥à¤ò¡¢keysizeÃͤÏÀ¸À®¤¹¤ë³Æ¸°¤Î¥µ¥¤¥º¤ò¡¢¤½¤ì¤¾¤ì»ØÄꤷ¤Þ¤¹¡£keypassÃͤϡ¢ÈëÌ©¸°¤òÊݸ¤ë¥Ñ¥¹¥ï¡¼¥É¤Ç¤¹¡£¥Ñ¥¹¥ï¡¼¥É¤ò»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï¡¢¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£¤³¤Î¤È¤­¡¢[Return]¥­¡¼¤ò²¡¤¹¤È¡¢keystore¤Î¥Ñ¥¹¥ï¡¼¥É¤ÈƱ¤¸¥Ñ¥¹¥ï¡¼¥É¤¬¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤ËÀßÄꤵ¤ì¤Þ¤¹¡£keypassÃͤϡ¢6ʸ»ú°Ê¾å¤Ë¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£

-importcert

{-alias alias} {-file cert_file} [-keypass keypass] {-noprompt} {-trustcacerts}
{-storetype storetype} {-keystore keystore} [-storepass storepass]
{-providerName provider_name}
{-providerClass provider_class_name {-providerArg provider_arg}}
{-v} {-protected} {-Jjavaoption}
¥Õ¥¡¥¤¥ëcert_file¤«¤é¾ÚÌÀ½ñ¤Þ¤¿¤Ï¾ÚÌÀ½ñ¥Á¥§¡¼¥ó(¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Î¾ì¹ç¤Ï¡¢PKCS#7·Á¼°¤Î±þÅú¤Þ¤¿¤Ï°ìÏ¢¤ÎX.509¾ÚÌÀ½ñ¤ÇÄ󶡤µ¤ì¤ë¤â¤Î)¤òÆɤ߹þ¤ß¡¢alias¤Ë¤è¤Ã¤ÆÆÃÄꤵ¤ì¤ëkeystore¥¨¥ó¥È¥ê¤Ë³ÊǼ¤·¤Þ¤¹¡£¥Õ¥¡¥¤¥ë¤¬»ØÄꤵ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¡¢stdin¤«¤é¾ÚÌÀ½ñ¤Þ¤¿¤Ï¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤òÆɤ߹þ¤ß¤Þ¤¹¡£

keytool¥³¥Þ¥ó¥É¤Ç¤Ï¡¢X.509 v1¡¢v2¡¢v3¤Î¾ÚÌÀ½ñ¡¢¤ª¤è¤ÓPKCS#7·Á¼°¤Î¾ÚÌÀ½ñ¤«¤é¹½À®¤µ¤ì¤Æ¤¤¤ëPKCS#7·Á¼°¤Î¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤ò¥¤¥ó¥Ý¡¼¥È¤Ç¤­¤Þ¤¹¡£¥¤¥ó¥Ý¡¼¥È¤¹¤ë¥Ç¡¼¥¿¤Ï¡¢¥Ð¥¤¥Ê¥êÉä¹æ²½Êý¼°¡¢¤Þ¤¿¤Ï½ÐÎϲÄǽÉä¹æ²½Êý¼°(Base64Éä¹æ²½¤È¤â¸Æ¤Ð¤ì¤ë)¤Î¤É¤Á¤é¤«¤ÇÄ󶡤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£½ÐÎϲÄǽÉä¹æ²½Êý¼°¤Ï¡¢¥¤¥ó¥¿¡¼¥Í¥Ã¥ÈRFC 1421¾ÚÌÀ½ñÉä¹æ²½µ¬³Ê¤ÇÄêµÁ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£¤³¤ÎÉä¹æ²½Êý¼°¤Î¾ì¹ç¡¢¾ÚÌÀ½ñ¤Ï-----BEGIN¤Ç»Ï¤Þ¤ëʸ»úÎó¤Ç³«»Ï¤µ¤ì¡¢-----END¤Ç»Ï¤Þ¤ëʸ»úÎó¤Ç½ªÎ»¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£

¾ÚÌÀ½ñ¤Ï¡¢¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¤Î¥ê¥¹¥È¤ËÄɲ乤뤿¤á¡¢¤ª¤è¤Óǧ¾Ú¶É(CA)¤Ë¾ÚÌÀ½ñ½ð̾¥ê¥¯¥¨¥¹¥È¤òÁ÷¿®¤·¤¿·ë²Ì¤È¤·¤ÆCA¤«¤é¼õ¿®¤·¤¿¾ÚÌÀ½ñ±þÅú¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ë¤¿¤á(¤Î-certreq¥³¥Þ¥ó¥É¥ª¥×¥·¥ç¥ó¤ò»²¾È)¤È¤¤¤¦2¤Ä¤ÎÍýͳ¤Ç¥¤¥ó¥Ý¡¼¥È¤·¤Þ¤¹¡£

¤É¤Á¤é¤Î¥¿¥¤¥×¤Î¥¤¥ó¥Ý¡¼¥È¤ò¹Ô¤¦¤«¤Ï¡¢-alias¥ª¥×¥·¥ç¥ó¤ÎÃͤˤè¤Ã¤Æ»ØÄꤷ¤Þ¤¹¡£ÊÌ̾¤¬¥­¡¼¡¦¥¨¥ó¥È¥ê¤ò¥Ý¥¤¥ó¥È¤·¤Ê¤¤¾ì¹ç¡¢keytool¥³¥Þ¥ó¥É¤Ï¥æ¡¼¥¶¡¼¤¬¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¥¨¥ó¥È¥ê¤òÄɲ䷤褦¤È¤·¤Æ¤¤¤ë¤â¤Î¤È¤ß¤Ê¤·¤Þ¤¹¡£¤³¤Î¾ì¹ç¡¢ÊÌ̾¤¬¥­¡¼¥¹¥È¥¢Æâ¤Ë¸ºß¤·¤Æ¤¤¤Ê¤¤¤³¤È¤¬É¬ÍפǤ¹¡£ÊÌ̾¤¬¤¹¤Ç¤Ë¸ºß¤·¤Æ¤¤¤ë¾ì¹ç¡¢¤½¤ÎÊÌ̾¤Î¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¤¬¤¹¤Ç¤Ë¸ºß¤¹¤ë¤³¤È¤Ë¤Ê¤ë¤Î¤Ç¡¢keytool¥³¥Þ¥ó¥É¤Ï¥¨¥é¡¼¤ò½ÐÎϤ·¡¢¾ÚÌÀ½ñ¤Î¥¤¥ó¥Ý¡¼¥È¤ò¹Ô¤¤¤Þ¤»¤ó¡£ÊÌ̾¤¬¥­¡¼¡¦¥¨¥ó¥È¥ê¤ò¥Ý¥¤¥ó¥È¤¹¤ë¾ì¹ç¡¢keytool¥³¥Þ¥ó¥É¤Ï¥æ¡¼¥¶¡¼¤¬¾ÚÌÀ½ñ±þÅú¤ò¥¤¥ó¥Ý¡¼¥È¤·¤è¤¦¤È¤·¤Æ¤¤¤ë¤â¤Î¤È¤ß¤Ê¤·¤Þ¤¹¡£

-importpassword

{-alias alias} [-keypass keypass] {-storetype storetype} {-keystore keystore}
[-storepass storepass]
{-providerClass provider_class_name {-providerArg provider_arg}}
{-v} {-protected} {-Jjavaoption}
¥Ñ¥¹¥Õ¥ì¡¼¥º¤ò¥¤¥ó¥Ý¡¼¥È¤·¡¢alias¤Ç¼±Ê̤µ¤ì¤ë¿·µ¬KeyStore.SecretKeyEntry¤Ë³ÊǼ¤·¤Þ¤¹¡£¥Ñ¥¹¥Õ¥ì¡¼¥º¤Ï¡¢É¸½àÆþÎÏ¥¹¥È¥ê¡¼¥à¤ò²ð¤·¤ÆÄ󶡤Ǥ­¤Þ¤¹¡£¤Þ¤¿¤Ï¡¢¥æ¡¼¥¶¡¼¤Ë¤½¤Î¥×¥í¥ó¥×¥È¤¬É½¼¨¤µ¤ì¤Þ¤¹¡£keypass¤Ï¡¢¥¤¥ó¥Ý¡¼¥È¤µ¤ì¤ë¥Ñ¥¹¥Õ¥ì¡¼¥º¤ÎÊݸî¤Ë»ÈÍѤµ¤ì¤ë¥Ñ¥¹¥ï¡¼¥É¤Ç¤¹¡£¥Ñ¥¹¥ï¡¼¥É¤ò»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï¡¢¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£¤³¤Î¤È¤­¡¢[Return]¥­¡¼¤ò²¡¤¹¤È¡¢keystore¤Î¥Ñ¥¹¥ï¡¼¥É¤ÈƱ¤¸¥Ñ¥¹¥ï¡¼¥É¤¬¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤ËÀßÄꤵ¤ì¤Þ¤¹¡£keypass¤Ï¡¢6ʸ»ú°Ê¾å¤Ë¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£

-importkeystore

{-srcstoretype srcstoretype} {-deststoretype deststoretype}
[-srcstorepass srcstorepass] [-deststorepass deststorepass] {-srcprotected}
{-destprotected} 
{-srcalias srcalias {-destalias destalias} [-srckeypass srckeypass]} 
[-destkeypass destkeypass] {-noprompt}
{-srcProviderName src_provider_name} {-destProviderName dest_provider_name}
{-providerClass provider_class_name {-providerArg provider_arg}} {-v}
{-protected} {-Jjavaoption}
¥½¡¼¥¹¡¦¥­¡¼¥¹¥È¥¢¤«¤é¥¿¡¼¥²¥Ã¥È¡¦¥­¡¼¥¹¥È¥¢¤Ø¡¢Ã±°ì¤Î¥¨¥ó¥È¥ê¤Þ¤¿¤Ï¤¹¤Ù¤Æ¤Î¥¨¥ó¥È¥ê¤ò¥¤¥ó¥Ý¡¼¥È¤·¤Þ¤¹¡£

-srcalias¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤¿¾ì¹ç¡¢¤³¤Î¥³¥Þ¥ó¥É¤Ï¡¢¤½¤ÎÊÌ̾¤ÇÆÃÄꤵ¤ì¤ëñ°ì¤Î¥¨¥ó¥È¥ê¤ò¥¿¡¼¥²¥Ã¥È¡¦¥­¡¼¥¹¥È¥¢¤Ë¥¤¥ó¥Ý¡¼¥È¤·¤Þ¤¹¡£destalias·Ðͳ¤Ç¥¿¡¼¥²¥Ã¥ÈÊÌ̾¤¬»ØÄꤵ¤ì¤Ê¤«¤Ã¤¿¾ì¹ç¡¢srcalias¤¬¥¿¡¼¥²¥Ã¥ÈÊÌ̾¤È¤·¤Æ»ÈÍѤµ¤ì¤Þ¤¹¡£¥½¡¼¥¹¤Î¥¨¥ó¥È¥ê¤¬¥Ñ¥¹¥ï¡¼¥É¤ÇÊݸ¤ì¤Æ¤¤¤¿¾ì¹ç¡¢srckeypass¤ò»ÈÍѤ·¤Æ¤½¤Î¥¨¥ó¥È¥ê¤¬²óÉü¤µ¤ì¤Þ¤¹¡£srckeypass¤¬»ØÄꤵ¤ì¤Ê¤«¤Ã¤¿¾ì¹ç¡¢keytool¥³¥Þ¥ó¥É¤Ïsrcstorepass¤ò»ÈÍѤ·¤Æ¤½¤Î¥¨¥ó¥È¥ê¤ò²óÉü¤·¤è¤¦¤È¤·¤Þ¤¹¡£srcstorepass¤¬»ØÄꤵ¤ì¤Ê¤«¤Ã¤¿¤«Àµ¤·¤¯¤Ê¤«¤Ã¤¿¾ì¹ç¡¢¥æ¡¼¥¶¡¼¤Ï¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£¥¿¡¼¥²¥Ã¥È¤Î¥¨¥ó¥È¥ê¤Ïdestkeypass¤Ë¤è¤Ã¤ÆÊݸ¤ì¤Þ¤¹¡£destkeypass¤¬»ØÄꤵ¤ì¤Ê¤«¤Ã¤¿¾ì¹ç¡¢¥¿¡¼¥²¥Ã¥È¡¦¥¨¥ó¥È¥ê¤Ï¥½¡¼¥¹¡¦¥¨¥ó¥È¥ê¤Î¥Ñ¥¹¥ï¡¼¥É¤Ë¤è¤Ã¤ÆÊݸ¤ì¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢¤Û¤È¤ó¤É¤Î¥µ¡¼¥É¡¦¥Ñ¡¼¥Æ¥£¡¦¥Ä¡¼¥ë¤Ç¤Ï¡¢PKCS #12¥­¡¼¥¹¥È¥¢¤Çstorepass¤Èkeypass¤¬Æ±¤¸¤Ç¤¢¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¤³¤ì¤é¤Î¥Ä¡¼¥ë¤ÎPKCS #12¥­¡¼¥¹¥È¥¢¤òºîÀ®¤¹¤ë¾ì¹ç¤Ï¡¢¾ï¤Ë-destkeypass¤È-deststorepass¤¬Æ±¤¸¤Ë¤Ê¤ë¤è¤¦¤Ë»ØÄꤷ¤Þ¤¹¡£

-srcalias¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Ê¤«¤Ã¤¿¾ì¹ç¡¢¥½¡¼¥¹¡¦¥­¡¼¥¹¥È¥¢Æâ¤Î¤¹¤Ù¤Æ¤Î¥¨¥ó¥È¥ê¤¬¥¿¡¼¥²¥Ã¥È¡¦¥­¡¼¥¹¥È¥¢Æâ¤Ë¥¤¥ó¥Ý¡¼¥È¤µ¤ì¤Þ¤¹¡£³Æ¥¿¡¼¥²¥Ã¥È¡¦¥¨¥ó¥È¥ê¤ÏÂбþ¤¹¤ë¥½¡¼¥¹¡¦¥¨¥ó¥È¥ê¤ÎÊÌ̾¤Î²¼¤Ë³ÊǼ¤µ¤ì¤Þ¤¹¡£¥½¡¼¥¹¤Î¥¨¥ó¥È¥ê¤¬¥Ñ¥¹¥ï¡¼¥É¤ÇÊݸ¤ì¤Æ¤¤¤¿¾ì¹ç¡¢srcstorepass¤ò»ÈÍѤ·¤Æ¤½¤Î¥¨¥ó¥È¥ê¤¬²óÉü¤µ¤ì¤Þ¤¹¡£srcstorepass¤¬»ØÄꤵ¤ì¤Ê¤«¤Ã¤¿¤«Àµ¤·¤¯¤Ê¤«¤Ã¤¿¾ì¹ç¡¢¥æ¡¼¥¶¡¼¤Ï¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£¥½¡¼¥¹¡¦¥­¡¼¥¹¥È¥¢Æâ¤Î¤¢¤ë¥¨¥ó¥È¥ê¡¦¥¿¥¤¥×¤¬¥¿¡¼¥²¥Ã¥È¡¦¥­¡¼¥¹¥È¥¢¤Ç¥µ¥Ý¡¼¥È¤µ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤ä¡¢¤¢¤ë¥¨¥ó¥È¥ê¤ò¥¿¡¼¥²¥Ã¥È¡¦¥­¡¼¥¹¥È¥¢¤Ë³ÊǼ¤¹¤ëºÝ¤Ë¥¨¥é¡¼¤¬È¯À¸¤·¤¿¾ì¹ç¡¢¥æ¡¼¥¶¡¼¤Ï¤½¤Î¥¨¥ó¥È¥ê¤ò¥¹¥­¥Ã¥×¤·¤Æ½èÍý¤ò³¹Ô¤¹¤ë¤«¡¢¤Þ¤¿¤ÏÃæ»ß¤¹¤ë¤«¤ÎÁªÂò¤òµá¤á¤é¤ì¤Þ¤¹¡£¥¿¡¼¥²¥Ã¥È¡¦¥¨¥ó¥È¥ê¤Ï¥½¡¼¥¹¡¦¥¨¥ó¥È¥ê¤Î¥Ñ¥¹¥ï¡¼¥É¤Ë¤è¤Ã¤ÆÊݸ¤ì¤Þ¤¹¡£

¥¿¡¼¥²¥Ã¥ÈÊÌ̾¤¬¥¿¡¼¥²¥Ã¥È¡¦¥­¡¼¥¹¥È¥¢Æâ¤Ë¤¹¤Ç¤Ë¸ºß¤·¤Æ¤¤¤¿¾ì¹ç¡¢¥æ¡¼¥¶¡¼¤Ï¡¢¤½¤Î¥¨¥ó¥È¥ê¤ò¾å½ñ¤­¤¹¤ë¤«¡¢¤¢¤ë¤¤¤Ï°Û¤Ê¤ëÊÌ̾¤Î²¼¤Ç¿·¤·¤¤¥¨¥ó¥È¥ê¤òºîÀ®¤¹¤ë¤«¤ÎÁªÂò¤òµá¤á¤é¤ì¤Þ¤¹¡£

-noprompt¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤¿¾ì¹ç¡¢¥æ¡¼¥¶¡¼¤Ï¿·¤·¤¤¥¿¡¼¥²¥Ã¥ÈÊÌ̾¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤»¤ó¡£´û¸¤Î¥¨¥ó¥È¥ê¤¬¤½¤Î¥¿¡¼¥²¥Ã¥ÈÊÌ̾¤Ç¾å½ñ¤­¤µ¤ì¤Þ¤¹¡£¥¤¥ó¥Ý¡¼¥È¤Ç¤­¤Ê¤¤¥¨¥ó¥È¥ê¤Ï¥¹¥­¥Ã¥×¤µ¤ì¡¢·Ù¹ð¤¬½ÐÎϤµ¤ì¤Þ¤¹¡£

-printcertreq

{-file file}
PKCS#10·Á¼°¤Î¾ÚÌÀ½ñ¥ê¥¯¥¨¥¹¥È¤ÎÆâÍƤò½ÐÎϤ·¤Þ¤¹¡£¤³¤Î¥ê¥¯¥¨¥¹¥È¤Ï¡¢keytool -certreq¥³¥Þ¥ó¥É¤ÇÀ¸À®¤Ç¤­¤Þ¤¹¡£¤³¤Î¥³¥Þ¥ó¥É¤Ï¡¢¥Õ¥¡¥¤¥ë¤«¤é¥ê¥¯¥¨¥¹¥È¤òÆɤ߼è¤ê¤Þ¤¹¡£¥Õ¥¡¥¤¥ë¤¬Â¸ºß¤·¤Ê¤¤¾ì¹ç¡¢¥ê¥¯¥¨¥¹¥È¤Ïɸ½àÆþÎϤ«¤éÆɤ߼è¤é¤ì¤Þ¤¹¡£

-certreq

{-alias alias} {-dname dname} {-sigalg sigalg} {-file certreq_file}
[-keypass keypass] {-storetype storetype} {-keystore keystore}
[-storepass storepass] {-providerName provider_name}
{-providerClass provider_class_name {-providerArg provider_arg}}
{-v} {-protected} {-Jjavaoption}
PKCS#10·Á¼°¤ò»ÈÍѤ·¤Æ¾ÚÌÀ½ñ½ð̾¥ê¥¯¥¨¥¹¥È(CSR)¤òÀ¸À®¤·¤Þ¤¹¡£

CSR¤Ï¡¢¾ÚÌÀ½ñȯ¹Ô¶É(CA)¤ËÁ÷¿®¤¹¤ë¤³¤È¤òÌÜŪ¤È¤·¤¿¤â¤Î¤Ç¤¹¡£CA¤Ï¡¢¾ÚÌÀ½ñÍ×µá¼Ô¤ò(Ä̾ï¤Ï¥ª¥Õ¥é¥¤¥ó¤Ç)ǧ¾Ú¤·¡¢¾ÚÌÀ½ñ¤Þ¤¿¤Ï¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤òÁ÷¤êÊÖ¤·¤Þ¤¹¡£¤³¤Î¾ÚÌÀ½ñ¤Þ¤¿¤Ï¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Ï¡¢¥­¡¼¥¹¥È¥¢Æâ¤Î´û¸¤Î¾ÚÌÀ½ñ¥Á¥§¡¼¥ó(ºÇ½é¤Ï1¤Ä¤Î¼«¸Ê½ð̾¾ÚÌÀ½ñ¤«¤é¹½À®¤µ¤ì¤ë)¤ËÃÖ¤­´¹¤¨¤Æ»ÈÍѤ·¤Þ¤¹¡£

alias¤Ë´ØÏ¢ÉÕ¤±¤é¤ì¤¿ÈëÌ©¸°¤Ï¡¢PKCS#10¾ÚÌÀ½ñ¥ê¥¯¥¨¥¹¥È¤òºîÀ®¤¹¤ë¤Î¤Ë»ÈÍѤµ¤ì¤Þ¤¹¡£ÈëÌ©¸°¤Ë¥¢¥¯¥»¥¹¤¹¤ë¤Ë¤Ï¡¢Àµ¤·¤¤¥Ñ¥¹¥ï¡¼¥É¤ò»ØÄꤹ¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¥³¥Þ¥ó¥É¹Ô¤Çkeypass¤ò»ØÄꤷ¤Æ¤ª¤é¤º¡¢ÈëÌ©¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤¬¥­¡¼¥¹¥È¥¢¤Î¥Ñ¥¹¥ï¡¼¥É¤È°Û¤Ê¤ë¾ì¹ç¤Ï¡¢ÈëÌ©¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£dname¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ï¡¢¤½¤ì¤¬CSR¤Ç¼çÂΤȤ·¤Æ»ÈÍѤµ¤ì¤Þ¤¹¡£¤½¤ì°Ê³°¤Î¾ì¹ç¤Ï¡¢ÊÌ̾¤Ë´ØÏ¢ÉÕ¤±¤é¤ì¤¿X.500¼±ÊÌ̾¤¬»ÈÍѤµ¤ì¤Þ¤¹¡£

sigalgÃͤˤϡ¢CSR¤Ë½ð̾¤òÉÕ¤±¤ë¤È¤­¤Ë»ÈÍѤ¹¤ë¥¢¥ë¥´¥ê¥º¥à¤ò»ØÄꤷ¤Þ¤¹¡£

CSR¤Ï¡¢¥Õ¥¡¥¤¥ëcertreq_file¤Ë³ÊǼ¤µ¤ì¤Þ¤¹¡£¥Õ¥¡¥¤¥ë¤¬»ØÄꤵ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¡¢stdout¤ËCSR¤¬½ÐÎϤµ¤ì¤Þ¤¹¡£

