一、生成PEM文件

这里以邮件发送接口为例https://api.mailgun.net/v3/,首先运行以下命令:

openssl s_client -host api.mailgun.net -port  -prexit -showcerts

执行结果如下:

CONNECTED()

depth= C = US, O = "thawte, Inc.", CN = thawte SHA256 SSL CA

verify error:num=:unable to get local issuer certificate

---

Certificate chain

  s:/C=US/ST=Texas/L=San Antonio/O=Rackspace US, Inc/OU=Mailgun/CN=*.mailgun.com

   i:/C=US/O=thawte, Inc./CN=thawte SHA256 SSL CA

-----BEGIN CERTIFICATE-----

MIIGRjCCBS6gAwIBAgIQcPBE+lQWtps2UTd0ornMgjANBgkqhkiG9w0BAQsFADBD

MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMR0wGwYDVQQDExR0

aGF3dGUgU0hBMjU2IFNTTCBDQTAeFw0xNjAyMDkwMDAwMDBaFw0xODA0MDgyMzU5

NTlaMHkxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIEwVUZXhhczEUMBIGA1UEBxQLU2Fu

IEFudG9uaW8xGjAYBgNVBAoUEVJhY2tzcGFjZSBVUywgSW5jMRAwDgYDVQQLFAdN

YWlsZ3VuMRYwFAYDVQQDFA0qLm1haWxndW4uY29tMIIBIjANBgkqhkiG9w0BAQEF

AAOCAQ8AMIIBCgKCAQEAyzQJUmOuQsksJ+ypj6ndmfkmFa39aXZKxIsvVSSmGSqU

upFO3awNDo4aaGnjjN8OFwHQozthBfNz04RDKgV0E22