CA¤«¤é¤Î¥ì¥¹¥Ý¥ó¥¹¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ë¤Ë¤Ï¡¢importcert¥³¥Þ¥ó¥É¤ò»ÈÍѤ·¤Þ¤¹¡£

-exportcert

{-alias alias} {-file cert_file} {-storetype storetype} {-keystore keystore}
[-storepass storepass] {-providerName provider_name}
{-providerClass provider_class_name {-providerArg provider_arg}}
{-rfc} {-v} {-protected} {-Jjavaoption}
alias¤Ë´ØÏ¢ÉÕ¤±¤é¤ì¤¿¾ÚÌÀ½ñ¤ò¥­¡¼¥¹¥È¥¢¤«¤éÆɤ߹þ¤ß¡¢¥Õ¥¡¥¤¥ëcert_file¤Ë³ÊǼ¤·¤Þ¤¹¡£¥Õ¥¡¥¤¥ë¤¬»ØÄꤵ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¡¢stdout¤Ë¾ÚÌÀ½ñ¤¬½ÐÎϤµ¤ì¤Þ¤¹¡£

¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢¾ÚÌÀ½ñ¤Ï¥Ð¥¤¥Ê¥êÉä¹æ²½¤Ç½ÐÎϤµ¤ì¤Þ¤¹¡£-rfc¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢½ÐÎϲÄǽÉä¹æ²½Êý¼°¤Î½ÐÎϤϥ¤¥ó¥¿¡¼¥Í¥Ã¥ÈRFC 1421¾ÚÌÀ½ñÉä¹æ²½µ¬³Ê¤ÇÄêµÁ¤µ¤ì¤Þ¤¹¡£

alias¤¬¡¢¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¤ò»²¾È¤·¤Æ¤¤¤ë¾ì¹ç¤Ï¡¢³ºÅö¤¹¤ë¾ÚÌÀ½ñ¤¬½ÐÎϤµ¤ì¤Þ¤¹¡£¤½¤ì°Ê³°¤Î¾ì¹ç¡¢alias¤Ï¡¢´ØÏ¢ÉÕ¤±¤é¤ì¤¿¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤ò»ý¤Ä¸°¥¨¥ó¥È¥ê¤ò»²¾È¤·¤Þ¤¹¡£¤³¤Î¾ì¹ç¤Ï¡¢¥Á¥§¡¼¥óÆâ¤ÎºÇ½é¤Î¾ÚÌÀ½ñ¤¬ÊÖ¤µ¤ì¤Þ¤¹¡£¤³¤Î¾ÚÌÀ½ñ¤Ï¡¢alias¤Ë¤è¤Ã¤Æɽ¤µ¤ì¤ë¥¨¥ó¥Æ¥£¥Æ¥£¤Î¸ø³«¸°¤òǧ¾Ú¤¹¤ë¾ÚÌÀ½ñ¤Ç¤¹¡£

¤³¤Î¥³¥Þ¥ó¥É¤Ï¡¢°ÊÁ°¤Î¥ê¥ê¡¼¥¹¤Ç¤Ï-export¤È¤¤¤¦Ì¾Á°¤Ç¤·¤¿¡£¤³¤Î¥ê¥ê¡¼¥¹¤Ç¤Ï¡¢°ú¤­Â³¤­¸Å¤¤Ì¾Á°¤¬¥µ¥Ý¡¼¥È¤µ¤ì¤Æ¤¤¤Þ¤¹¡£º£¸å¤Ï¡¢¿·¤·¤¤Ì¾Á°-exportcert¤¬Í¥À褵¤ì¤Þ¤¹¡£

-list

{-alias alias} {-storetype storetype} {-keystore keystore} [-storepass storepass]
{-providerName provider_name}
{-providerClass provider_class_name {-providerArg provider_arg}}
{-v | -rfc} {-protected} {-Jjavaoption}
alias¤ÇÆÃÄꤵ¤ì¤ë¥­¡¼¥¹¥È¥¢¡¦¥¨¥ó¥È¥ê¤ÎÆâÍƤòstdout¤Ë½ÐÎϤ·¤Þ¤¹¡£alias¤¬»ØÄꤵ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¡¢¥­¡¼¥¹¥È¥¢Á´ÂΤÎÆâÍƤ¬É½¼¨¤µ¤ì¤Þ¤¹¡£

¤³¤Î¥³¥Þ¥ó¥É¤Ï¡¢¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¾ÚÌÀ½ñ¤ÎSHA1¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤òɽ¼¨¤·¤Þ¤¹¡£ -v¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ï¡¢½êÍ­¼Ô¡¢È¯¹Ô¼Ô¡¢¥·¥ê¥¢¥ëÈֹ桢³ÈÄ¥µ¡Ç½¤Ê¤É¤ÎÉÕ²ÃŪ¤Ê¾ðÊó¤È¤È¤â¤Ë¡¢¿Í´Ö¤¬Æɤळ¤È¤Î¤Ç¤­¤ë·Á¼°¤Ç¾ÚÌÀ½ñ¤¬É½¼¨¤µ¤ì¤Þ¤¹¡£-rfc¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ï¡¢½ÐÎϲÄǽÉä¹æ²½Êý¼°¤Ç¾ÚÌÀ½ñ¤ÎÆâÍƤ¬½ÐÎϤµ¤ì¤Þ¤¹¡£½ÐÎϲÄǽÉä¹æ²½Êý¼°¤Ï¡¢¥¤¥ó¥¿¡¼¥Í¥Ã¥ÈRFC 1421¾ÚÌÀ½ñÉä¹æ²½µ¬³Ê¤ÇÄêµÁ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£

-v¥ª¥×¥·¥ç¥ó¤È-rfc¥ª¥×¥·¥ç¥ó¤òƱ»þ¤Ë»ØÄꤹ¤ë¤³¤È¤Ï¤Ç¤­¤Þ¤»¤ó¡£

-printcert

{-file cert_file | -sslserver host[:port]} {-jarfile JAR_file {-rfc} {-v}
{-Jjavaoption}
¥Õ¥¡¥¤¥ëcert_file¡¢host:port¤Ë¤¢¤ëSSL¥µ¡¼¥Ð¡¼¡¢¤Þ¤¿¤Ï½ð̾ÉÕ¤­JAR¥Õ¥¡¥¤¥ëJAR_file(-jarfile¥ª¥×¥·¥ç¥ó¤ò»ØÄê)¤«¤é¾ÚÌÀ½ñ¤òÆɤ߹þ¤ß¡¢¿Í´Ö¤¬Æɤळ¤È¤Î¤Ç¤­¤ë·Á¼°¤Ç¾ÚÌÀ½ñ¤ÎÆâÍƤòɽ¼¨¤·¤Þ¤¹¡£¥Ý¡¼¥È¤¬»ØÄꤵ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¡¢É¸½à¤ÎHTTPS¥Ý¡¼¥È443¤¬ÁÛÄꤵ¤ì¤Þ¤¹¡£-sslserver¤ª¤è¤Ó-file¥ª¥×¥·¥ç¥ó¤òƱ»þ¤Ë»ØÄꤹ¤ë¤³¤È¤Ï¤Ç¤­¤Þ¤»¤ó¡£¤½¤ì°Ê³°¤Î¾ì¹ç¡¢¥¨¥é¡¼¤¬Êó¹ð¤µ¤ì¤Þ¤¹¡£¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¡¢stdin¤«¤é¾ÚÌÀ½ñ¤òÆɤ߹þ¤ß¤Þ¤¹¡£

-rfc¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢keytool¥³¥Þ¥ó¥É¤Ï¡¢¥¤¥ó¥¿¡¼¥Í¥Ã¥ÈRFC 1421¾ÚÌÀ½ñÉä¹æ²½É¸½à¤ÇÄêµÁ¤µ¤ì¤Æ¤¤¤ë¤è¤¦¤Ë¡¢PEM¥â¡¼¥É¤Ç¾ÚÌÀ½ñ¤ò½ÐÎϤ·¤Þ¤¹¡£¥¤¥ó¥¿¡¼¥Í¥Ã¥ÈRFC 1421¾ÚÌÀ½ñÉä¹æ²½µ¬³Ê¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£

¥Õ¥¡¥¤¥ë¤Þ¤¿¤Ïstdin¤«¤é¾ÚÌÀ½ñ¤òÆɤ߹þ¤à¾ì¹ç¡¢¤½¤Î¾ÚÌÀ½ñ¤Ï¡¢¥¤¥ó¥¿¡¼¥Í¥Ã¥ÈRFC 1421¾ÚÌÀ½ñÉä¹æ²½É¸½à¤ÇÄêµÁ¤µ¤ì¤Æ¤¤¤ë¤è¤¦¤Ë¡¢¥Ð¥¤¥Ê¥êÉä¹æ²½Êý¼°¤Þ¤¿¤Ï½ÐÎϲÄǽÉä¹æ²½Êý¼°¤Çɽ¼¨¤Ç¤­¤Þ¤¹¡£

SSL¥µ¡¼¥Ð¡¼¤¬¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤ÎÇظå¤Ë¤¢¤ë¾ì¹ç¤Ï¡¢-J-Dhttps.proxyHost=proxyhost¤ª¤è¤Ó-J-Dhttps.proxyPort=proxyport¥ª¥×¥·¥ç¥ó¤ò¥³¥Þ¥ó¥É¹Ô¤Ç»ØÄꤷ¤Æ¡¢¥×¥í¥­¥·¡¦¥È¥ó¥Í¥ê¥ó¥°¤ò»ÈÍѤǤ­¤Þ¤¹¡£http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html¤Î ¡ÖJava Secure Socket Extension (JSSE) Reference Guide¡×¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤

Ãí°Õ: ¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¥­¡¼¥¹¥È¥¢¤È¤Ï´Ø·¸¤Ê¤¯»ÈÍѤǤ­¤Þ¤¹¡£

-printcrl

-file crl_ {-v}
¥Õ¥¡¥¤¥ëcrl_¤«¤é¾ÚÌÀ½ñ¼º¸ú¥ê¥¹¥È(CRL)¤òÆɤ߹þ¤ß¤Þ¤¹¡£CRL¤Ï¡¢È¯¹Ô¤·¤¿CA¤Ë¤è¤Ã¤Æ¼º¸ú¤µ¤ì¤¿¥Ç¥¸¥¿¥ë¾ÚÌÀ½ñ¤Î¥ê¥¹¥È¤Ç¤¹¡£CA¤Ï¡¢crl_¤òÀ¸À®¤·¤Þ¤¹¡£

Ãí°Õ: ¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¥­¡¼¥¹¥È¥¢¤È¤Ï´Ø·¸¤Ê¤¯»ÈÍѤǤ­¤Þ¤¹¡£

-storepasswd

[-new new_storepass] {-storetype storetype} {-keystore keystore}
[-storepass storepass] {-providerName provider_name}
{-providerClass provider_class_name {-providerArg provider_arg}}
{-v} {-Jjavaoption}
¥­¡¼¥¹¥È¥¢¤ÎÆâÍƤÎÀ°¹çÀ­¤òÊݸ¤ë¤¿¤á¤Ë»ÈÍѤ¹¤ë¥Ñ¥¹¥ï¡¼¥É¤òÊѹ¹¤·¤Þ¤¹¡£new_storepass¤Ë¤Ï¡¢¿·¤·¤¤¥Ñ¥¹¥ï¡¼¥É¤ò»ØÄꤷ¤Þ¤¹¡£new_storepass¤Ï¡¢6ʸ»ú°Ê¾å¤Ç¤¢¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£

-keypasswd

{-alias alias} [-keypass old_keypass] [-new new_keypass] {-storetype storetype}
{-keystore keystore} [-storepass storepass] {-providerName provider_name}
{-providerClass provider_class_name {-providerArg provider_arg}} {-v}
{-Jjavaoption}
alias¤Ë¤è¤Ã¤ÆÆÃÄꤵ¤ì¤ëÈó¸ø³«/ÈëÌ©¸°¤òÊݸ¤ë¤¿¤á¤Î¥Ñ¥¹¥ï¡¼¥É¤ò¡¢old_keypass¤«¤énew_keypass¤ËÊѹ¹¤·¤Þ¤¹¡£new_keypass¤Ï¡¢6ʸ»ú°Ê¾å¤Ç¤¢¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£

¥³¥Þ¥ó¥É¹Ô¤Ç-keypass¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤Æ¤ª¤é¤º¡¢¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤¬¥­¡¼¥¹¥È¥¢¤Î¥Ñ¥¹¥ï¡¼¥É¤È°Û¤Ê¤ë¾ì¹ç¤Ï¡¢¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£

¥³¥Þ¥ó¥É¹Ô¤Ç-new¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï¡¢¿·¤·¤¤¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£

-delete

[-alias alias] {-storetype storetype} {-keystore keystore} [-storepass storepass]
{-providerName provider_name}  
{-providerClass provider_class_name {-providerArg provider_arg}}
{-v} {-protected} {-Jjavaoption}
alias¤Ë¤è¤Ã¤ÆÆÃÄꤵ¤ì¤ë¥¨¥ó¥È¥ê¤ò¥­¡¼¥¹¥È¥¢¤«¤éºï½ü¤·¤Þ¤¹¡£¥³¥Þ¥ó¥É¹Ô¤ÇÊÌ̾¤ò»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï¡¢ÊÌ̾¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£

-changealias

{-alias alias} [-destalias destalias] [-keypass keypass] {-storetype storetype}
{-keystore keystore} [-storepass storepass] {-providerName provider_name}
{-providerClass provider_class_name {-providerArg provider_arg}} {-v}
{-protected} {-Jjavaoption}
»ØÄꤵ¤ì¤¿alias¤«¤é¿·¤·¤¤ÊÌ̾destalias¤Ø¡¢´û¸¤Î¥­¡¼¥¹¥È¥¢¡¦¥¨¥ó¥È¥ê¤ò°ÜÆ°¤·¤Þ¤¹¡£¥¿¡¼¥²¥Ã¥ÈÊÌ̾¤ò»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¡¢¥¿¡¼¥²¥Ã¥ÈÊÌ̾¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£¸µ¤Î¥¨¥ó¥È¥ê¤¬¥¨¥ó¥È¥ê¡¦¥Ñ¥¹¥ï¡¼¥É¤ÇÊݸ¤ì¤Æ¤¤¤¿¾ì¹ç¡¢-keypass¥ª¥×¥·¥ç¥ó¤Ç¤½¤Î¥Ñ¥¹¥ï¡¼¥É¤ò»ØÄê¤Ç¤­¤Þ¤¹¡£¸°¥Ñ¥¹¥ï¡¼¥É¤¬»ØÄꤵ¤ì¤Ê¤«¤Ã¤¿¾ì¹ç¡¢storepass(»ØÄꤵ¤ì¤¿¾ì¹ç)¤¬¤Þ¤º»î¤ß¤é¤ì¤Þ¤¹¡£¤½¤Î»î¤ß¤¬¼ºÇÔ¤¹¤ë¤È¡¢¥æ¡¼¥¶¡¼¤Ï¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£

-help

´ðËÜŪ¤Ê¥³¥Þ¥ó¥É¤È¤½¤Î¥ª¥×¥·¥ç¥ó¤Î°ìÍ÷¤òɽ¼¨¤·¤Þ¤¹¡£

ÆÃÄê¤Î¥³¥Þ¥ó¥É¤Î¾ÜºÙ¤ò»²¾È¤¹¤ë¤Ë¤Ï¡¢¼¡¤Î¤è¤¦¤ËÆþÎϤ·¤Æ¤¯¤À¤µ¤¤: keytool -command_name -help¡£command_name¤Ï¥³¥Þ¥ó¥É¤Î̾Á°¤Ç¤¹¡£

Îã

¤³¤ÎÎã¤Ç¤Ï¡¢¸ø³«/ÈëÌ©¸°¤Î¥Ú¥¢¤ª¤è¤Ó¿®Íê¤Ç¤­¤ë¥¨¥ó¥Æ¥£¥Æ¥£¤«¤é¤Î¾ÚÌÀ½ñ¤ò´ÉÍý¤¹¤ë¤¿¤á¤Î¥­¡¼¥¹¥È¥¢¤òºîÀ®¤¹¤ë¼ê½ç¤ò¼¨¤·¤Þ¤¹¡£

¸°¤Î¥Ú¥¢¤ÎÀ¸À®

¤Þ¤º¡¢¥­¡¼¥¹¥È¥¢¤òºîÀ®¤·¤Æ¸°¤Î¥Ú¥¢¤òÀ¸À®¤·¤Þ¤¹¡£Ã±°ì¹Ô¤ËÆþÎϤ¹¤ë¡¢¼¡¤Î¤è¤¦¤Ê¥³¥Þ¥ó¥É¤ò»ÈÍѤǤ­¤Þ¤¹¡£

keytool -genkeypair -dname "cn=Mark Jones, ou=Java, o=Oracle, c=US"
    -alias business -keypass <new password for private key>
    -keystore /working/mykeystore
    -storepass <new password for keystore> -validity 180

¥³¥Þ¥ó¥É¤Ï¡¢working¥Ç¥£¥ì¥¯¥È¥ê¤Ëmykeystore¤È¤¤¤¦Ì¾Á°¤Î¥­¡¼¥¹¥È¥¢¤òºîÀ®¤·(¥­¡¼¥¹¥È¥¢¤Ï¤Þ¤À¸ºß¤·¤Æ¤¤¤Ê¤¤¤È²¾Äê)¡¢ºîÀ®¤·¤¿¥­¡¼¥¹¥È¥¢¤Ë¡¢<new password for keystore>¤Ç»ØÄꤷ¤¿¥Ñ¥¹¥ï¡¼¥É¤ò³ä¤êÅö¤Æ¤Þ¤¹¡£À¸À®¤¹¤ë¸ø³«¸°¤ÈÈëÌ©¸°¤Î¥Ú¥¢¤ËÂбþ¤¹¤ë¥¨¥ó¥Æ¥£¥Æ¥£¤Î¡Ö¼±ÊÌ̾¡×¤Ï¡¢Ä̾Τ¬Mark Jones¡¢ÁÈ¿¥Ã±°Ì¤¬Java¡¢ÁÈ¿¥¤¬Oracle¡¢2ʸ»ú¤Î¹ñÈֹ椬US¤Ç¤¹¡£¸ø³«¸°¤ÈÈëÌ©¸°¤Î¥µ¥¤¥º¤Ï¤É¤Á¤é¤â1024¥Ó¥Ã¥È¤Ç¡¢¸°¤ÎºîÀ®¤Ë¤Ï¥Ç¥Õ¥©¥ë¥È¤ÎDSA¸°À¸À®¥¢¥ë¥´¥ê¥º¥à¤ò»ÈÍѤ·¤Þ¤¹¡£

¤³¤Î¥³¥Þ¥ó¥É¤Ï¡¢¥Ç¥Õ¥©¥ë¥È¤ÎSHA1withDSA½ð̾¥¢¥ë¥´¥ê¥º¥à¤ò»ÈÍѤ·¤Æ¡¢¸ø³«¸°¤È¼±ÊÌ̾¾ðÊó¤ò´Þ¤à¼«¸Ê½ð̾¾ÚÌÀ½ñ¤òºîÀ®¤·¤Þ¤¹¡£¾ÚÌÀ½ñ¤ÎÍ­¸ú´ü´Ö¤Ï180Æü¤Ç¤¹¡£¾ÚÌÀ½ñ¤Ï¡¢ÊÌ̾business¤ÇÆÃÄꤵ¤ì¤ë¥­¡¼¥¹¥È¥¢¡¦¥¨¥ó¥È¥êÆâ¤ÎÈëÌ©¸°¤Ë´ØÏ¢ÉÕ¤±¤é¤ì¤Þ¤¹¡£ÈëÌ©¸°¤Ë¤Ï¡¢<new password for private key>¤Ç»ØÄꤷ¤¿¥Ñ¥¹¥ï¡¼¥É¤¬³ä¤êÅö¤Æ¤é¤ì¤Þ¤¹¡£

¥ª¥×¥·¥ç¥ó¤Î¥Ç¥Õ¥©¥ë¥ÈÃͤò»ÈÍѤ¹¤ë¾ì¹ç¡¢¥³¥Þ¥ó¥É¤ÏÂçÉý¤Ëû¤¯¤Ê¤ê¤Þ¤¹¡£¤³¤Î¾ì¹ç¡¢¥ª¥×¥·¥ç¥ó¤ÏÉÔÍפǤ¹¡£¥Ç¥Õ¥©¥ë¥ÈÃͤò»ý¤Ä¥ª¥×¥·¥ç¥ó¤Ç¤Ï¡¢¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤Ê¤±¤ì¤Ð¥Ç¥Õ¥©¥ë¥ÈÃͤ¬»ÈÍѤµ¤ì¤Þ¤¹¡£É¬¿ÜÃͤÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£»ÈÍѲÄǽ¤ÊÃͤϼ¡¤Î¤È¤ª¤ê¤Ç¤¹¡£

keytool -genkeypair

¤³¤Î¾ì¹ç¤Ï¡¢mykey¤È¤¤¤¦ÊÌ̾¤Ç¥­¡¼¥¹¥È¥¢¡¦¥¨¥ó¥È¥ê¤¬ºîÀ®¤µ¤ì¡¢¿·¤·¤¯À¸À®¤µ¤ì¤¿¸°¤Î¥Ú¥¢¡¢¤ª¤è¤Ó90Æü´ÖÍ­¸ú¤Ê¾ÚÌÀ½ñ¤¬¤³¤Î¥¨¥ó¥È¥ê¤Ë³ÊǼ¤µ¤ì¤Þ¤¹¡£¤³¤Î¥¨¥ó¥È¥ê¤Ï¡¢¥Û¡¼¥à¡¦¥Ç¥£¥ì¥¯¥È¥êÆâ¤Î.keystore¤È¤¤¤¦Ì¾Á°¤Î¥­¡¼¥¹¥È¥¢¤ËÃÖ¤«¤ì¤Þ¤¹¡£¥­¡¼¥¹¥È¥¢¤Ï¡¢¤Þ¤À¸ºß¤·¤Æ¤¤¤Ê¤¤¾ì¹ç¤ËºîÀ®¤µ¤ì¤Þ¤¹¡£¼±ÊÌ̾¾ðÊó¡¢¥­¡¼¥¹¥È¥¢¤Î¥Ñ¥¹¥ï¡¼¥É¤ª¤è¤ÓÈëÌ©¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£

°Ê¹ß¤Ç¤Ï¡¢¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤Ê¤¤¤Ç-genkeypair¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤¿¤â¤Î¤È¤·¤ÆÎã¤ò¼¨¤·¤Þ¤¹¡£¾ðÊó¤ÎÆþÎϤòµá¤á¤é¤ì¤¿¾ì¹ç¤Ï¡¢ºÇ½é¤Ë¼¨¤·¤¿-genkeypair¥³¥Þ¥ó¥É¤ÎÃͤòÆþÎϤ·¤¿¤â¤Î¤È¤·¤Þ¤¹¡£¤¿¤È¤¨¤Ð¼±ÊÌ̾¤Ë¤Ïcn=Mark Jones¡¢ou=Java¡¢o=Oracle¡¢c=US¤È»ØÄꤷ¤Þ¤¹¡£

¼«¸Ê½ð̾¾ÚÌÀ½ñ¤òºîÀ®¤¹¤ë¸°¤Î¥Ú¥¢¤ÎÀ¸À®¡£¾ÚÌÀ½ñ¤Ëǧ¾Ú¶É(CA)¤Î½ð̾¤¬ÉÕ¤¤¤Æ¤¤¤ì¤Ð¡¢Â¾¤Î¥æ¡¼¥¶¡¼¤«¤é¾ÚÌÀ½ñ¤¬¿®Íꤵ¤ì¤ë²ÄǽÀ­¤â¹â¤¯¤Ê¤ê¤Þ¤¹¡£CA¤Î½ð̾¤ò¼èÆÀ¤¹¤ë¤Ë¤Ï¡¢¤Þ¤º¡¢¾ÚÌÀ½ñ½ð̾¥ê¥¯¥¨¥¹¥È(CSR)¤òÀ¸À®¤·¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢¼¡¤Î¤è¤¦¤Ë¤·¤Þ¤¹¡£

keytool -certreq -file MarkJ.csr

CSR(¥Ç¥Õ¥©¥ë¥ÈÊÌ̾mykey¤Ë¤è¤Ã¤ÆÆÃÄꤵ¤ì¤ë¥¨¥ó¥Æ¥£¥Æ¥£¤ÎCSR)¤¬ºîÀ®¤µ¤ì¡¢MarkJ.csr¤È¤¤¤¦Ì¾Á°¤Î¥Õ¥¡¥¤¥ë¤ËÃÖ¤«¤ì¤Þ¤¹¡£¤³¤Î¥Õ¥¡¥¤¥ë¤òCA (VeriSign¤Ê¤É)¤ËÄó½Ð¤·¤Þ¤¹¡£CA¤ÏÍ×µá¼Ô¤ò(Ä̾ï¤Ï¥ª¥Õ¥é¥¤¥ó¤Ç)ǧ¾Ú¤·¡¢Í×µá¼Ô¤Î¸ø³«¸°¤òǧ¾Ú¤·¤¿½ð̾ÉÕ¤­¤Î¾ÚÌÀ½ñ¤òÁ÷¤êÊÖ¤·¤Þ¤¹¡£¾ì¹ç¤Ë¤è¤Ã¤Æ¤Ï¡¢CA¤¬¾ÚÌÀ½ñ¤Î¥Á¥§¡¼¥ó¤òÊÖ¤¹¤³¤È¤â¤¢¤ê¤Þ¤¹¡£¾ÚÌÀ½ñ¤Î¥Á¥§¡¼¥ó¤Ç¤Ï¡¢³Æ¾ÚÌÀ½ñ¤¬¥Á¥§¡¼¥óÆâ¤Î¤½¤ÎÁ°¤Î½ð̾¼Ô¤Î¸ø³«¸°¤òǧ¾Ú¤·¤Þ¤¹¡£

ºîÀ®¤·¤¿¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Ï¡¢¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤ÇÃÖ¤­´¹¤¨¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Ç¤Ï¡¢³Æ¾ÚÌÀ½ñ¤¬¡¢¡Ö¥ë¡¼¥È¡×CA¤òµ¯ÅÀ¤È¤¹¤ë¥Á¥§¡¼¥óÆâ¤Î¼¡¤Î¾ÚÌÀ½ñ¤Î½ð̾¼Ô¤Î¸ø³«¸°¤òǧ¾Ú¤·¤Þ¤¹¡£

CA¤«¤é¤Î¾ÚÌÀ½ñ±þÅú¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ë¤Ë¤Ï¡¢¥­¡¼¥¹¥È¥¢¤«¡¢cacerts¥­¡¼¥¹¥È¥¢¡¦¥Õ¥¡¥¤¥ëÆâ¤Ë1¤Ä°Ê¾å¤Î¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¤¬¤¢¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¥³¥Þ¥ó¥É¤Î-importcert¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£

•¾ÚÌÀ±þÅú¤¬¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Î¾ì¹ç¤Ï¡¢¥Á¥§¡¼¥ó¤ÎºÇ¾å°Ì¾ÚÌÀ½ñ¤¬É¬ÍפǤ¹¡£CA¤Î¸ø³«¸°¤òǧ¾Ú¤¹¤ë¥ë¡¼¥ÈCA¾ÚÌÀ½ñ¡£
•¾ÚÌÀ½ñ±þÅú¤¬Ã±°ì¤Î¾ÚÌÀ½ñ¤Î¾ì¹ç¤Ï¡¢È¯¹ÔCA(½ð̾¤·¤¿)¤Î¾ÚÌÀ½ñ¤¬É¬ÍפǤ¹¡£¤½¤Î¾ÚÌÀ½ñ¤¬¼«¸Ê½ð̾¤Ç¤Ê¤¤¾ì¹ç¤Ï¡¢¤½¤Î½ð̾¼Ô¤Î¾ÚÌÀ½ñ¤¬É¬ÍפǤ¢¤ê¡¢¤³¤Î¤è¤¦¤Ë¤·¤Æ¼«¸Ê½ð̾¥ë¡¼¥È¾ÚÌÀ½ñ¤¬É¬Íפˤʤê¤Þ¤¹¡£

cacerts¥­¡¼¥¹¥È¥¢¡¦¥Õ¥¡¥¤¥ë¤Ï¡¢¤¤¤¯¤Ä¤«¤ÎVeriSign¥ë¡¼¥ÈCA¾ÚÌÀ½ñ¤ò´Þ¤ó¤À¾õÂ֤ǽв٤µ¤ì¤Æ¤¤¤ë¤Î¤Ç¡¢VeriSign¤Î¾ÚÌÀ½ñ¤ò¡¢¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¤È¤·¤Æ¥­¡¼¥¹¥È¥¢Æâ¤Ë¥¤¥ó¥Ý¡¼¥È¤¹¤ëɬÍפ¬¤Ê¤¤¾ì¹ç¤¬¤¢¤ê¤Þ¤¹¡£¤¿¤À¤·¡¢Â¾¤ÎCA¤ËÂФ·¤Æ½ð̾ÉÕ¤­¾ÚÌÀ½ñ¤ò¥ê¥¯¥¨¥¹¥È¤·¤Æ¤¤¤Æ¡¢¤³¤ÎCA¤Î¸ø³«¸°¤òǧ¾Ú¤¹¤ë¾ÚÌÀ½ñ¤¬¡¢cacerts¤Ë¤Þ¤ÀÄɲ䵤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¡¢³ºÅö¤¹¤ëCA¤«¤é¤Î¾ÚÌÀ½ñ¤ò¡¢¡Ö¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¡×¤È¤·¤Æ¥¤¥ó¥Ý¡¼¥È¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£

Ä̾CA¤«¤é¤Î¾ÚÌÀ½ñ¤Ï¡¢¼«¸Ê½ð̾¾ÚÌÀ½ñ¡¢¤Þ¤¿¤Ï¾¤ÎCA¤Ë¤è¤Ã¤Æ½ð̾¤µ¤ì¤¿¾ÚÌÀ½ñ¤Ç¤¹(¸å¼Ô¤Î¾ì¹ç¤Ï¡¢³ºÅö¤¹¤ë¾¤ÎCA¤Î¸ø³«¸°¤òǧ¾Ú¤¹¤ë¾ÚÌÀ½ñ¤¬É¬Í×)¡£ABC, Inc.,¤¬CA¤Ç¡¢ABC¤«¤é¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Ç¤¢¤ëABCCA.cer¤È¤¤¤¦Ì¾Á°¤Î¥Õ¥¡¥¤¥ë¤ò¼èÆÀ¤·¤¿¤È¤·¤Þ¤¹(¤³¤Î¾ÚÌÀ½ñ¤ÏCA¤Î¸ø³«¸°¤òǧ¾Ú¤·¤Þ¤¹)¡£¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¤È¤·¤Æ¾ÚÌÀ½ñ¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ë¤È¤­¤Ï¡¢¾ÚÌÀ½ñ¤¬Í­¸ú¤Ç¤¢¤ë¤³¤È¤ò³Îǧ¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¤Þ¤º¡¢¾ÚÌÀ½ñ¤ÎÆâÍƤòɽ¼¨¤·¡¢keytool -printcert¥³¥Þ¥ó¥É¤ò»ÈÍѤ¹¤ë¤«¡¢¤Þ¤¿¤Ï-noprompt¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤Ê¤¤¤Çkeytool -importcert¥³¥Þ¥ó¥É¤ò»ÈÍѤ·¡¢É½¼¨¤µ¤ì¤¿¾ÚÌÀ½ñ¤Î¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤¬¡¢´üÂÔ¤µ¤ì¤ë¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤È°ìÃפ¹¤ë¤«¤É¤¦¤«¤ò³Îǧ¤·¤Þ¤¹¡£¾ÚÌÀ½ñ¤òÁ÷¿®¤·¤¿¿Íʪ¤ËÏ¢Íí¤·¡¢¤³¤Î¿Íʪ¤¬Ä󼨤·¤¿(¤Þ¤¿¤Ï°ÂÁ´¤Ê¸ø³«¸°¤Î¥ê¥Ý¥¸¥È¥ê¤Ë¤è¤Ã¤ÆÄ󼨤µ¤ì¤ë)¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤È¡¢¾å¤Î¥³¥Þ¥ó¥É¤Çɽ¼¨¤µ¤ì¤¿¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤È¤òÈæ³Ó¤·¤Þ¤¹¡£¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤¬°ìÃפ¹¤ì¤Ð¡¢Á÷¿®ÅÓÃæ¤Ç¾¤Î²¿¼Ô¤«(¹¶·â¼Ô¤Ê¤É)¤Ë¤è¤ë¾ÚÌÀ½ñ¤Î¤¹¤êÂؤ¨¤¬¹Ô¤ï¤ì¤Æ¤¤¤Ê¤¤¤³¤È¤ò³Îǧ¤Ç¤­¤Þ¤¹¡£Á÷¿®ÅÓÃæ¤Ç¤³¤Î¼ï¤Î¹¶·â¤¬¹Ô¤ï¤ì¤Æ¤¤¤¿¾ì¹ç¡¢¥Á¥§¥Ã¥¯¤ò¹Ô¤ï¤º¤Ë¾ÚÌÀ½ñ¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ë¤È¡¢¹¶·â¼Ô¤Ë¤è¤Ã¤Æ½ð̾¤µ¤ì¤¿¤¹¤Ù¤Æ¤Î¤â¤Î¤ò¿®Íꤹ¤ë¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£

¾ÚÌÀ½ñ¤¬Í­¸ú¤Ç¤¢¤ë¤È¿®Íꤹ¤ë¾ì¹ç¤Ï¡¢¼¡¤Î¥³¥Þ¥ó¥É¤Ç¥­¡¼¥¹¥È¥¢¤ËÄɲäǤ­¤Þ¤¹¡£

keytool -importcert -alias abc -file ABCCA.cer

ABCCA.cer¥Õ¥¡¥¤¥ë¤Î¥Ç¡¼¥¿¤ò´Þ¤à¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¤Î¥¨¥ó¥È¥ê¤¬¥­¡¼¥¹¥È¥¢Æâ¤ËºîÀ®¤µ¤ì¡¢³ºÅö¤¹¤ë¥¨¥ó¥È¥ê¤Ëabc¤È¤¤¤¦ÊÌ̾¤¬³ä¤êÅö¤Æ¤é¤ì¤Þ¤¹¡£

¾ÚÌÀ½ñ½ð̾¥ê¥¯¥¨¥¹¥È¤ÎÄó½ÐÀè¤ÎCA¤Î¸ø³«¸°¤òǧ¾Ú¤¹¤ë¾ÚÌÀ½ñ¤ò¥¤¥ó¥Ý¡¼¥È¤·¤¿¸å¤Ï(¤Þ¤¿¤ÏƱ¼ï¤Î¾ÚÌÀ½ñ¤¬¤¹¤Ç¤Ëcacerts¥Õ¥¡¥¤¥ëÆâ¤Ë¸ºß¤·¤Æ¤¤¤ë¾ì¹ç¤Ï)¡¢¾ÚÌÀ±þÅú¤ò¥¤¥ó¥Ý¡¼¥È¤·¡¢¼«¸Ê½ð̾¾ÚÌÀ½ñ¤ò¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤ÇÃÖ¤­´¹¤¨¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£¤³¤Î¥Á¥§¡¼¥ó¤Ï¡¢CA¤Î±þÅú¤¬¥Á¥§¡¼¥ó¤Î¾ì¹ç¤Ë¡¢¥ê¥¯¥¨¥¹¥È¤ËÂФ¹¤ë¥ì¥¹¥Ý¥ó¥¹¤È¤·¤ÆCA¤«¤éÁ÷¤êÊÖ¤µ¤ì¤¿¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Ç¤¹¡£¤Þ¤¿¡¢CA¤Î±þÅú¤¬Ã±°ì¤Î¾ÚÌÀ½ñ¤Î¾ì¹ç¤Ï¡¢¤³¤Î¾ÚÌÀ±þÅú¤È¡¢¥¤¥ó¥Ý¡¼¥ÈÀè¤Î¥­¡¼¥¹¥È¥¢Æâ¤Þ¤¿¤Ïcacerts¥­¡¼¥¹¥È¥¢¥Õ¥¡¥¤¥ëÆâ¤Ë¤¹¤Ç¤Ë¸ºß¤¹¤ë¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¤È¤ò»ÈÍѤ·¤Æ¹½ÃÛ¤·¤¿¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Ç¤¹¡£

¤¿¤È¤¨¤Ð¡¢¾ÚÌÀ½ñ½ð̾¥ê¥¯¥¨¥¹¥È¤òVeriSign¤ËÁ÷¿®¤¹¤ë¾ì¹ç¡¢Á÷¤êÊÖ¤µ¤ì¤¿¾ÚÌÀ½ñ¤Î̾Á°¤¬VSMarkJ.cer¤À¤È¤¹¤ë¤È¡¢¼¡¤Î¤è¤¦¤Ë¤·¤Æ±þÅú¤ò¥¤¥ó¥Ý¡¼¥È¤Ç¤­¤Þ¤¹¡£

keytool -importcert -trustcacerts -file VSMarkJ.cer

¸ø³«¸°¤òǧ¾Ú¤¹¤ë¾ÚÌÀ½ñ¤Î¥¨¥¯¥¹¥Ý¡¼¥È

jarsigner¥³¥Þ¥ó¥É¤ò»ÈÍѤ·¤ÆJava Archive (JAR)¥Õ¥¡¥¤¥ë¤Ë½ð̾¤¹¤ë¾ì¹ç¡¢¤³¤Î¥Õ¥¡¥¤¥ë¤ò»ÈÍѤ¹¤ë¥¯¥é¥¤¥¢¥ó¥È¤Ï½ð̾¤òǧ¾Ú¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¥¯¥é¥¤¥¢¥ó¥È¤¬½ð̾¤òǧ¾Ú¤¹¤ëÊýË¡¤Î1¤Ä¤Ë¡¢¤Þ¤º¼«Ê¬¤Î¸ø³«¸°¤Î¾ÚÌÀ½ñ¤ò¿®Íê¤Ç¤­¤ë¥¨¥ó¥È¥ê¤È¤·¤Æ¥¯¥é¥¤¥¢¥ó¥È¤Î¥­¡¼¥¹¥È¥¢¤Ë¥¤¥ó¥Ý¡¼¥È¤¹¤ëÊýË¡¤¬¤¢¤ê¤Þ¤¹¡£

¤½¤Î¤¿¤á¤Ë¤Ï¡¢¾ÚÌÀ½ñ¤ò¥¨¥¯¥¹¥Ý¡¼¥È¤·¤Æ¡¢¥¯¥é¥¤¥¢¥ó¥È¤ËÄ󶡤·¤Þ¤¹¡£Îã¤È¤·¤Æ¡¢¼¡¤Î¥³¥Þ¥ó¥É¤ò»ÈÍѤ·¤Æ¡¢MJ.cer¤È¤¤¤¦Ì¾Á°¤Î¥Õ¥¡¥¤¥ë¤Ë¾ÚÌÀ½ñ¤ò¥³¥Ô¡¼¤Ç¤­¤Þ¤¹¡£¤³¤Î¥³¥Þ¥ó¥É¤Ç¤Ï¡¢¥¨¥ó¥È¥ê¤ËÊÌ̾mykey¤¬¤¢¤ë¤È²¾Äꤷ¤Æ¤¤¤Þ¤¹¡£

keytool -exportcert -alias mykey -file MJ.cer

¾ÚÌÀ½ñ¤È½ð̾ÉÕ¤­JAR¥Õ¥¡¥¤¥ë¤òÆþ¼ê¤·¤¿¥¯¥é¥¤¥¢¥ó¥È¤Ï¡¢jarsigner¥³¥Þ¥ó¥É¤ò»ÈÍѤ·¤Æ½ð̾¤òǧ¾Ú¤Ç¤­¤Þ¤¹¡£

¥­¡¼¥¹¥È¥¢¤Î¥¤¥ó¥Ý¡¼¥È

¥³¥Þ¥ó¥Éimportkeystore¤ò»ÈÍѤ¹¤ì¤Ð¡¢¤¢¤ë¥­¡¼¥¹¥È¥¢¤ÎÁ´ÂΤòÊ̤Υ­¡¼¥¹¥È¥¢Æâ¤Ë¥¤¥ó¥Ý¡¼¥È¤Ç¤­¤Þ¤¹¡£¤³¤ì¤Ï¡¢¸°¤ä¾ÚÌÀ½ñ¤È¤¤¤Ã¤¿¥½¡¼¥¹¥­¡¼¥¹¥È¥¢Æâ¤Î¤¹¤Ù¤Æ¤Î¥¨¥ó¥È¥ê¤¬¡¢Ã±°ì¤Î¥³¥Þ¥ó¥É¤ò»ÈÍѤ·¤Æ¥¿¡¼¥²¥Ã¥È¥­¡¼¥¹¥È¥¢Æâ¤Ë¥¤¥ó¥Ý¡¼¥È¤µ¤ì¤ë¤³¤È¤ò°ÕÌ£¤·¤Þ¤¹¡£¤³¤Î¥³¥Þ¥ó¥É¤ò»ÈÍѤ¹¤ì¤Ð¡¢°Û¤Ê¤ë¥¿¥¤¥×¤Î¥­¡¼¥¹¥È¥¢Æâ¤Ë´Þ¤Þ¤ì¤ë¥¨¥ó¥È¥ê¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£¥¤¥ó¥Ý¡¼¥È»þ¤Ë¤Ï¡¢¥¿¡¼¥²¥Ã¥È¡¦¥­¡¼¥¹¥È¥¢Æâ¤Î¿·¤·¤¤¥¨¥ó¥È¥ê¤Ï¤¹¤Ù¤Æ¡¢¸µ¤ÈƱ¤¸ÊÌ̾¤ª¤è¤Ó(ÈëÌ©¸°¤äÈëÌ©¸°¤Î¾ì¹ç¤Ï)ÊݸîÍѥѥ¹¥ï¡¼¥É¤ò»ý¤Á¤Þ¤¹¡£¥½¡¼¥¹¥­¡¼¥¹¥È¥¢Æâ¤ÎÈó¸ø³«/ÈëÌ©¸°¤ò¥ê¥«¥Ð¥ê¤Ç¤­¤Ê¤¤¾ì¹ç¡¢keytool¥³¥Þ¥ó¥É¤Ï¥æ¡¼¥¶¡¼¤Ë¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤Þ¤¹¡£¤³¤Î¥³¥Þ¥ó¥É¤Ï¡¢ÊÌ̾¤Î½ÅÊ£¤ò¸¡½Ð¤¹¤ë¤È¡¢¥æ¡¼¥¶¡¼¤Ë¿·¤·¤¤ÊÌ̾¤ÎÆþÎϤòµá¤á¤Þ¤¹¡£¥æ¡¼¥¶¡¼¤Ï¡¢¿·¤·¤¤ÊÌ̾¤ò»ØÄꤹ¤ë¤³¤È¤â¡¢Ã±½ã¤Ë´û¸¤ÎÊÌ̾¤Î¾å½ñ¤­¤òkeytool¥³¥Þ¥ó¥É¤Ëµö²Ä¤¹¤ë¤³¤È¤â¤Ç¤­¤Þ¤¹¡£

¤¿¤È¤¨¤Ð¡¢Ä̾ï¤ÎJKS¥¿¥¤¥×¤Î¥­¡¼¥¹¥È¥¢key.jksÆâ¤Î¥¨¥ó¥È¥ê¤òPKCS#11¥¿¥¤¥×¤Î¥Ï¡¼¥É¥¦¥§¥¢¡¦¥Ù¡¼¥¹¤Î¥­¡¼¥¹¥È¥¢Æâ¤Ë¥¤¥ó¥Ý¡¼¥È¤¹¤ë¤Ë¤Ï¡¢¼¡¤Î¥³¥Þ¥ó¥É¤ò»ÈÍѤ·¤Þ¤¹¡£

keytool -importkeystore
    -srckeystore key.jks -destkeystore NONE
    -srcstoretype JKS -deststoretype PKCS11
    -srcstorepass <src keystore password>
    -deststorepass <destination keystore pwd>

¤Þ¤¿¡¢importkeystore¥³¥Þ¥ó¥É¤ò»ÈÍѤ¹¤ì¤Ð¡¢¤¢¤ë¥½¡¼¥¹¡¦¥­¡¼¥¹¥È¥¢Æâ¤Îñ°ì¤Î¥¨¥ó¥È¥ê¤ò¥¿¡¼¥²¥Ã¥È¡¦¥­¡¼¥¹¥È¥¢¤Ë¥¤¥ó¥Ý¡¼¥È¤¹¤ë¤³¤È¤â¤Ç¤­¤Þ¤¹¡£¤³¤Î¾ì¹ç¤Ï¡¢Á°Îã¤Î¥ª¥×¥·¥ç¥ó¤Ë²Ã¤¨¤Æ¡¢¥¤¥ó¥Ý¡¼¥È¤¹¤ëÊÌ̾¤ò»ØÄꤹ¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£-srcalias¥ª¥×¥·¥ç¥ó¤ò»ØÄꤹ¤ë¾ì¹ç¤Ë¤Ï¡¢¥¿¡¼¥²¥Ã¥ÈÊÌ̾¤â¥³¥Þ¥ó¥É¹Ô¤«¤é»ØÄê¤Ç¤­¤ë¤Û¤«¡¢ÈëÌ©/ÈëÌ©¸°¤ÎÊݸîÍѥѥ¹¥ï¡¼¥É¤ä¥¿¡¼¥²¥Ã¥ÈÊݸîÍѥѥ¹¥ï¡¼¥É¤â»ØÄê¤Ç¤­¤Þ¤¹¡£¤½¤ÎÊýË¡¤ò¼¨¤¹¥³¥Þ¥ó¥É¤ò¼¡¤Ë¼¨¤·¤Þ¤¹¡£

keytool -importkeystore
    -srckeystore key.jks -destkeystore NONE
    -srcstoretype JKS -deststoretype PKCS11
    -srcstorepass <src keystore password>
    -deststorepass <destination keystore pwd>
    -srcalias myprivatekey -destalias myoldprivatekey
    -srckeypass <source entry password>
    -destkeypass <destination entry password>
    -noprompt

¼¡¤Ë¡¢3¤Ä¤Î¥¨¥ó¥Æ¥£¥Æ¥£¡¢¤Ä¤Þ¤ê¥ë¡¼¥ÈCA(root)¡¢Ãæ´ÖCA(ca)¤ª¤è¤ÓSSL¥µ¡¼¥Ð¡¼(server)ÍѤθ°¥Ú¥¢¤È¾ÚÌÀ½ñ¤òÀ¸À®¤¹¤ëkeytool¥³¥Þ¥ó¥É¤ò¼¨¤·¤Þ¤¹¡£¤¹¤Ù¤Æ¤Î¾ÚÌÀ½ñ¤òƱ¤¸¥­¡¼¥¹¥È¥¢¤Ë³ÊǼ¤¹¤ë¤è¤¦¤Ë¤·¤Æ¤¯¤À¤µ¤¤¡£¤³¤ì¤é¤ÎÎã¤Ç¤Ï¡¢RSA¤¬¿ä¾©¤µ¤ì¤ë¸°¤Î¥¢¥ë¥´¥ê¥º¥à¤Ç¤¹¡£

keytool -genkeypair -keystore root.jks -alias root -ext bc:c
keytool -genkeypair -keystore ca.jks -alias ca -ext bc:c
keytool -genkeypair -keystore server.jks -alias server
keytool -keystore root.jks -alias root -exportcert -rfc > root.pem
keytool -storepass <storepass> -keystore ca.jks -certreq -alias ca |
    keytool -storepass <storepass> -keystore root.jks
    -gencert -alias root -ext BC=0 -rfc > ca.pem
keytool -keystore ca.jks -importcert -alias ca -file ca.pem
keytool -storepass <storepass> -keystore server.jks -certreq -alias server |
    keytool -storepass <storepass> -keystore ca.jks -gencert -alias ca
    -ext ku:c=dig,kE -rfc > server.pem
cat root.pem ca.pem server.pem |
    keytool -keystore server.jks -importcert -alias server

ÍѸì

¥­¡¼¥¹¥È¥¢

¥­¡¼¥¹¥È¥¢¤Ï¡¢°Å¹æ²½¤Î¸°¤È¾ÚÌÀ½ñ¤ò³ÊǼ¤¹¤ë¤¿¤á¤Îµ¡Ç½¤Ç¤¹¡£

¥­¡¼¥¹¥È¥¢¤Î¥¨¥ó¥È¥ê

¥­¡¼¥¹¥È¥¢¤Ë¤Ï°Û¤Ê¤ë¥¿¥¤¥×¤Î¥¨¥ó¥È¥ê¤ò´Þ¤á¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£keytool¥³¥Þ¥ó¥É¤ÇºÇ¤âŬÍÑÈϰϤι­¤¤¥¨¥ó¥È¥ê¡¦¥¿¥¤¥×¤Ï¡¢¼¡¤Î2¤Ä¤Ç¤¹¡£

¸°¤Î¥¨¥ó¥È¥ê - ³Æ¥¨¥ó¥È¥ê¤Ï¡¢Èó¾ï¤Ë½ÅÍפʰŹ沽¤Î¸°¤Î¾ðÊó¤òÊÝ»ý¤·¤Þ¤¹¡£¤³¤Î¾ðÊó¤Ï¡¢µö²Ä¤·¤Æ¤¤¤Ê¤¤¥¢¥¯¥»¥¹¤òËɤ°¤¿¤á¤Ë¡¢Êݸ¤ì¤¿·Á¤Ç³ÊǼ¤µ¤ì¤Þ¤¹¡£°ìÈ̤ˡ¢¤³¤Î¼ï¤Î¥¨¥ó¥È¥ê¤È¤·¤Æ³ÊǼ¤µ¤ì¤ë¸°¤Ï¡¢ÈëÌ©¸°¤«¡¢Âбþ¤¹¤ë¸ø³«¸°¤Î¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤òȼ¤¦ÈëÌ©¸°¤Ç¤¹¡£¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£keytool¥³¥Þ¥ó¥É¤¬¤³¤ÎξÊý¤Î¥¿¥¤¥×¤Î¥¨¥ó¥È¥ê¤ò½èÍý¤Ç¤­¤ë¤Î¤ËÂФ·¡¢jarsigner¥Ä¡¼¥ë¤Ï¸å¼Ô¤Î¥¿¥¤¥×¤Î¥¨¥ó¥È¥ê¡¢¤Ä¤Þ¤êÈëÌ©¸°¤È¤½¤ì¤Ë´ØÏ¢ÉÕ¤±¤é¤ì¤¿¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Î¤ß¤ò½èÍý¤·¤Þ¤¹¡£

¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¤Î¥¨¥ó¥È¥ê: ³Æ¥¨¥ó¥È¥ê¤Ï¡¢Âè»°¼Ô¤«¤é¤Î¸ø³«¸°¾ÚÌÀ½ñ¤ò1¤Ä´Þ¤ó¤Ç¤¤¤Þ¤¹¡£¤³¤Î¥¨¥ó¥È¥ê¤Ï¡¢¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¤È¸Æ¤Ð¤ì¤Þ¤¹¡£¤½¤ì¤Ï¡¢¾ÚÌÀ½ñÆâ¤Î¸ø³«¸°¤¬¡¢¾ÚÌÀ½ñ¤ÎSubject(½êÍ­¼Ô)¤Ë¤è¤Ã¤ÆÆÃÄꤵ¤ì¤ë¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¤ËͳÍ褹¤ë¤â¤Î¤Ç¤¢¤ë¤³¤È¤ò¡¢¥­¡¼¥¹¥È¥¢¤Î½êÍ­¼Ô¤¬¿®Íꤹ¤ë¤«¤é¤Ç¤¹¡£¾ÚÌÀ½ñ¤Îȯ¹Ô¼Ô¤Ï¡¢¾ÚÌÀ½ñ¤Ë½ð̾¤òÉÕ¤±¤ë¤³¤È¤Ë¤è¤Ã¤Æ¡¢¤½¤ÎÆâÍƤòÊݾڤ·¤Þ¤¹¡£

¥­¡¼¥¹¥È¥¢¤ÎÊÌ̾

¥­¡¼¥¹¥È¥¢¤Î¤¹¤Ù¤Æ¤Î¥¨¥ó¥È¥ê(¸°¤ª¤è¤Ó¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¥¨¥ó¥È¥ê)¤Ï¡¢°ì°Õ¤ÎÊÌ̾¤ò²ð¤·¤Æ¥¢¥¯¥»¥¹¤µ¤ì¤Þ¤¹¡£

ÊÌ̾¤ò»ØÄꤹ¤ë¤Î¤Ï¡¢-genseckey¥³¥Þ¥ó¥É¤ò»ÈÍѤ·¤ÆÈëÌ©¸°¤òÀ¸À®¤·¤¿¤ê¡¢-genkeypair¥³¥Þ¥ó¥É¤ò»ÈÍѤ·¤Æ¸°¥Ú¥¢(¸ø³«¸°¤ÈÈëÌ©¸°)¤òÀ¸À®¤·¤¿¤ê¡¢-importcert¥³¥Þ¥ó¥É¤ò»ÈÍѤ·¤Æ¾ÚÌÀ½ñ¤Þ¤¿¤Ï¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤ò¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¤Î¥ê¥¹¥È¤ËÄɲ乤ë¤Ê¤É¡¢ÆÃÄê¤Î¥¨¥ó¥Æ¥£¥Æ¥£¤ò¥­¡¼¥¹¥È¥¢¤ËÄɲ乤ë¾ì¹ç¤Ç¤¹¡£¤³¤ì°Ê¸å¡¢keytool¥³¥Þ¥ó¥É¤Ç¥¨¥ó¥Æ¥£¥Æ¥£¤ò»²¾È¤¹¤ë¾ì¹ç¤Ï¡¢¤³¤Î¤È¤­¤Ë»ØÄꤷ¤¿ÊÌ̾¤ò»ÈÍѤ¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£

¤¿¤È¤¨¤Ð¡¢duke¤È¤¤¤¦ÊÌ̾¤ò»ÈÍѤ·¤Æ¿·¤·¤¤¸ø³«¸°¤ÈÈëÌ©¸°¤Î¥Ú¥¢¤òÀ¸À®¤·¡¢¸ø³«¸°¤ò¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Ç¥é¥Ã¥×¤¹¤ë¤È¤·¤Þ¤¹¡£¤³¤Î¾ì¹ç¤Ï¡¢¼¡¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Þ¤¹¡£¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£

keytool -genkeypair -alias duke -keypass dukekeypasswd
¤³¤ÎÎã¤Ç¤Ï¡¢½é´ü¥Ñ¥¹¥ï¡¼¥É¤È¤·¤Ædukekeypasswd¤ò»ØÄꤷ¤Æ¤¤¤Þ¤¹¡£°Ê¸å¡¢ÊÌ̾duke¤Ë´ØÏ¢ÉÕ¤±¤é¤ì¤¿ÈëÌ©¸°¤Ë¥¢¥¯¥»¥¹¤¹¤ë¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¤È¤­¤Ï¡¢¤³¤Î¥Ñ¥¹¥ï¡¼¥É¤¬É¬Íפˤʤê¤Þ¤¹¡£Duke¤ÎÈëÌ©¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤ò¤¢¤È¤«¤éÊѹ¹¤¹¤ë¤Ë¤Ï¡¢¼¡¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Þ¤¹¡£
keytool -keypasswd -alias duke -keypass dukekeypasswd -new newpass
¥Ñ¥¹¥ï¡¼¥É¤¬¡¢dukekeypasswd¤«¤énewpass¤ËÊѹ¹¤µ¤ì¤Þ¤¹¡£¥Æ¥¹¥ÈÌÜŪ¤Î¾ì¹ç¡¢¤Þ¤¿¤Ï¥»¥­¥å¥¢¤Ê¥·¥¹¥Æ¥à¤ò»ÈÍѤ·¤Æ¤¤¤ë¾ì¹ç°Ê³°¤Ï¡¢¥³¥Þ¥ó¥É¹Ô¤ä¥¹¥¯¥ê¥×¥È¤Ç¥Ñ¥¹¥ï¡¼¥É¤ò»ØÄꤷ¤Ê¤¤¤Ç¤¯¤À¤µ¤¤¡£É¬Íפʥѥ¹¥ï¡¼¥É¤Î¥ª¥×¥·¥ç¥ó¤ò¥³¥Þ¥ó¥É¹Ô¤Ç»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï¡¢¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£

¥­¡¼¥¹¥È¥¢¤Î¼ÂÁõ

java.security¥Ñ¥Ã¥±¡¼¥¸¤ÇÄ󶡤µ¤ì¤Æ¤¤¤ëKeyStore¥¯¥é¥¹¤Ï¡¢¥­¡¼¥¹¥È¥¢Æâ¤Î¾ðÊó¤Ø¤Î¥¢¥¯¥»¥¹¤ª¤è¤Ó¾ðÊó¤ÎÊѹ¹¤ò¹Ô¤¦¤¿¤á¤Î¡¢ÌÀ³Î¤ËÄêµÁ¤µ¤ì¤¿¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤òÄ󶡤·¤Þ¤¹¡£¥­¡¼¥¹¥È¥¢¤Î¸ÇÄê¼ÂÁõ¤È¤·¤Æ¤Ï¡¢¤½¤ì¤¾¤ì¤¬ÆÃÄê¤Î¥¿¥¤¥×¤Î¥­¡¼¥¹¥È¥¢¤òÂоݤȤ¹¤ëÊ£¿ô¤Î°Û¤Ê¤ë¼ÂÁõ¤¬Â¸ºß²Äǽ¤Ç¤¹¡£

¸½ºß¡¢keytool¤Èjarsigner¤Î2¤Ä¤Î¥³¥Þ¥ó¥É¹Ô¥Ä¡¼¥ë¤È¡¢Policy Tool¤È¤¤¤¦Ì¾Á°¤ÎGUI¥Ù¡¼¥¹¤Î¥Ä¡¼¥ë¤¬¡¢¥­¡¼¥¹¥È¥¢¤Î¼ÂÁõ¤ò»ÈÍѤ·¤Æ¤¤¤Þ¤¹¡£KeyStore¥¯¥é¥¹¤Ïpublic¤Ç¤¢¤ë¤¿¤á¡¢¥æ¡¼¥¶¡¼¤ÏKeyStore¤ò»ÈÍѤ·¤¿Â¾¤Î¥»¥­¥å¥ê¥Æ¥£¡¦¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤âºîÀ®¤Ç¤­¤Þ¤¹¡£

¥­¡¼¥¹¥È¥¢¤Ë¤Ï¡¢Oracle¤¬Ä󶡤¹¤ëÁȹþ¤ß¤Î¥Ç¥Õ¥©¥ë¥È¤Î¼ÂÁõ¤¬¤¢¤ê¤Þ¤¹¡£¤³¤ì¤Ï¡¢JKS¤È¤¤¤¦Ì¾Á°¤ÎÆȼ«¤Î¥­¡¼¥¹¥È¥¢¡¦¥¿¥¤¥×(·Á¼°)¤òÍøÍѤ¹¤ë¤â¤Î¤Ç¡¢¥­¡¼¥¹¥È¥¢¤ò¥Õ¥¡¥¤¥ë¤È¤·¤Æ¼ÂÁõ¤·¤Æ¤¤¤Þ¤¹¡£¤³¤Î¼ÂÁõ¤Ç¤Ï¡¢¸Ä¡¹¤ÎÈëÌ©¸°¤Ï¸ÄÊ̤Υѥ¹¥ï¡¼¥É¤Ë¤è¤Ã¤ÆÊݸ¤ì¡¢¥­¡¼¥¹¥È¥¢Á´ÂΤÎÀ°¹çÀ­¤â(ÈëÌ©¸°¤È¤ÏÊ̤Î)¥Ñ¥¹¥ï¡¼¥É¤Ë¤è¤Ã¤ÆÊݸ¤ì¤Þ¤¹¡£

¥­¡¼¥¹¥È¥¢¤Î¼ÂÁõ¤Ï¡¢¥×¥í¥Ð¥¤¥À¥Ù¡¼¥¹¤Ç¤¹¡£¶ñÂÎŪ¤Ë¤Ï¡¢KeyStore¤Ë¤è¤Ã¤ÆÄ󶡤µ¤ì¤ë¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¡¦¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤¬¥µ¡¼¥Ó¥¹¡¦¥×¥í¥Ð¥¤¥À¡¦¥¤¥ó¥¿¥Õ¥§¡¼¥¹(SPI)¤Ë´ð¤Å¤¤¤Æ¼ÂÁõ¤µ¤ì¤Þ¤¹¡£¤Ä¤Þ¤ê¡¢Âбþ¤¹¤ëKeystoreSpiÃê¾Ý¥¯¥é¥¹(¤³¤ì¤âjava.security¥Ñ¥Ã¥±¡¼¥¸¤Ë´Þ¤Þ¤ì¤Æ¤¤¤Þ¤¹)¤¬¤¢¤ê¡¢¤³¤Î¥¯¥é¥¹¤¬¡¢¥×¥í¥Ð¥¤¥À¤¬¼ÂÁõ¤¹¤ëɬÍפΤ¢¤ëService Provider Interface¤Î¥á¥½¥Ã¥É¤òÄêµÁ¤·¤Æ¤¤¤Þ¤¹¡£¤³¤³¤Ç¡¢¥×¥í¥Ð¥¤¥À¤È¤Ï¡¢Java Security API¤Ë¤è¤Ã¤Æ¥¢¥¯¥»¥¹²Äǽ¤Ê¥µ¡¼¥Ó¥¹¤Î¥µ¥Ö¥»¥Ã¥È¤ËÂФ·¡¢¤½¤Î¸ÇÄê¼ÂÁõ¤òÄ󶡤¹¤ë¥Ñ¥Ã¥±¡¼¥¸¤Þ¤¿¤Ï¥Ñ¥Ã¥±¡¼¥¸¤Î½¸¹ç¤Î¤³¤È¤Ç¤¹¡£¥­¡¼¥¹¥È¥¢¤Î¼ÂÁõ¤òÄ󶡤¹¤ë¤Ë¤Ï¡¢http://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/HowToImplAProvider.html¤Ë¤¢¤ë Java°Å¹æ²½¥¢¡¼¥­¥Æ¥¯¥Á¥ã¤Î¥×¥í¥Ð¥¤¥À¤Î¼ÂÁõÊýË¡¤ÇÀâÌÀ¤·¤Æ¤¤¤ë¤è¤¦¤Ë¡¢¥¯¥é¥¤¥¢¥ó¥È¤Ï¥×¥í¥Ð¥¤¥À¤ò¼ÂÁõ¤·¡¢KeystoreSpi¥µ¥Ö¥¯¥é¥¹¤Î¼ÂÁõ¤òÄ󶡤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£

¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ç¤Ï¡¢KeyStore¥¯¥é¥¹¤¬Ä󶡤¹¤ëgetInstance¥Õ¥¡¥¯¥È¥ê¡¦¥á¥½¥Ã¥É¤ò»ÈÍѤ¹¤ë¤³¤È¤Ç¡¢ÍÍ¡¹¤Ê¥×¥í¥Ð¥¤¥À¤«¤é°Û¤Ê¤ë¥¿¥¤¥×¤Î¥­¡¼¥¹¥È¥¢¤Î¼ÂÁõ¤òÁªÂò¤Ç¤­¤Þ¤¹¡£¥­¡¼¥¹¥È¥¢¤Î¥¿¥¤¥×¤Ï¡¢¥­¡¼¥¹¥È¥¢¾ðÊó¤Î³ÊǼ·Á¼°¤È¥Ç¡¼¥¿·Á¼°¤òÄêµÁ¤¹¤ë¤È¤È¤â¤Ë¡¢¥­¡¼¥¹¥È¥¢Æâ¤ÎÈó¸ø³«/ÈëÌ©¸°¤È¥­¡¼¥¹¥È¥¢¤ÎÀ°¹çÀ­¤òÊݸ¤ë¤¿¤á¤Ë»ÈÍѤµ¤ì¤ë¥¢¥ë¥´¥ê¥º¥à¤òÄêµÁ¤·¤Þ¤¹¡£°Û¤Ê¤ë¥¿¥¤¥×¤Î¥­¡¼¥¹¥È¥¢¤Î¼ÂÁõ¤Ë¤Ï¡¢¸ß´¹À­¤Ï¤¢¤ê¤Þ¤»¤ó¡£

keytool¥³¥Þ¥ó¥É¤Ï¡¢Ç¤°Õ¤Î¥Õ¥¡¥¤¥ë¥Ù¡¼¥¹¤Î¥­¡¼¥¹¥È¥¢¼ÂÁõ¤ÇÆ°ºî¤·¤Þ¤¹¡£¥³¥Þ¥ó¥É¹Ô¤ÇÅϤµ¤ì¤¿¥­¡¼¥¹¥È¥¢¤Î¾ì½ê¤ò¥Õ¥¡¥¤¥ë̾¤È¤·¤Æ°·¤Ã¤Æ¡¢FileInputStream¤ËÊÑ´¹¤·¡¢¤³¤³¤«¤é¥­¡¼¥¹¥È¥¢¾ðÊó¤ò¥í¡¼¥É¤·¤Þ¤¹¡£jarsigner¤ª¤è¤Ópolicytool¥³¥Þ¥ó¥É¤Ï¡¢URL¤Ç»ØÄê¤Ç¤­¤ëǤ°Õ¤Î¾ì½ê¤«¤é¥­¡¼¥¹¥È¥¢¤òÆɤ߼è¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

keytool¤Èjarsigner¤Î¾ì¹ç¡¢-storetype¥ª¥×¥·¥ç¥ó¤ò»ÈÍѤ·¤Æ¥³¥Þ¥ó¥É¹Ô¤Ç¥­¡¼¥¹¥È¥¢¤Î¥¿¥¤¥×¤ò»ØÄê¤Ç¤­¤Þ¤¹¡£Policy Tool¤Î¾ì¹ç¤Ï¡¢¡Ö¥­¡¼¥¹¥È¥¢¡×¥á¥Ë¥å¡¼¤Ë¤è¤Ã¤Æ¥­¡¼¥¹¥È¥¢¤Î¥¿¥¤¥×¤ò»ØÄê¤Ç¤­¤Þ¤¹¡£

¥æ¡¼¥¶¡¼¤¬¥­¡¼¥¹¥È¥¢¤Î¥¿¥¤¥×¤òÌÀ¼¨Åª¤Ë»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¡¢¥»¥­¥å¥ê¥Æ¥£¡¦¥×¥í¥Ñ¥Æ¥£¡¦¥Õ¥¡¥¤¥ë¤Ç»ØÄꤵ¤ì¤¿keystore.type¥×¥í¥Ñ¥Æ¥£¤ÎÃͤ˴ð¤Å¤¤¤Æ¡¢¥Ä¡¼¥ë¤Ë¤è¤Ã¤Æ¥­¡¼¥¹¥È¥¢¤Î¼ÂÁõ¤¬ÁªÂò¤µ¤ì¤Þ¤¹¡£¤³¤Î¥»¥­¥å¥ê¥Æ¥£¡¦¥×¥í¥Ñ¥Æ¥£¡¦¥Õ¥¡¥¤¥ë¤Ïjava.security¤È¸Æ¤Ð¤ì¡¢Windows¤Ç¤Ï¥»¥­¥å¥ê¥Æ¥£¡¦¥×¥í¥Ñ¥Æ¥£¡¦¥Ç¥£¥ì¥¯¥È¥êjava.home\lib\security¡¢Oracle Solaris¤Ç¤Ïjava.home/lib/security¤Ë¤¢¤ê¤Þ¤¹¡£java.home¤Ï¡¢¼Â¹Ô»þ´Ä¶­¤Î¥Ç¥£¥ì¥¯¥È¥ê¤Ç¤¹¡£jre¥Ç¥£¥ì¥¯¥È¥ê¤Ï¡¢SDK¤Þ¤¿¤ÏJava Runtime Environment (JRE)¤ÎºÇ¾å°Ì¤Î¥Ç¥£¥ì¥¯¥È¥ê¤Ë¤¢¤ê¤Þ¤¹¡£

³Æ¥Ä¡¼¥ë¤Ï¡¢keystore.type¤ÎÃͤò¼èÆÀ¤·¡¢¤³¤ÎÃͤǻØÄꤵ¤ì¤¿¥¿¥¤¥×¤Î¥­¡¼¥¹¥È¥¢¤ò¼ÂÁõ¤·¤Æ¤¤¤ë¥×¥í¥Ð¥¤¥À¤¬¸«¤Ä¤«¤ë¤Þ¤Ç¡¢¸½ºß¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Æ¤¤¤ë¤¹¤Ù¤Æ¤Î¥×¥í¥Ð¥¤¥À¤òÄ´¤Ù¤Þ¤¹¡£¤½¤Î¥×¥í¥Ð¥¤¥À¤«¤é¤Î¥­¡¼¥¹¥È¥¢¤Î¼ÂÁõ¤ò»ÈÍѤ·¤Þ¤¹¡£KeyStore¥¯¥é¥¹¤ËÄêµÁ¤µ¤ì¤Æ¤¤¤ëstatic¥á¥½¥Ã¥ÉgetDefaultType¤ò»ÈÍѤ¹¤ë¤È¡¢¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ä¥¢¥×¥ì¥Ã¥È¤«¤ékeystore.type¥×¥í¥Ñ¥Æ¥£¤ÎÃͤò¼èÆÀ¤Ç¤­¤Þ¤¹¡£¼¡¤Î¥³¡¼¥É¤Ï¡¢¥Ç¥Õ¥©¥ë¥È¤Î¥­¡¼¥¹¥È¥¢¡¦¥¿¥¤¥×(keystore.type¥×¥í¥Ñ¥Æ¥£¤Ç»ØÄꤵ¤ì¤¿¥¿¥¤¥×)¤Î¥¤¥ó¥¹¥¿¥ó¥¹¤òÀ¸À®¤·¤Þ¤¹¡£

KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
¥Ç¥Õ¥©¥ë¥È¤Î¥­¡¼¥¹¥È¥¢¡¦¥¿¥¤¥×¤Ïjks¤Ç¡¢¤³¤ì¤ÏOracle¤¬Ä󶡤¹¤ëÆȼ«¤Î¥¿¥¤¥×¤Î¥­¡¼¥¹¥È¥¢¤Î¼ÂÁõ¤Ç¤¹¡£¤³¤ì¤Ï¡¢¥»¥­¥å¥ê¥Æ¥£¡¦¥×¥í¥Ñ¥Æ¥£¡¦¥Õ¥¡¥¤¥ëÆâ¤Î¼¡¤Î¹Ô¤Ë¤è¤Ã¤Æ»ØÄꤵ¤ì¤Æ¤¤¤Þ¤¹¡£
keystore.type=jks
³Æ¥Ä¡¼¥ë¤Ç¥Ç¥Õ¥©¥ë¥È°Ê³°¤Î¥­¡¼¥¹¥È¥¢¤Î¼ÂÁõ¤ò»ÈÍѤ¹¤ë¤Ë¤Ï¡¢¾å¤Î¹Ô¤òÊѹ¹¤·¤ÆÊ̤Υ­¡¼¥¹¥È¥¢¤Î¥¿¥¤¥×¤ò»ØÄꤷ¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢pkcs12¤È¸Æ¤Ð¤ì¤ë¥­¡¼¥¹¥È¥¢¤Î¥¿¥¤¥×¤Î¥­¡¼¥¹¥È¥¢¤Î¼ÂÁõ¤òÄ󶡤¹¤ë¥×¥í¥Ð¥¤¥À¡¦¥Ñ¥Ã¥±¡¼¥¸¤¬¤¢¤ë¾ì¹ç¡¢¹Ô¤ò¼¡¤Î¤è¤¦¤ËÊѹ¹¤·¤Þ¤¹¡£
keystore.type=pkcs12
Ãí°Õ: ¥­¡¼¥¹¥È¥¢¤Î¥¿¥¤¥×¤Î»ØÄê¤Ç¤Ï¡¢Âçʸ»ú¤È¾®Ê¸»ú¤Ï¶èÊ̤µ¤ì¤Þ¤»¤ó¡£¤¿¤È¤¨¤Ð¡¢JKS¤Èjks¤ÏƱ¤¸¤â¤Î¤È¤·¤Æ°·¤ï¤ì¤Þ¤¹¡£

¾ÚÌÀ½ñ

¾ÚÌÀ½ñ(¸ø³«¸°¾ÚÌÀ½ñ)¤È¤Ï¡¢¤¢¤ë¥¨¥ó¥Æ¥£¥Æ¥£(ȯ¹Ô¼Ô)¤«¤é¤Î¥Ç¥¸¥¿¥ë½ð̾ÉÕ¤­¤Îʸ½ñ¤Î¤³¤È¤Ç¤¹¡£¾ÚÌÀ½ñ¤Ë¤Ï¡¢Â¾¤Î¤¢¤ë¥¨¥ó¥Æ¥£¥Æ¥£(½ð̾¼Ô)¤Î¸ø³«¸°(¤ª¤è¤Ó¤½¤Î¾¤Î¾ðÊó)¤¬ÆÃÊ̤ÊÃͤò»ý¤Ã¤Æ¤¤¤ë¤³¤È¤¬½ñ¤«¤ì¤Æ¤¤¤Þ¤¹¡£¼¡¤ÎÍѸì¤Ï¡¢¾ÚÌÀ½ñ¤Ë´ØÏ¢¤·¤Æ¤¤¤Þ¤¹¡£

¸ø³«¸°: ¸ø³«¸°¤Ï¡¢ÆÃÄê¤Î¥¨¥ó¥Æ¥£¥Æ¥£¤Ë´ØÏ¢ÉÕ¤±¤é¤ì¤¿¿ô¤Ç¤¹¡£¸ø³«¸°¤Ï¡¢³ºÅö¤¹¤ë¥¨¥ó¥Æ¥£¥Æ¥£¤È¤Î´Ö¤Ë¿®Íê¤Ç¤­¤ë´Ø·¸¤ò»ý¤ÄɬÍפ¬¤¢¤ë¤¹¤Ù¤Æ¤Î¿Í¤ËÂФ·¤Æ¸ø³«¤¹¤ë¤³¤È¤ò°Õ¿Þ¤·¤¿¤â¤Î¤Ç¤¹¡£¸ø³«¸°¤Ï¡¢½ð̾¤ò¸¡¾Ú¤¹¤ë¤Î¤Ë»ÈÍѤµ¤ì¤Þ¤¹¡£

¥Ç¥¸¥¿¥ë½ð̾: ¥Ç¡¼¥¿¤¬¥Ç¥¸¥¿¥ë½ð̾¤µ¤ì¤ë¤È¡¢¤½¤Î¥Ç¡¼¥¿¤Ï¡¢¥¨¥ó¥Æ¥£¥Æ¥£¤Î¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¤È¡¢¤½¤Î¥¨¥ó¥Æ¥£¥Æ¥£¤¬¥Ç¡¼¥¿¤ÎÆâÍƤˤĤ¤¤ÆÃΤäƤ¤¤ë¤³¤È¤ò¾ÚÌÀ½ñ¤¹¤ë½ð̾¤È¤È¤â¤Ë³ÊǼ¤µ¤ì¤Þ¤¹¡£¥¨¥ó¥Æ¥£¥Æ¥£¤ÎÈëÌ©¸°¤ò»ÈÍѤ·¤Æ¥Ç¡¼¥¿¤Ë½ð̾¤òÉÕ¤±¤ë¤È¡¢¥Ç¡¼¥¿¤Îµ¶Â¤¤ÏÉÔ²Äǽ¤Ë¤Ê¤ê¤Þ¤¹¡£

¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£: ¥¨¥ó¥Æ¥£¥Æ¥£¤ò¥¢¥É¥ì¥¹»ØÄꤹ¤ë´ûÃΤÎÊýË¡¡£¥·¥¹¥Æ¥à¤Ë¤è¤Ã¤Æ¤Ï¡¢¸ø³«¸°¤ò¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¤Ë¤¹¤ë¤â¤Î¤¬¤¢¤ê¤Þ¤¹¡£¸ø³«¸°¤Î¾¤Ë¤â¡¢Oracle Solaris UID¤äÅŻҥ᡼¥ë¡¦¥¢¥É¥ì¥¹¡¢X.509¼±ÊÌ̾¤Ê¤É¡¢ÍÍ¡¹¤Ê¤â¤Î¤ò¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¤È¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

½ð̾: ½ð̾¤Ï¡¢¤Ê¤ó¤é¤«¤Î¥Ç¡¼¥¿¤ò´ð¤Ë¥¨¥ó¥Æ¥£¥Æ¥£¤ÎÈëÌ©¸°¤ò»ÈÍѤ·¤Æ·×»»¤µ¤ì¤Þ¤¹¡£½ð̾¼Ô¡¢¾ÚÌÀ½ñ¤Î¾ì¹ç¤Ïȯ¹Ô¼Ô¤È¤â¸Æ¤Ð¤ì¤Þ¤¹¡£

ÈëÌ©¸°: ÈëÌ©¸°¤ÏÆÃÄê¤Î¥¨¥ó¥Æ¥£¥Æ¥£¤Î¤ß¤¬ÃΤäƤ¤¤ë¿ô¤Î¤³¤È¤Ç¡¢¤³¤Î¿ô¤Î¤³¤È¤ò¡¢¤½¤Î¥¨¥ó¥Æ¥£¥Æ¥£¤ÎÈëÌ©¸°¤È¤¤¤¤¤Þ¤¹¡£ÈëÌ©¸°¤Ï¡¢Â¾¤ËÃΤé¤ì¤Ê¤¤¤è¤¦¤ËÈëÌ©¤Ë¤·¤Æ¤ª¤¯¤³¤È¤¬Á°Äó¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£ÈëÌ©¸°¤È¸ø³«¸°¤Ï¡¢¤¹¤Ù¤Æ¤Î¸ø³«¸°°Å¹æ²½¥·¥¹¥Æ¥à¤ÇÂФˤʤäƸºß¤·¤Æ¤¤¤Þ¤¹¡£DSA¤Ê¤É¤Îŵ·¿Åª¤Ê¸ø³«¸°°Å¹æ²½¥·¥¹¥Æ¥à¤Î¾ì¹ç¡¢1¤Ä¤ÎÈëÌ©¸°¤ÏÀµ³Î¤Ë1¤Ä¤Î¸ø³«¸°¤ËÂбþ¤·¤Þ¤¹¡£ÈëÌ©¸°¤Ï¡¢½ð̾¤ò·×»»¤¹¤ë¤Î¤Ë»ÈÍѤµ¤ì¤Þ¤¹¡£

¥¨¥ó¥Æ¥£¥Æ¥£: ¥¨¥ó¥Æ¥£¥Æ¥£¤Ï¡¢¿Í¡¢ÁÈ¿¥¡¢¥×¥í¥°¥é¥à¡¢¥³¥ó¥Ô¥å¡¼¥¿¡¢´ë¶È¡¢¶ä¹Ô¤Ê¤É¡¢°ìÄê¤ÎÅٹ礤¤Ç¿®Íê¤ÎÂоݤȤʤëÍÍ¡¹¤Ê¤â¤Î¤ò»Ø¤·¤Þ¤¹¡£

¸ø³«¸°°Å¹æ²½¤Ç¤Ï¡¢¥æ¡¼¥¶¡¼¤Î¸ø³«¸°¤Ë¥¢¥¯¥»¥¹¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£Â絬ÌϤʥͥåȥ¥¯´Ä¶­¤Ç¤Ï¡¢¸ß¤¤¤ËÄÌ¿®¤·¤Æ¤¤¤ë¥¨¥ó¥Æ¥£¥Æ¥£´Ö¤Ç°ÊÁ°¤Î´Ø·¸¤¬°ú³¤­³ÎΩ¤µ¤ì¤Æ¤¤¤ë¤È²¾Äꤷ¤¿¤ê¡¢»ÈÍѤµ¤ì¤Æ¤¤¤ë¤¹¤Ù¤Æ¤Î¸ø³«¸°¤ò¼ý¤á¤¿¿®Íê¤Ç¤­¤ë¥ê¥Ý¥¸¥È¥ê¤¬Â¸ºß¤¹¤ë¤È²¾Äꤷ¤¿¤ê¤¹¤ë¤³¤È¤ÏÉÔ²Äǽ¤Ç¤¹¡£¤³¤Î¤è¤¦¤Ê¸ø³«¸°¤ÎÇÛÉۤ˴ؤ¹¤ëÌäÂê¤ò²ò·è¤¹¤ë¤¿¤á¤Ë¾ÚÌÀ½ñ¤¬¹Í°Æ¤µ¤ì¤Þ¤·¤¿¡£¸½ºß¤Ç¤Ï¡¢Ç§¾Ú¶É(CA)¤¬¿®Íê¤Ç¤­¤ëÂè»°¼Ô¤È¤·¤Æµ¡Ç½¤·¤Þ¤¹¡£CA¤Ï¡¢Â¾¤Î¥¨¥ó¥Æ¥£¥Æ¥£¤Î¾ÚÌÀ½ñ¤Ë½ð̾¤¹¤ë(ȯ¹Ô¤¹¤ë)¹Ô°Ù¤ò¡¢¿®Íꤷ¤ÆǤ¤µ¤ì¤Æ¤¤¤ë¥¨¥ó¥Æ¥£¥Æ¥£(´ë¶È¤Ê¤É)¤Ç¤¹¡£CA¤ÏˡΧ¾å¤Î·ÀÌó¤Ë¹´Â«¤µ¤ì¤ë¤Î¤Ç¡¢Í­¸ú¤«¤Ä¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¤Î¤ß¤òºîÀ®¤¹¤ë¤â¤Î¤È¤·¤Æ°·¤ï¤ì¤Þ¤¹¡£VeriSign¡¢Thawte¡¢Entrust¤ò¤Ï¤¸¤á¡¢Â¿¤¯¤Î¸øŪ¤Êǧ¾Ú¶É¤¬Â¸ºß¤·¤Þ¤¹¡£

Microsoft¤Îǧ¾Ú¥µ¡¼¥Ð¡¼¡¢Entrust¤ÎCAÀ½Éʤʤɤò½ê°ÁÈ¿¥Æâ¤ÇÍøÍѤ¹¤ì¤Ð¡¢Æȼ«¤Îǧ¾Ú¶É¤ò±¿±Ä¤¹¤ë¤³¤È¤â²Äǽ¤Ç¤¹¡£keytool¥³¥Þ¥ó¥É¤ò»ÈÍѤ¹¤ë¤È¡¢¾ÚÌÀ½ñ¤Îɽ¼¨¡¢¥¤¥ó¥Ý¡¼¥È¤ª¤è¤Ó¥¨¥¯¥¹¥Ý¡¼¥È¤ò¹Ô¤¦¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£¤Þ¤¿¡¢¼«¸Ê½ð̾¾ÚÌÀ½ñ¤òÀ¸À®¤¹¤ë¤³¤È¤â¤Ç¤­¤Þ¤¹¡£

¸½ºß¡¢keytool¥³¥Þ¥ó¥É¤ÏX.509¾ÚÌÀ½ñ¤òÂоݤˤ·¤Æ¤¤¤Þ¤¹¡£

X.509¾ÚÌÀ½ñ

X.509µ¬³Ê¤Ç¤Ï¡¢¾ÚÌÀ½ñ¤Ë´Þ¤á¤ë¾ðÊó¤¬ÄêµÁ¤µ¤ì¤Æ¤ª¤ê¡¢¤³¤Î¾ðÊó¤ò¾ÚÌÀ½ñ¤Ë½ñ¤­¹þ¤àÊýË¡(¥Ç¡¼¥¿·Á¼°)¤Ë¤Ä¤¤¤Æ¤âµ­½Ò¤µ¤ì¤Æ¤¤¤Þ¤¹¡£¾ÚÌÀ½ñ¤Î¤¹¤Ù¤Æ¤Î¥Ç¡¼¥¿¤Ï¡¢ASN.1/DER¤È¸Æ¤Ð¤ì¤ë2¤Ä¤Î´ØÏ¢µ¬³Ê¤ò»ÈÍѤ·¤ÆÉä¹æ²½¤µ¤ì¤Þ¤¹¡£Abstract Syntax Notation 1¤Ï¥Ç¡¼¥¿¤Ë¤Ä¤¤¤Æµ­½Ò¤·¤Æ¤¤¤Þ¤¹¡£Definite Encoding Rules¤Ï¡¢¥Ç¡¼¥¿¤ÎÊݸ¤ª¤è¤ÓžÁ÷¤ÎÊýË¡¤Ë¤Ä¤¤¤Æµ­½Ò¤·¤Æ¤¤¤Þ¤¹¡£

¤¹¤Ù¤Æ¤ÎX.509¾ÚÌÀ½ñ¤Ï¡¢½ð̾¤Î¾¤Ë¼¡¤Î¥Ç¡¼¥¿¤ò´Þ¤ó¤Ç¤¤¤Þ¤¹¡£

¥Ð¡¼¥¸¥ç¥ó: ¾ÚÌÀ½ñ¤ËŬÍѤµ¤ì¤ëX.509µ¬³Ê¤Î¥Ð¡¼¥¸¥ç¥ó¤òÆÃÄꤷ¤Þ¤¹¡£¾ÚÌÀ½ñ¤Ë»ØÄê¤Ç¤­¤ë¾ðÊó¤Ï¡¢¥Ð¡¼¥¸¥ç¥ó¤Ë¤è¤Ã¤Æ°Û¤Ê¤ê¤Þ¤¹¡£º£¤Î¤È¤³¤í¡¢3¤Ä¤Î¥Ð¡¼¥¸¥ç¥ó¤¬ÄêµÁ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£keytool¥³¥Þ¥ó¥É¤Ç¤Ï¡¢v1¡¢v2¡¢v3¤Î¾ÚÌÀ½ñ¤ò¥¤¥ó¥Ý¡¼¥È¤ª¤è¤Ó¥¨¥¯¥¹¥Ý¡¼¥È¤Ç¤­¤Þ¤¹¡£v3¤Î¾ÚÌÀ½ñ¤òÀ¸À®¤·¤Þ¤¹¡£

X.509 Version 1¤Ï¡¢1988ǯ¤«¤éÍøÍѤµ¤ì¤Æ¹­¤¯ÉáµÚ¤·¤Æ¤ª¤ê¡¢ºÇ¤â°ìÈÌŪ¤Ç¤¹¡£

X.509 Version 2¤Ç¤Ï¡¢Subject¤äȯ¹Ô¼Ô¤Î̾Á°¤ò¤¢¤È¤ÇºÆÍøÍѤǤ­¤ë¤è¤¦¤Ë¤¹¤ë¤¿¤á¤Ë¡¢Subject¤Èȯ¹Ô¼Ô¤Î°ì°Õ¼±Ê̻ҤγµÇ°¤¬Æ³Æþ¤µ¤ì¤Þ¤·¤¿¡£¤Û¤È¤ó¤É¤Î¾ÚÌÀ½ñ¥×¥í¥Õ¥¡¥¤¥ëʸ½ñ¤Ç¤Ï¡¢Ì¾Á°¤òºÆ»ÈÍѤ·¤Ê¤¤¤³¤È¤È¡¢¾ÚÌÀ½ñ¤Ç°ì°Õ¤Î¼±Ê̻Ҥò»ÈÍѤ·¤Ê¤¤¤³¤È¤¬¡¢¶¯¤¯¿ä¾©¤µ¤ì¤Æ¤¤¤Þ¤¹¡£Version 2¤Î¾ÚÌÀ½ñ¤Ï¡¢¹­¤¯¤Ï»ÈÍѤµ¤ì¤Æ¤¤¤Þ¤»¤ó¡£

X.509 Version 3¤ÏºÇ¤â¿·¤·¤¤(1996ǯ)µ¬³Ê¤Ç¡¢¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤Î³µÇ°¤ò¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Þ¤¹¡£¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤Ïï¤Ç¤âÄêµÁ¤¹¤ë¤³¤È¤¬¤Ç¤­¡¢¾ÚÌÀ½ñ¤Ë´Þ¤á¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£°ìÈÌŪ¤Ê¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤È¤·¤Æ¤Ï¡¢KeyUsage(½ð̾ÀìÍѤʤɡ¢¸°¤Î»ÈÍѤòÆÃÄê¤ÎÌÜŪ¤ËÀ©¸Â¤¹¤ë)¡¢AlternativeNames(DNS̾¡¢ÅŻҥ᡼¥ë¡¦¥¢¥É¥ì¥¹¡¢IP¥¢¥É¥ì¥¹¤Ê¤É¡¢Â¾¤Î¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¤ò¸ø³«¸°¤Ë´ØÏ¢ÉÕ¤±¤ë¤³¤È¤¬¤Ç¤­¤ë)¤Ê¤É¤¬¤¢¤ê¤Þ¤¹¡£¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤Ë¤Ï¡¢critical¤È¤¤¤¦¥Þ¡¼¥¯¤òÉÕ¤±¤Æ¡¢¤½¤Î¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤Î¥Á¥§¥Ã¥¯¤È»ÈÍѤòµÁ̳¤Å¤±¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢critical¤È¥Þ¡¼¥¯¤µ¤ì¡¢keyCertSign¤¬ÀßÄꤵ¤ì¤¿KeyUsage¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤¬¾ÚÌÀ½ñ¤Ë´Þ¤Þ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢¤³¤Î¾ÚÌÀ½ñ¤òSSLÄÌ¿®Ãæ¤ËÄ󼨤¹¤ë¤È¡¢¾ÚÌÀ½ñ¤¬µñÈݤµ¤ì¤Þ¤¹¡£¤³¤ì¤Ï¡¢¾ÚÌÀ½ñ¤Î¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤Ë¤è¤Ã¤Æ¡¢´ØÏ¢¤¹¤ëÈëÌ©¸°¤¬¾ÚÌÀ½ñ¤Î½ð̾ÀìÍѤȤ·¤Æ»ØÄꤵ¤ì¤Æ¤ª¤ê¡¢SSL¤Ç¤Ï»ÈÍѤǤ­¤Ê¤¤¤¿¤á¤Ç¤¹¡£

¥·¥ê¥¢¥ëÈÖ¹æ: ¾ÚÌÀ½ñ¤òºîÀ®¤·¤¿¥¨¥ó¥Æ¥£¥Æ¥£¤Ï¡¢¤½¤Î¥¨¥ó¥Æ¥£¥Æ¥£¤¬È¯¹Ô¤¹¤ë¾¤Î¾ÚÌÀ½ñ¤È¶èÊ̤¹¤ë¤¿¤á¤Ë¡¢¾ÚÌÀ½ñ¤Ë¥·¥ê¥¢¥ëÈÖ¹æ¤ò³ä¤êÅö¤Æ¤Þ¤¹¡£¤³¤Î¾ðÊó¤Ï¡¢ÍÍ¡¹¤ÊÊýË¡¤Ç»ÈÍѤµ¤ì¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢¾ÚÌÀ½ñ¤¬¼è¤ê¾Ã¤µ¤ì¤ë¤È¡¢¥·¥ê¥¢¥ëÈֹ椬¾ÚÌÀ½ñ¼º¸ú¥ê¥¹¥È(CRL)¤Ë³ÊǼ¤µ¤ì¤Þ¤¹¡£

¾ÚÌÀ½ñ¥¢¥ë¥´¥ê¥º¥à¼±ÊÌ»Ò: ¾ÚÌÀ½ñ¤Ë½ð̾¤òÉÕ¤±¤ë¤È¤­¤ËCA¤¬»ÈÍѤ·¤¿¥¢¥ë¥´¥ê¥º¥à¤òÆÃÄꤷ¤Þ¤¹¡£

ȯ¹Ô¼Ô̾: ¾ÚÌÀ½ñ¤Ë½ð̾¤òÉÕ¤±¤¿¥¨¥ó¥Æ¥£¥Æ¥£¤ÎX.500¼±ÊÌ̾¤Ç¤¹¡£X.500¼±ÊÌ̾¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£Ä̾ï¤ÏCA¤Ç¤¹¡£¤³¤Î¾ÚÌÀ½ñ¤ò»ÈÍѤ¹¤ë¤³¤È¤Ï¡¢¾ÚÌÀ½ñ¤Ë½ð̾¤òÉÕ¤±¤¿¥¨¥ó¥Æ¥£¥Æ¥£¤ò¿®Íꤹ¤ë¤³¤È¤ò°ÕÌ£¤·¤Þ¤¹¡£¥ë¡¼¥È¤Ä¤Þ¤ê¥È¥Ã¥×¥ì¥Ù¥ë¤ÎCA¤Î¾ÚÌÀ½ñ¤Ê¤É¡¢¾ì¹ç¤Ë¤è¤Ã¤Æ¤Ïȯ¹Ô¼Ô¤¬¼«¿È¤Î¾ÚÌÀ½ñ¤Ë½ð̾¤òÉÕ¤±¤ë¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£

Í­¸ú´ü´Ö: ³Æ¾ÚÌÀ½ñ¤Ï¸Â¤é¤ì¤¿´ü´Ö¤Î¤ßÍ­¸ú¤Ç¤¹¡£¤³¤Î´ü´Ö¤Ï³«»Ï¤ÎÆü»þ¤È½ªÎ»¤ÎÆü»þ¤Ë¤è¤Ã¤Æ»ØÄꤵ¤ì¡¢¿ôÉäÎû¤¤´ü´Ö¤«¤é100ǯ¤È¤¤¤¦Ä¹´ü¤Ë¤ï¤¿¤ë¤³¤È¤â¤¢¤ê¤Þ¤¹¡£ÁªÂò¤µ¤ì¤ëÍ­¸ú´ü´Ö¤Ï¡¢¾ÚÌÀ½ñ¤Ø¤Î½ð̾¤Ë»ÈÍѤµ¤ì¤ëÈëÌ©¸°¤Î¶¯ÅÙ¤ä¾ÚÌÀ½ñ¤Ë»Ùʧ¤¦¶â³Û¤Ê¤É¡¢ÍÍ¡¹¤ÊÍ×°ø¤Ç°Û¤Ê¤ê¤Þ¤¹¡£Í­¸ú´ü´Ö¤Ï¡¢´ØÏ¢¤¹¤ëÈëÌ©¸°¤¬Â»¤ï¤ì¤Ê¤¤¾ì¹ç¤Ë¡¢¥¨¥ó¥Æ¥£¥Æ¥£¤¬¸ø³«¸°¤ò¿®Íê¤Ç¤­¤ë¤È´üÂÔ¤µ¤ì¤ë´ü´Ö¤Ç¤¹¡£

¼çÂÎ̾: ¾ÚÌÀ½ñ¤Ç¸ø³«¸°¤òǧ¾Ú¤¹¤ë¥¨¥ó¥Æ¥£¥Æ¥£¤Î̾Á°¡£¤³¤Î̾Á°¤ÏX.500ɸ½à¤ò»ÈÍѤ¹¤ë¤Î¤Ç¡¢¥¤¥ó¥¿¡¼¥Í¥Ã¥ÈÁ´ÂΤǰì°Õ¤Ê¤â¤Î¤ÈÁÛÄꤵ¤ì¤Þ¤¹¡£¤³¤ì¤Ï¡¢¥¨¥ó¥Æ¥£¥Æ¥£¤ÎX.500¼±ÊÌ̾(DN)¤Ç¤¹¡£X.500¼±ÊÌ̾¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£¼¡¤ËÎã¤ò¼¨¤·¤Þ¤¹¡£

CN=Java Duke, OU=Java Software Division, O=Oracle Corporation, C=US
¤³¤ì¤é¤Ï¤½¤ì¤¾¤ì¼çÂΤÎÄ̾Î(CN)¡¢ÁÈ¿¥Ã±°Ì(OU)¡¢ÁÈ¿¥(O)¡¢¹ñ(C)¤òɽ¤·¤Þ¤¹¡£

¼çÂΤθø³«¸°¾ðÊó: ̾Á°¤òÉÕ¤±¤é¤ì¤¿¥¨¥ó¥Æ¥£¥Æ¥£¤Î¸ø³«¸°¤È¥¢¥ë¥´¥ê¥º¥à¼±Ê̻ҤǤ¹¡£¥¢¥ë¥´¥ê¥º¥à¼±Ê̻ҤǤϡ¢¸ø³«¸°¤ËÂФ·¤Æ»ÈÍѤµ¤ì¤Æ¤¤¤ë¸ø³«¸°°Å¹æ²½¥·¥¹¥Æ¥à¤ª¤è¤Ó´ØÏ¢¤¹¤ë¸°¥Ñ¥é¥á¡¼¥¿¤¬»ØÄꤵ¤ì¤Æ¤¤¤Þ¤¹¡£

¾ÚÌÀ½ñ¥Á¥§¡¼¥ó

keytool¥³¥Þ¥ó¥É¤Ç¤Ï¡¢ÈëÌ©¸°¤ª¤è¤Ó´ØÏ¢¤¹¤ë¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤ò´Þ¤à¥­¡¼¥¹¥È¥¢¤Î¸°¥¨¥ó¥È¥ê¤òºîÀ®¤·¡¢´ÉÍý¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£¤³¤Î¤è¤¦¤Ê¥¨¥ó¥È¥ê¤Ç¤Ï¡¢ÈëÌ©¸°¤ËÂбþ¤¹¤ë¸ø³«¸°¤Ï¡¢¥Á¥§¡¼¥ó¤ÎºÇ½é¤Î¾ÚÌÀ½ñ¤Ë´Þ¤Þ¤ì¤Æ¤¤¤Þ¤¹¡£

¸°¤ò½é¤á¤ÆºîÀ®¤¹¤ë¤È¡¢¼«¸Ê½ð̾¾ÚÌÀ½ñ¤È¤¤¤¦1¤Ä¤ÎÍ×ÁǤΤߤò´Þ¤à¥Á¥§¡¼¥ó¤¬³«»Ï¤µ¤ì¤Þ¤¹¡£¥³¥Þ¥ó¥É¤Î-genkeypair¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Ïȯ¹Ô¼Ô(½ð̾¼Ô)¤¬¼çÂΤÈƱ¤¸¤Ç¤¹¡£¼çÂΤϡ¢¤½¤Î¸ø³«¸°¤¬¾ÚÌÀ½ñ¤Ë¤è¤Ã¤Æǧ¾Ú¤µ¤ì¤ë¥¨¥ó¥Æ¥£¥Æ¥£¤Ç¤¹¡£-genkeypair¥³¥Þ¥ó¥É¤ò¸Æ¤Ó½Ð¤·¤Æ¿·¤·¤¤¸ø³«¸°¤ÈÈëÌ©¸°¤Î¥Ú¥¢¤òºîÀ®¤¹¤ë¤È¡¢¸ø³«¸°¤Ï¾ï¤Ë¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Ç¥é¥Ã¥×¤µ¤ì¤Þ¤¹¡£

¤³¤Î¸å¡¢¾ÚÌÀ½ñ½ð̾¥ê¥¯¥¨¥¹¥È(CSR)¤¬-certreq¥³¥Þ¥ó¥É¤ÇÀ¸À®¤µ¤ì¤Æ¡¢CSR¤¬Ç§¾Ú¶É(CA)¤ËÁ÷¿®¤µ¤ì¤ë¤È¡¢CA¤«¤é¤Î¥ì¥¹¥Ý¥ó¥¹¤¬-importcert¤Ç¥¤¥ó¥Ý¡¼¥È¤µ¤ì¡¢¸µ¤Î¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Ï¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Ë¤è¤Ã¤ÆÃÖ¤­´¹¤¨¤é¤ì¤Þ¤¹¡£¤Î-certreq¤ª¤è¤Ó-importcert¥³¥Þ¥ó¥É¥ª¥×¥·¥ç¥ó¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£¥Á¥§¡¼¥ó¤ÎºÇ¸å¤Ë¤¢¤ë¤Î¤Ï¡¢Subject¤Î¸ø³«¸°¤òǧ¾Ú¤·¤¿CA¤¬È¯¹Ô¤·¤¿¾ÚÌÀ½ñ(±þÅú)¤Ç¤¹¡£¥Á¥§¡¼¥óÆâ¤Î¤½¤ÎÁ°¤Î¾ÚÌÀ½ñ¤Ï¡¢CA¤Î¸ø³«¸°¤òǧ¾Ú¤¹¤ë¾ÚÌÀ½ñ¤Ç¤¹¡£

CA¤Î¸ø³«¸°¤òǧ¾Ú¤¹¤ë¾ÚÌÀ½ñ¤Ï¡¢Â¿¤¯¤Î¾ì¹ç¡¢¼«¸Ê½ð̾¾ÚÌÀ½ñ(¤Ä¤Þ¤êCA¤¬¼«¿È¤Î¸ø³«¸°¤òǧ¾Ú¤·¤¿¾ÚÌÀ½ñ)¤Ç¤¢¤ê¡¢¤³¤ì¤Ï¥Á¥§¡¼¥ó¤ÎºÇ½é¤Î¾ÚÌÀ½ñ¤Ë¤Ê¤ê¤Þ¤¹¡£¾ì¹ç¤Ë¤è¤Ã¤Æ¤Ï¡¢CA¤¬¾ÚÌÀ½ñ¤Î¥Á¥§¡¼¥ó¤òÊÖ¤¹¤³¤È¤â¤¢¤ê¤Þ¤¹¡£¤³¤Î¾ì¹ç¡¢¥Á¥§¡¼¥óÆâ¤ÎºÇ¸å¤Î¾ÚÌÀ½ñ(CA¤Ë¤è¤Ã¤Æ½ð̾¤µ¤ì¡¢¸°¥¨¥ó¥È¥ê¤Î¸ø³«¸°¤òǧ¾Ú¤¹¤ë¾ÚÌÀ½ñ)¤ËÊѤï¤ê¤Ï¤¢¤ê¤Þ¤»¤ó¤¬¡¢¥Á¥§¡¼¥óÆâ¤Î¤½¤ÎÁ°¤Î¾ÚÌÀ½ñ¤Ï¡¢CSR¤ÎÁ÷¿®Àè¤ÎCA¤È¤ÏÊ̤ÎCA¤Ë¤è¤Ã¤Æ½ð̾¤µ¤ì¡¢CSR¤ÎÁ÷¿®Àè¤ÎCA¤Î¸ø³«¸°¤òǧ¾Ú¤¹¤ë¾ÚÌÀ½ñ¤Ë¤Ê¤ê¤Þ¤¹¡£¥Á¥§¡¼¥óÆâ¤Î¤½¤ÎÁ°¤Î¾ÚÌÀ½ñ¤Ï¡¢¼¡¤ÎCA¤Î¸°¤òǧ¾Ú¤¹¤ë¾ÚÌÀ½ñ¤Ë¤Ê¤ê¤Þ¤¹¡£°Ê²¼Æ±Íͤˡ¢¼«¸Ê½ð̾¤µ¤ì¤¿¡Ö¥ë¡¼¥È¡×¾ÚÌÀ½ñ¤Ë㤹¤ë¤Þ¤Ç¥Á¥§¡¼¥ó¤¬Â³¤­¤Þ¤¹¡£¤·¤¿¤¬¤Ã¤Æ¡¢¥Á¥§¡¼¥óÆâ¤Î(ºÇ½é¤Î¾ÚÌÀ½ñ°Ê¸å¤Î)³Æ¾ÚÌÀ½ñ¤Ç¤Ï¡¢¥Á¥§¡¼¥óÆâ¤Î¼¡¤Î¾ÚÌÀ½ñ¤Î½ð̾¼Ô¤Î¸ø³«¸°¤¬Ç§¾Ú¤µ¤ì¤Æ¤¤¤ë¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£

¿¤¯¤ÎCA¤Ï¡¢¥Á¥§¡¼¥ó¤ò¥µ¥Ý¡¼¥È¤»¤º¤Ëȯ¹ÔºÑ¤Î¾ÚÌÀ½ñ¤Î¤ß¤òÊÖ¤·¤Þ¤¹¡£Æäˡ¢Ãæ´Ö¤ÎCA¤¬Â¸ºß¤·¤Ê¤¤¥Õ¥é¥Ã¥È¤Ê³¬Áع½Â¤¤Î¾ì¹ç¤Ï¡¢¤½¤Î·¹¸þ¤¬¸²Ãø¤Ç¤¹¡£¤³¤Î¤è¤¦¤Ê¾ì¹ç¤Ï¡¢¥­¡¼¥¹¥È¥¢¤Ë¤¹¤Ç¤Ë³ÊǼ¤µ¤ì¤Æ¤¤¤ë¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¾ðÊ󤫤顢¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤ò³ÎΩ¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£

Ê̤αþÅú·Á¼°(PKCS#7¤ÇÄêµÁ¤µ¤ì¤Æ¤¤¤ë·Á¼°)¤Ç¤Ï¡¢È¯¹ÔºÑ¾ÚÌÀ½ñ¤Ë²Ã¤¨¡¢¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Î¥µ¥Ý¡¼¥È¤¬´Þ¤Þ¤ì¤Æ¤¤¤Þ¤¹¡£keytool¥³¥Þ¥ó¥É¤Ç¤Ï¡¢¤É¤Á¤é¤Î±þÅú·Á¼°¤â°·¤¦¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

¥È¥Ã¥×¥ì¥Ù¥ë(¥ë¡¼¥È)CA¤Î¾ÚÌÀ½ñ¤Ï¡¢¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Ç¤¹¡£¤¿¤À¤·¡¢¥ë¡¼¥È¤Î¸ø³«¸°¤Ø¤Î¿®Íê¤Ï¡¢¥ë¡¼¥È¾ÚÌÀ½ñ¼«ÂΤ«¤é¤Ç¤Ï¤Ê¤¯¡¢¿·Ê¹¤Ê¤É¾¤Î¥½¡¼¥¹¤«¤é¼èÆÀ¤µ¤ì¤Þ¤¹¡£¤³¤ì¤Ï¡¢VeriSign¥ë¡¼¥ÈCA¤Ê¤É¤Î¼±ÊÌ̾¤ò»ÈÍѤ·¤Æ¡¢Ã¯¤Ç¤â¼«¸Ê½ð̾·¿¾ÚÌÀ½ñ¤òÀ¸À®¤Ç¤­¤ë¤¿¤á¤Ç¤¹¡£¥ë¡¼¥ÈCA¤Î¸ø³«¸°¤Ï¹­¤¯ÃΤé¤ì¤Æ¤¤¤Þ¤¹¡£¥ë¡¼¥ÈCA¤Î¸ø³«¸°¤ò¾ÚÌÀ½ñ¤Ë³ÊǼ¤¹¤ëÍýͳ¤Ï¡¢¾ÚÌÀ½ñ¤È¤¤¤¦·Á¼°¤Ë¤¹¤ë¤³¤È¤Ç¿¤¯¤Î¥Ä¡¼¥ë¤«¤éÍøÍѤǤ­¤ë¤è¤¦¤Ë¤Ê¤ë¤«¤é¤Ë¤¹¤®¤Þ¤»¤ó¡£¤Ä¤Þ¤ê¡¢¾ÚÌÀ½ñ¤Ï¡¢¥ë¡¼¥ÈCA¤Î¸ø³«¸°¤ò±¿¤Ö¡ÖÇÞÂΡפȤ·¤ÆÍøÍѤµ¤ì¤ë¤Î¤ß¤Ç¤¹¡£¥ë¡¼¥ÈCA¤Î¾ÚÌÀ½ñ¤ò¥­¡¼¥¹¥È¥¢¤ËÄɲ乤ë¤È¤­¤Ï¡¢-printcert¥ª¥×¥·¥ç¥ó¤ò»ÈÍѤ·¤Æ¡¢¤½¤ÎÁ°¤Ë¾ÚÌÀ½ñ¤ÎÆâÍƤòɽ¼¨¤·¡¢É½¼¨¤µ¤ì¤¿¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤È¡¢¿·Ê¹¤ä¥ë¡¼¥ÈCA¤ÎWeb¥Ú¡¼¥¸¤Ê¤É¤«¤éÆþ¼ê¤·¤¿´ûÃΤΥե£¥ó¥¬¡¼¥×¥ê¥ó¥È¤È¤òÈæ³Ó¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£

cacerts¾ÚÌÀ½ñ¥Õ¥¡¥¤¥ë

cacerts¤È¤¤¤¦Ì¾Á°¤Î¾ÚÌÀ½ñ¥Õ¥¡¥¤¥ë¤Ï¡¢Windows¤Ç¤Ï¥»¥­¥å¥ê¥Æ¥£¡¦¥×¥í¥Ñ¥Æ¥£¡¦¥Ç¥£¥ì¥¯¥È¥êjava.home\lib\security¡¢Oracle Solaris¤Ç¤Ïjava.home/lib/security¤ËÃÖ¤«¤ì¤Æ¤¤¤Þ¤¹¡£java.home¤Ï¡¢¼Â¹Ô´Ä¶­¤Î¥Ç¥£¥ì¥¯¥È¥ê(SDK¤Îjre¥Ç¥£¥ì¥¯¥È¥ê¤Þ¤¿¤ÏJRE¤ÎºÇ¾å°Ì¥Ç¥£¥ì¥¯¥È¥ê)¤Ç¤¹¡£

cacerts¥Õ¥¡¥¤¥ë¤Ï¡¢CA¤Î¾ÚÌÀ½ñ¤ò´Þ¤à¡¢¥·¥¹¥Æ¥àÁ´ÂΤΥ­¡¼¥¹¥È¥¢¤Ç¤¹¡£¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ï¡¢¥­¡¼¥¹¥È¥¢¡¦¥¿¥¤¥×¤Ëjks¤ò»ØÄꤹ¤ë¤³¤È¤Ç¡¢keytool¥³¥Þ¥ó¥É¤ò»ÈÍѤ·¤Æ¤³¤Î¥Õ¥¡¥¤¥ë¤Î¹½À®¤È´ÉÍý¤ò¹Ô¤¦¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£cacerts¥­¡¼¥¹¥È¥¢¡¦¥Õ¥¡¥¤¥ë¤Ï¡¢¥ë¡¼¥ÈCA¾ÚÌÀ½ñ¤Î¥Ç¥Õ¥©¥ë¥È¡¦¥»¥Ã¥È¤ò´Þ¤ó¤À¾õÂ֤ǽв٤µ¤ì¤Æ¤¤¤Þ¤¹¡£¥Ç¥Õ¥©¥ë¥È¤Î¾ÚÌÀ½ñ¤ò°ìÍ÷ɽ¼¨¤¹¤ë¤Ë¤Ï¡¢¼¡¤Î¥³¥Þ¥ó¥É¤ò»ÈÍѤ·¤Þ¤¹¡£

keytool -list -keystore java.home/lib/security/cacerts
cacerts¥­¡¼¥¹¥È¥¢¡¦¥Õ¥¡¥¤¥ë¤Î½é´ü¥Ñ¥¹¥ï¡¼¥É¤Ï¡¢changeit¤Ç¤¹¡£¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ï¡¢SDK¤Î¥¤¥ó¥¹¥È¡¼¥ë¸å¡¢¤³¤Î¥Õ¥¡¥¤¥ë¤Î¥Ñ¥¹¥ï¡¼¥É¤È¥Ç¥Õ¥©¥ë¥È¡¦¥¢¥¯¥»¥¹¸¢¤òÊѹ¹¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£

Ãí°Õ: cacerts¥Õ¥¡¥¤¥ë¤ò³Îǧ¤¹¤ë¤³¤È¤¬½ÅÍפǤ¹¡£cacerts¥Õ¥¡¥¤¥ëÆâ¤ÎCA¤Ï¡¢½ð̾¤ª¤è¤Ó¾¤Î¥¨¥ó¥Æ¥£¥Æ¥£¤Ø¤Î¾ÚÌÀ½ñȯ¹Ô¤Î¤¿¤á¤Î¥¨¥ó¥Æ¥£¥Æ¥£¤È¤·¤Æ¿®Íꤵ¤ì¤ë¤¿¤á¡¢cacerts¥Õ¥¡¥¤¥ë¤Î´ÉÍý¤Ï¿µ½Å¤Ë¹Ô¤¦É¬Íפ¬¤¢¤ê¤Þ¤¹¡£cacerts¥Õ¥¡¥¤¥ë¤Ë¤Ï¡¢¿®Íꤹ¤ëCA¤Î¾ÚÌÀ½ñ¤Î¤ß¤¬´Þ¤Þ¤ì¤Æ¤¤¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¥æ¡¼¥¶¡¼¤Ï¡¢¼«¿È¤ÎÀÕǤ¤Ë¤ª¤¤¤Æ¡¢cacerts¥Õ¥¡¥¤¥ë¤Ë¥Ð¥ó¥É¥ë¤µ¤ì¤Æ¤¤¤ë¿®Íê¤Ç¤­¤ë¥ë¡¼¥ÈCA¾ÚÌÀ½ñ¤ò¸¡¾Ú¤·¡¢¿®ÍêÀ­¤Ë´Ø¤¹¤ëÆȼ«¤Î·èÄê¤ò¹Ô¤¤¤Þ¤¹¡£

¿®Íê¤Ç¤­¤Ê¤¤CA¾ÚÌÀ½ñ¤òcacerts¥Õ¥¡¥¤¥ë¤«¤éºï½ü¤¹¤ë¤Ë¤Ï¡¢keytool¥³¥Þ¥ó¥É¤Îdelete¥ª¥×¥·¥ç¥ó¤ò»ÈÍѤ·¤Þ¤¹¡£cacerts¥Õ¥¡¥¤¥ë¤ÏJRE¤Î¥¤¥ó¥¹¥È¡¼¥ë¡¦¥Ç¥£¥ì¥¯¥È¥ê¤Ë¤¢¤ê¤Þ¤¹¡£¤³¤Î¥Õ¥¡¥¤¥ë¤òÊÔ½¸¤¹¤ë¥¢¥¯¥»¥¹¸¢¤¬¤Ê¤¤¾ì¹ç¤Ï¡¢¥·¥¹¥Æ¥à´ÉÍý¼Ô¤ËÏ¢Íí¤·¤Æ¤¯¤À¤µ¤¤

¥¤¥ó¥¿¡¼¥Í¥Ã¥ÈRFC 1421¾ÚÌÀ½ñÉä¹æ²½µ¬³Ê

¿¤¯¤Î¾ì¹ç¡¢¾ÚÌÀ½ñ¤Ï¡¢¥Ð¥¤¥Ê¥êÉä¹æ²½¤Ç¤Ï¤Ê¤¯¡¢¥¤¥ó¥¿¡¼¥Í¥Ã¥ÈRFC 1421µ¬³Ê¤ÇÄêµÁ¤µ¤ì¤Æ¤¤¤ë½ÐÎϲÄǽÉä¹æ²½Êý¼°¤ò»ÈÍѤ·¤Æ³ÊǼ¤µ¤ì¤Þ¤¹¡£Base 64Éä¹æ²½¤È¤â¸Æ¤Ð¤ì¤ë¤³¤Î¾ÚÌÀ½ñ·Á¼°¤Ç¤Ï¡¢ÅŻҥ᡼¥ë¤ä¤½¤Î¾¤Îµ¡¹½¤òÄ̤¸¤Æ¡¢Â¾¤Î¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ë¾ÚÌÀ½ñ¤òÍưפ˥¨¥¯¥¹¥Ý¡¼¥È¤Ç¤­¤Þ¤¹¡£

-importcert¤È-printcert¥³¥Þ¥ó¥É¤Ç¤Ï¡¢¤³¤Î·Á¼°¤Î¾ÚÌÀ½ñ¤È¥Ð¥¤¥Ê¥êÉä¹æ²½¤Î¾ÚÌÀ½ñ¤òÆɤ߹þ¤à¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£-exportcert¥³¥Þ¥ó¥É¤Ç¤Ï¡¢¥Ç¥Õ¥©¥ë¥È¤Ç¥Ð¥¤¥Ê¥êÉä¹æ²½¤Î¾ÚÌÀ½ñ¤¬½ÐÎϤµ¤ì¤Þ¤¹¡£¤¿¤À¤·¡¢-rfc¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤¿¾ì¹ç¤Ï¡¢½ÐÎϲÄǽÉä¹æ²½Êý¼°¤Î¾ÚÌÀ½ñ¤¬½ÐÎϤµ¤ì¤Þ¤¹¡£

-list¥³¥Þ¥ó¥É¤Ç¤Ï¡¢¥Ç¥Õ¥©¥ë¥È¤Ç¾ÚÌÀ½ñ¤ÎSHA1¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤¬½ÐÎϤµ¤ì¤Þ¤¹¡£-v¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢¾ÚÌÀ½ñ¤Ï¿Í¤¬Íý²ò¤Ç¤­¤ë·Á¼°¤Ç½ÐÎϤµ¤ì¤Þ¤¹¡£-rfc¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢¾ÚÌÀ½ñ¤Ï½ÐÎϲÄǽÉä¹æ²½Êý¼°¤Ç½ÐÎϤµ¤ì¤Þ¤¹¡£

½ÐÎϲÄǽÉä¹æ²½Êý¼°¤ÇÉä¹æ²½¤µ¤ì¤¿¾ÚÌÀ½ñ¤Ï¡¢¼¡¤Î¥Æ¥­¥¹¥È¤Ç»Ï¤Þ¤ê¡¢¼¡¤Î¥Æ¥­¥¹¥È¤Ç½ªÎ»¤·¤Þ¤¹¡£

-----BEGIN CERTIFICATE-----
encoded certificate goes here. 
-----END CERTIFICATE-----

X.500¼±ÊÌ̾

X.500¼±ÊÌ̾¤Ï¡¢¥¨¥ó¥Æ¥£¥Æ¥£¤òÆÃÄꤹ¤ë¤¿¤á¤Ë»ÈÍѤµ¤ì¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢X.509¾ÚÌÀ½ñ¤Îsubject¥Õ¥£¡¼¥ë¥É¤Èissuer(½ð̾¼Ô)¥Õ¥£¡¼¥ë¥É¤Ç»ØÄꤵ¤ì¤ë̾Á°¤Ï¡¢X.500¼±ÊÌ̾¤Ç¤¹¡£keytool¥³¥Þ¥ó¥É¤Ï¡¢¼¡¤Î¥µ¥Ö¥Ñ¡¼¥È¤ò¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Þ¤¹¡£

commonName: Susan Jones¤Ê¤É¡¢¿Í¤ÎÄ̾Ρ£

organizationUnit: ¾®¤µ¤ÊÁÈ¿¥(Éô¡¢²Ý¤Ê¤É)¤Î̾¾Î¡£Purchasing¤Ê¤É¤Ç¤¹¡£

localityName: ÃÏ°è(ÅÔ»Ô)̾¡£Palo Alto¤Ê¤É¡£

stateName: ½£Ì¾¤Þ¤¿¤ÏÃÏÊý̾¡£California¤Ê¤É¡£

country: 2ʸ»ú¤Î¹ñ¥³¡¼¥É¡£CH¤Ê¤É¡£

¼±ÊÌ̾ʸ»úÎó¤ò-dname¥ª¥×¥·¥ç¥ó¤ÎÃͤȤ·¤Æ»ØÄꤹ¤ë¾ì¹ç(¤¿¤È¤¨¤Ð-genkeypair¥³¥Þ¥ó¥É¤Ë)¡¢Ê¸»úÎó¤Ï¼¡¤Î·Á¼°¤Ë¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£

CN=cName, OU=orgUnit, O=org, L=city, S=state, C=countryCode
¥¤¥¿¥ê¥Ã¥¯¤Î¹àÌܤϡ¢¼ÂºÝ¤Ë»ØÄꤹ¤ëÃͤòɽ¤·¤Þ¤¹¡£Ã»½Ì·Á¤Î¥­¡¼¥ï¡¼¥É¤Î°ÕÌ£¤Ï¡¢¼¡¤Î¤È¤ª¤ê¤Ç¤¹¡£
CN=commonName
OU=organizationUnit
O=organizationName
L=localityName
S=stateName
C=country
¼¡¤Ë¼¨¤¹¤Î¤Ï¡¢¼±ÊÌ̾ʸ»úÎó¤ÎÎã¤Ç¤¹¡£
CN=Mark Smith, OU=Java, O=Oracle, L=Cupertino, S=California, C=US
¤³¤Îʸ»úÎó¤ò»ÈÍѤ·¤¿¥³¥Þ¥ó¥É¤ÎÎã¤Ç¤¹¡£
keytool -genkeypair -dname "CN=Mark Smith, OU=Java, O=Oracle, L=Cupertino,
S=California, C=US" -alias mark
¥­¡¼¥ï¡¼¥É¤Îû½Ì·Á¤Ç¤Ï¡¢Âçʸ»ú¤È¾®Ê¸»ú¤Ï¶èÊ̤µ¤ì¤Þ¤»¤ó¡£¤¿¤È¤¨¤Ð¡¢CN¡¢cn¤ª¤è¤ÓCn¤Ï¡¢¤É¤ì¤âƱ¤¸¤â¤Î¤È¤·¤Æ°·¤ï¤ì¤Þ¤¹¡£

°ìÊý¡¢¥­¡¼¥ï¡¼¥É¤Î»ØÄê½ç½ø¤Ë¤Ï°ÕÌ£¤¬¤¢¤ê¡¢³Æ¥µ¥Ö¥³¥ó¥Ý¡¼¥Í¥ó¥È¤Ï¾å¤Ë¼¨¤·¤¿½ç½ø¤Ç»ØÄꤹ¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¤¿¤À¤·¡¢¥µ¥Ö¥³¥ó¥Ý¡¼¥Í¥ó¥È¤ò¤¹¤Ù¤Æ»ØÄꤹ¤ëɬÍפϤ¢¤ê¤Þ¤»¤ó¡£¤¿¤È¤¨¤Ð¡¢¼¡¤Î¤è¤¦¤Ë°ìÉô¤Î¥µ¥Ö¥³¥ó¥Ý¡¼¥Í¥ó¥È¤Î¤ß¤ò»ØÄê¤Ç¤­¤Þ¤¹¡£

CN=Steve Meier, OU=Java, O=Oracle, C=US
¼±ÊÌ̾ʸ»úÎó¤ÎÃͤ˥«¥ó¥Þ¤¬´Þ¤Þ¤ì¤ë¾ì¹ç¤Ë¡¢¥³¥Þ¥ó¥É¹Ô¤Çʸ»úÎó¤ò»ØÄꤹ¤ë¤È¤­¤Ë¤Ï¡¢¼¡¤Î¤è¤¦¤Ë¥«¥ó¥Þ¤ò¥Ð¥Ã¥¯¥¹¥é¥Ã¥·¥åʸ»ú(\)¤Ç¥¨¥¹¥±¡¼¥×¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
cn=Peter Schuster, ou=Java\, Product Development, o=Oracle, c=US
¼±ÊÌ̾ʸ»úÎó¤ò¥³¥Þ¥ó¥É¹Ô¤Ç»ØÄꤹ¤ëɬÍפϤ¢¤ê¤Þ¤»¤ó¡£¼±ÊÌ̾¤òɬÍפȤ¹¤ë¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¤È¤­¤Ë¡¢¥³¥Þ¥ó¥É¹Ô¤Ç¼±ÊÌ̾¤ò»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï¡¢³Æ¥µ¥Ö¥³¥ó¥Ý¡¼¥Í¥ó¥È¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£¤³¤Î¾ì¹ç¤Ï¡¢¥«¥ó¥Þ¤ò¥Ð¥Ã¥¯¥¹¥é¥Ã¥·¥å(\)¤Ç¥¨¥¹¥±¡¼¥×¤¹¤ëɬÍפϤ¢¤ê¤Þ¤»¤ó¡£

·Ù¹ð

¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¤Î¥¤¥ó¥Ý¡¼¥È·Ù¹ð

½ÅÍ×: ¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¤È¤·¤Æ¾ÚÌÀ½ñ¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ëÁ°¤Ë¡¢¾ÚÌÀ½ñ¤ÎÆâÍƤò¿µ½Å¤ËÄ´¤Ù¤Æ¤¯¤À¤µ¤¤¡£

Windows¤ÎÎã:

¤Þ¤º¡¢-noprompt¥ª¥×¥·¥ç¥ó¤ò»ØÄꤻ¤º¤Ë-printcert¥³¥Þ¥ó¥É¤Þ¤¿¤Ï-importcert¥³¥Þ¥ó¥É¤ò»ÈÍѤ·¤Æ¡¢¾ÚÌÀ½ñ¤òɽ¼¨¤·¤Þ¤¹¡£É½¼¨¤µ¤ì¤¿¾ÚÌÀ½ñ¤Î¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤¬¡¢´üÂÔ¤µ¤ì¤ë¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤È°ìÃפ¹¤ë¤³¤È¤ò³Îǧ¤·¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢¾ÚÌÀ½ñ¤¬Á÷¤é¤ì¤Æ¤­¤Æ¡¢¤³¤Î¾ÚÌÀ½ñ¤ò\tmp\cert¤È¤¤¤¦Ì¾Á°¤Ç¥Õ¥¡¥¤¥ë¤Ë³ÊǼ¤·¤Æ¤¤¤ë¤È¤·¤Þ¤¹¡£¤³¤Î¾ì¹ç¤Ï¡¢¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¤Î¥ê¥¹¥È¤Ë¤³¤Î¾ÚÌÀ½ñ¤òÄɲ乤ëÁ°¤Ë¡¢-printcert¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Æ¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤òɽ¼¨¤Ç¤­¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢¼¡¤Î¤è¤¦¤Ë¤·¤Þ¤¹¡£

  keytool -printcert -file \tmp\cert
    Owner: CN=ll, OU=ll, O=ll, L=ll, S=ll, C=ll
    Issuer: CN=ll, OU=ll, O=ll, L=ll, S=ll, C=ll
    Serial Number: 59092b34
    Valid from: Thu Sep 25 18:01:13 PDT 1997 until: Wed Dec 24 17:01:13 PST 1997
    Certificate Fingerprints:
         MD5:  11:81:AD:92:C8:E5:0E:A2:01:2E:D4:7A:D7:5F:07:6F
         SHA1: 20:B6:17:FA:EF:E5:55:8A:D0:71:1F:E8:D6:9D:C0:37:13:0E:5E:FE
         SHA256: 90:7B:70:0A:EA:DC:16:79:92:99:41:FF:8A:FE:EB:90:
                 17:75:E0:90:B2:24:4D:3A:2A:16:A6:E4:11:0F:67:A4

Oracle Solaris¤ÎÎã:

¤Þ¤º¡¢-noprompt¥ª¥×¥·¥ç¥ó¤ò»ØÄꤻ¤º¤Ë-printcert¥³¥Þ¥ó¥É¤Þ¤¿¤Ï-importcert¥³¥Þ¥ó¥É¤ò»ÈÍѤ·¤Æ¡¢¾ÚÌÀ½ñ¤òɽ¼¨¤·¤Þ¤¹¡£É½¼¨¤µ¤ì¤¿¾ÚÌÀ½ñ¤Î¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤¬¡¢´üÂÔ¤µ¤ì¤ë¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤È°ìÃפ¹¤ë¤³¤È¤ò³Îǧ¤·¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢¤¢¤ë¥æ¡¼¥¶¡¼¤«¤é¾ÚÌÀ½ñ¤¬Á÷¤é¤ì¤Æ¤­¤Æ¡¢¤³¤Î¾ÚÌÀ½ñ¤ò/tmp/cert¤È¤¤¤¦Ì¾Á°¤Ç¥Õ¥¡¥¤¥ë¤Ë³ÊǼ¤·¤Æ¤¤¤ë¤È¤·¤Þ¤¹¡£¤³¤Î¾ì¹ç¤Ï¡¢¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¤Î¥ê¥¹¥È¤Ë¤³¤Î¾ÚÌÀ½ñ¤òÄɲ乤ëÁ°¤Ë¡¢-printcert¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Æ¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤òɽ¼¨¤Ç¤­¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢¼¡¤Î¤è¤¦¤Ë¤·¤Þ¤¹¡£

  keytool -printcert -file /tmp/cert
    Owner: CN=ll, OU=ll, O=ll, L=ll, S=ll, C=ll
    Issuer: CN=ll, OU=ll, O=ll, L=ll, S=ll, C=ll
    Serial Number: 59092b34
    Valid from: Thu Sep 25 18:01:13 PDT 1997 until: Wed Dec 24 17:01:13 PST 1997
    Certificate Fingerprints:
         MD5:  11:81:AD:92:C8:E5:0E:A2:01:2E:D4:7A:D7:5F:07:6F
         SHA1: 20:B6:17:FA:EF:E5:55:8A:D0:71:1F:E8:D6:9D:C0:37:13:0E:5E:FE
         SHA256: 90:7B:70:0A:EA:DC:16:79:92:99:41:FF:8A:FE:EB:90:
                 17:75:E0:90:B2:24:4D:3A:2A:16:A6:E4:11:0F:67:A4

¼¡¤Ë¡¢¾ÚÌÀ½ñ¤òÁ÷¿®¤·¤¿¿Íʪ¤ËÏ¢Íí¤·¡¢¤³¤Î¿Íʪ¤¬Ä󼨤·¤¿¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤È¡¢¾å¤Î¥³¥Þ¥ó¥É¤Çɽ¼¨¤µ¤ì¤¿¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤È¤òÈæ³Ó¤·¤Þ¤¹¡£¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤¬°ìÃפ¹¤ì¤Ð¡¢Á÷¿®ÅÓÃæ¤Ç¾¤Î²¿¼Ô¤«(¹¶·â¼Ô¤Ê¤É)¤Ë¤è¤ë¾ÚÌÀ½ñ¤Î¤¹¤êÂؤ¨¤¬¹Ô¤ï¤ì¤Æ¤¤¤Ê¤¤¤³¤È¤ò³Îǧ¤Ç¤­¤Þ¤¹¡£Á÷¿®ÅÓÃæ¤Ç¤³¤Î¼ï¤Î¹¶·â¤¬¹Ô¤ï¤ì¤Æ¤¤¤¿¾ì¹ç¡¢¥Á¥§¥Ã¥¯¤ò¹Ô¤ï¤º¤Ë¾ÚÌÀ½ñ¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ë¤È¡¢¹¶·â¼Ô¤Ë¤è¤Ã¤Æ½ð̾¤µ¤ì¤¿¤¹¤Ù¤Æ¤Î¤â¤Î(¹¶·âŪ°Õ¿Þ¤ò»ý¤Ä¥¯¥é¥¹¡¦¥Õ¥¡¥¤¥ë¤ò´Þ¤ó¤ÀJAR¥Õ¥¡¥¤¥ë¤Ê¤É)¤ò¿®Íꤹ¤ë¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£

Ãí°Õ: ¾ÚÌÀ½ñ¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ëÁ°¤Ë-printcert¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ëɬÍפϤ¢¤ê¤Þ¤»¤ó¡£¥­¡¼¥¹¥È¥¢Æâ¤Î¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¤Î¥ê¥¹¥È¤Ë¾ÚÌÀ½ñ¤òÄɲ乤ëÁ°¤Ë¡¢-importcert¥³¥Þ¥ó¥É¤Ë¤è¤Ã¤Æ¾ÚÌÀ½ñ¤Î¾ðÊó¤¬É½¼¨¤µ¤ì¡¢³Îǧ¤òµá¤á¤ë¥á¥Ã¥»¡¼¥¸¤¬É½¼¨¤µ¤ì¤ë¤¿¤á¤Ç¤¹¡£¥æ¡¼¥¶¡¼¤Ï¥¤¥ó¥Ý¡¼¥ÈÁàºî¤òÄä»ß¤Ç¤­¤Þ¤¹¡£¤¿¤À¤·¡¢¤³¤ì¤ò¼Â¹Ô¤Ç¤­¤ë¤Î¤Ï¡¢-noprompt¥ª¥×¥·¥ç¥ó¤ò»ØÄꤻ¤º¤Ë-importcert¥³¥Þ¥ó¥É¤ò¸Æ¤Ó½Ð¤¹¾ì¹ç¤Î¤ß¤Ç¤¹¡£-noprompt¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢¥æ¡¼¥¶¡¼¤È¤ÎÂÐÏäϹԤï¤ì¤Þ¤»¤ó¡£

¥Ñ¥¹¥ï¡¼¥É·Ù¹ð

¥­¡¼¥¹¥È¥¢¤ËÂФ¹¤ëÁàºî¤ò¹Ô¤¦¤Û¤È¤ó¤É¤Î¥³¥Þ¥ó¥É¤Ç¤Ï¡¢¥¹¥È¥¢¤Î¥Ñ¥¹¥ï¡¼¥É¤¬É¬ÍפǤ¹¡£¤Þ¤¿¡¢°ìÉô¤Î¥³¥Þ¥ó¥É¤Ç¤Ï¡¢Èó¸ø³«/ÈëÌ©¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤¬É¬Íפˤʤ뤳¤È¤¬¤¢¤ê¤Þ¤¹¡£¥Ñ¥¹¥ï¡¼¥É¤Ï¥³¥Þ¥ó¥É¹Ô¤Ç»ØÄê¤Ç¤­¤Þ¤¹(-storepass¥ª¥×¥·¥ç¥ó¤È-keypass¥ª¥×¥·¥ç¥ó¤ò»ÈÍÑ)¡£¤¿¤À¤·¡¢¥Æ¥¹¥ÈÌÜŪ¤Î¾ì¹ç¡¢¤Þ¤¿¤Ï¥»¥­¥å¥¢¤Ê¥·¥¹¥Æ¥à¤ò»ÈÍѤ·¤Æ¤¤¤ë¾ì¹ç°Ê³°¤Ï¡¢¥³¥Þ¥ó¥É¹Ô¤ä¥¹¥¯¥ê¥×¥È¤Ç¥Ñ¥¹¥ï¡¼¥É¤ò»ØÄꤷ¤Ê¤¤¤Ç¤¯¤À¤µ¤¤¡£É¬Íפʥѥ¹¥ï¡¼¥É¤Î¥ª¥×¥·¥ç¥ó¤ò¥³¥Þ¥ó¥É¹Ô¤Ç»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï¡¢¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£

¾ÚÌÀ½ñ¤Î½àµò¤Ë´Ø¤¹¤ë·Ù¹ð

¥¤¥ó¥¿¡¼¥Í¥Ã¥Èɸ½àRFC 5280¤Ç¤Ï¡¢X.509¾ÚÌÀ½ñ¤Î½àµò¤Ë´Ø¤¹¤ë¥×¥í¥Õ¥¡¥¤¥ë¤¬ÄêµÁ¤µ¤ì¤Æ¤ª¤ê¡¢¾ÚÌÀ½ñ¤Î¥Õ¥£¡¼¥ë¥É¤ª¤è¤Ó¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤ËÍ­¸ú¤ÊÃͤª¤è¤ÓÃͤÎÁȹ礻¤¬µ­ºÜ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£É¸½à¤Ë¤Ä¤¤¤Æ¤Ï¡¢ http://tools.ietf.org/rfc/rfc5280.txt¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤

keytool¥³¥Þ¥ó¥É¤Ç¤Ï¡¢¤³¤ì¤é¤Î¥ë¡¼¥ë¤¹¤Ù¤Æ¤¬Å¬ÍѤµ¤ì¤ë¤ï¤±¤Ç¤Ï¤Ê¤¤¤¿¤á¡¢É¸½à¤Ë½àµò¤·¤Ê¤¤¾ÚÌÀ½ñ¤òÀ¸À®¤Ç¤­¤Þ¤¹¡£É¸½à¤Ë½àµò¤·¤Ê¤¤¾ÚÌÀ½ñ¤Ï¡¢JRE¤ä¾¤Î¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÇµñÈݤµ¤ì¤ë¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£¥æ¡¼¥¶¡¼¤Ï¡¢-dname¤ä-ext¤Ê¤É¤ÇŬÀµ¤Ê¥ª¥×¥·¥ç¥ó¤ò»ØÄꤹ¤ë¤è¤¦¤Ë¤·¤Æ¤¯¤À¤µ¤¤¡£

Ãí°Õ

¿·¤·¤¤¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¤Î¥¤¥ó¥Ý¡¼¥È

keytool¥³¥Þ¥ó¥É¤Ï¡¢¥­¡¼¥¹¥È¥¢¤Ë¾ÚÌÀ½ñ¤òÄɲ乤ëÁ°¤Ë¡¢¥­¡¼¥¹¥È¥¢Æâ¤Ë¤¹¤Ç¤Ë¸ºß¤¹¤ë¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¤ò»ÈÍѤ·¤Æ¡¢¥¤¥ó¥Ý¡¼¥È¤¹¤ë¾ÚÌÀ½ñ¤«¤é(¥ë¡¼¥ÈCA¤Î)¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Ë»ê¤ë¤Þ¤Ç¤Î¿®Íê¤Î¥Á¥§¡¼¥ó¤Î¹½ÃÛ¤ò»î¤ß¤Þ¤¹¡£

-trustcacerts¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤¿¾ì¹ç¡¢ÄɲäξÚÌÀ½ñ¤Ï¿®Íê¤Ç¤­¤ë¤¹¤Ê¤ï¤Ácacerts¤È¤¤¤¦Ì¾Á°¤Î¥Õ¥¡¥¤¥ë¤Ë´Þ¤Þ¤ì¤ë¾ÚÌÀ½ñ¤Î¥Á¥§¡¼¥ó¤È¤ß¤Ê¤µ¤ì¤Þ¤¹¡£

keytool¥³¥Þ¥ó¥É¤¬¡¢¥¤¥ó¥Ý¡¼¥È¤¹¤ë¾ÚÌÀ½ñ¤«¤é¼«¸Ê½ð̾¾ÚÌÀ½ñ(¥­¡¼¥¹¥È¥¢¤Þ¤¿¤Ïcacerts¥Õ¥¡¥¤¥ë¤Ë´Þ¤Þ¤ì¤Æ¤¤¤ë¼«¸Ê½ð̾¾ÚÌÀ½ñ)¤Ë»ê¤ë¤Þ¤Ç¤Î¿®Íê¤Î¥Ñ¥¹¤Î¹½Ãۤ˼ºÇÔ¤·¤¿¾ì¹ç¤Ï¡¢¥¤¥ó¥Ý¡¼¥È¤¹¤ë¾ÚÌÀ½ñ¤Î¾ðÊó¤òɽ¼¨¤·¡¢¥æ¡¼¥¶¡¼¤Ë³Îǧ¤òµá¤á¤Þ¤¹¡£¤³¤Î¾ì¹ç¤Ï¡¢É½¼¨¤µ¤ì¤¿¾ÚÌÀ½ñ¤Î¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤È¡¢Â¾¤Î¤Ê¤ó¤é¤«¤Î(¿®Íê¤Ç¤­¤ë)¾ðÊó¸»(¾ÚÌÀ½ñ¤Î½êÍ­¼Ô¤Ê¤É)¤«¤éÆþ¼ê¤·¤¿¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤È¤òÈæ³Ó¤·¤Þ¤¹¡£¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¤È¤·¤Æ¾ÚÌÀ½ñ¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ë¤È¤­¤Ï¡¢¾ÚÌÀ½ñ¤¬Í­¸ú¤Ç¤¢¤ë¤³¤È¤ò¿µ½Å¤Ë³Îǧ¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¤Î¥¤¥ó¥Ý¡¼¥È·Ù¹ð¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£¥¤¥ó¥Ý¡¼¥ÈÁàºî¤Ï¡¢¾ÚÌÀ½ñ¤ò³Îǧ¤¹¤ë»þÅÀ¤ÇÃæ»ß¤Ç¤­¤Þ¤¹¡£-noprompt¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢¥æ¡¼¥¶¡¼¤È¤ÎÂÐÏäϹԤï¤ì¤Þ¤»¤ó¡£

¾ÚÌÀ½ñ±þÅú¤Î¥¤¥ó¥Ý¡¼¥È

¾ÚÌÀ½ñ±þÅú¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ë¤È¤­¤Ï¡¢¥­¡¼¥¹¥È¥¢Æâ¤Î¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¡¢¤ª¤è¤Ó(-trustcacerts¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ï)cacerts¥­¡¼¥¹¥È¥¢¡¦¥Õ¥¡¥¤¥ë¤Ç¹½À®¤µ¤ì¤¿¾ÚÌÀ½ñ¤ò»ÈÍѤ·¤Æ¾ÚÌÀ½ñ±þÅú¤¬¸¡ºº¤µ¤ì¤Þ¤¹¡£cacerts¾ÚÌÀ½ñ¥Õ¥¡¥¤¥ë¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£

¾ÚÌÀ½ñ±þÅú¤¬¿®Íê¤Ç¤­¤ë¤«¤É¤¦¤«¤ò·èÄꤹ¤ëÊýË¡¤Ï¼¡¤Î¤È¤ª¤ê¤Ç¤¹¡£

•¾ÚÌÀ½ñ±þÅú¤¬Ã±°ì¤ÎX.509¾ÚÌÀ½ñ¤Ç¤¢¤ë¾ì¹ç¡¢keytool¥³¥Þ¥ó¥É¤Ï¡¢¾ÚÌÀ½ñ±þÅú¤«¤é(¥ë¡¼¥ÈCA¤Î)¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Ë»ê¤ë¤Þ¤Ç¤Î¿®Íê¥Á¥§¡¼¥ó¤Î³ÎΩ¤ò»î¤ß¤Þ¤¹¡£¾ÚÌÀ½ñ±þÅú¤È¡¢¾ÚÌÀ½ñ±þÅú¤Îǧ¾Ú¤Ë»ÈÍѤµ¤ì¤ë¾ÚÌÀ½ñ¤Î³¬Áع½Â¤¤Ï¡¢alias¤Î¿·¤·¤¤¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤ò·ÁÀ®¤·¤Þ¤¹¡£¿®Íê¥Á¥§¡¼¥ó¤¬³ÎΩ¤µ¤ì¤Ê¤¤¾ì¹ç¡¢¾ÚÌÀ½ñ±þÅú¤Ï¥¤¥ó¥Ý¡¼¥È¤µ¤ì¤Þ¤»¤ó¡£¤³¤Î¾ì¹ç¡¢keytool¥³¥Þ¥ó¥É¤Ï¾ÚÌÀ½ñ¤ò½ÐÎϤ»¤º¡¢¥æ¡¼¥¶¡¼¤Ë¸¡¾Ú¤òµá¤á¤ë¥×¥í¥ó¥×¥È¤òɽ¼¨¤·¤Þ¤¹¡£¥æ¡¼¥¶¡¼¤¬¾ÚÌÀ½ñ±þÅú¤Î¿®ÍêÀ­¤òȽÃǤ¹¤ë¤Î¤ÏÈó¾ï¤ËÆñ¤·¤¤¤¿¤á¤Ç¤¹¡£
•¾ÚÌÀ½ñ±þÅú¤¬PKCS#7·Á¼°¤Î¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Þ¤¿¤Ï°ìÏ¢¤ÎX.509¾ÚÌÀ½ñ¤Ç¤¢¤ë¾ì¹ç¡¢¥Á¥§¡¼¥ó¤Ï¡¢¥æ¡¼¥¶¡¼¤Î¾ÚÌÀ½ñ¤¬ºÇ½é¤Ë¡¢0°Ê¾å¤ÎCA¾ÚÌÀ½ñ¤¬¤½¤Î¼¡¤Ë¤¯¤ë¤è¤¦¤Ëʤ٤é¤ì¤Þ¤¹¡£¥Á¥§¡¼¥ó¤¬¼«¸Ê½ð̾¤Î¥ë¡¼¥ÈCA¾ÚÌÀ½ñ¤Ç½ª¤ï¤ê¡¢ -trustcacerts¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢keytool¥³¥Þ¥ó¥É¤Ï¡¢¤½¤Î¾ÚÌÀ½ñ¤È¡¢¥­¡¼¥¹¥È¥¢Æâ¤Þ¤¿¤Ïcacerts¥­¡¼¥¹¥È¥¢¡¦¥Õ¥¡¥¤¥ëÆâ¤Î¿®Íê¤Ç¤­¤ë¤¹¤Ù¤Æ¤Î¾ÚÌÀ½ñ¤ò¾È¹ç¤·¤è¤¦¤È¤·¤Þ¤¹¡£¥Á¥§¡¼¥ó¤¬¼«¸Ê½ð̾¤Î¥ë¡¼¥ÈCA¾ÚÌÀ½ñ¤Ç½ª¤ï¤Ã¤Æ¤ª¤é¤º¡¢-trustcacerts¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢keytool¥³¥Þ¥ó¥É¤Ï¡¢¥­¡¼¥¹¥È¥¢Æâ¤Þ¤¿¤Ïcacerts¥­¡¼¥¹¥È¥¢¡¦¥Õ¥¡¥¤¥ëÆâ¤Î¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¤«¤é¼«¸Ê½ð̾¤Î¥ë¡¼¥ÈCA¾ÚÌÀ½ñ¤ò¸«¤Ä¤±¤Æ¤½¤ì¤ò¥Á¥§¡¼¥ó¤ÎËöÈø¤ËÄɲ䷤褦¤È¤·¤Þ¤¹¡£¤½¤Î¾ÚÌÀ½ñ¤¬¸«¤Ä¤«¤é¤º¡¢-noprompt¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¡¢¥Á¥§¡¼¥óÆâ¤ÎºÇ¸å¤Î¾ÚÌÀ½ñ¤Î¾ðÊ󤬽ÐÎϤµ¤ì¡¢¥æ¡¼¥¶¡¼¤Ï³Îǧ¤òµá¤á¤é¤ì¤Þ¤¹¡£

¾ÚÌÀ½ñ±þÅúÆâ¤Î¸ø³«¸°¤¬alias¤Ç¤¹¤Ç¤Ë³ÊǼ¤µ¤ì¤Æ¤¤¤ë¥æ¡¼¥¶¡¼¤Î¸ø³«¸°¤Ë°ìÃפ·¤¿¾ì¹ç¡¢¸Å¤¤¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤¬±þÅúÆâ¤Î¿·¤·¤¤¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤ÇÃÖ¤­´¹¤¨¤é¤ì¤Þ¤¹¡£°ÊÁ°¤Î¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤òÍ­¸ú¤Êkeypass¤ÇÃÖ¤­´¹¤¨¤ë¤³¤È¤¬¤Ç¤­¤ë¤Î¤Ï¡¢¥¨¥ó¥È¥ê¤ÎÈëÌ©¸°¤òÊݸ¤ë¤¿¤á¤Î¥Ñ¥¹¥ï¡¼¥É¤ò»ØÄꤷ¤¿¾ì¹ç¤Î¤ß¤Ç¤¹¡£¥Ñ¥¹¥ï¡¼¥É¤ò»ØÄꤷ¤Æ¤ª¤é¤º¡¢ÈëÌ©¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤¬¥­¡¼¥¹¥È¥¢¤Î¥Ñ¥¹¥ï¡¼¥É¤È°Û¤Ê¤ë¾ì¹ç¤Ï¡¢ÈëÌ©¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£

¤³¤Î¥³¥Þ¥ó¥É¤Ï¡¢°ÊÁ°¤Î¥ê¥ê¡¼¥¹¤Ç¤Ï-import¤È¤¤¤¦Ì¾Á°¤Ç¤·¤¿¡£¤³¤Î¥ê¥ê¡¼¥¹¤Ç¤Ï¡¢°ú¤­Â³¤­¸Å¤¤Ì¾Á°¤¬¥µ¥Ý¡¼¥È¤µ¤ì¤Æ¤¤¤Þ¤¹¡£º£¸å¤Ï¡¢¿·¤·¤¤Ì¾Á°-importcert¤¬Í¥À褵¤ì¤Þ¤¹¡£

´ØÏ¢¹àÌÜ

•jar(1)
•jarsigner(1)
http://docs.oracle.com/javase/tutorial/security/index.html¤Ë¤¢¤ë ¡Ö¥³¡¼¥¹: Java SE¤Î¥»¥­¥å¥ê¥Æ¥£µ¡Ç½¡×
2015ǯ3·î3Æü JDK 8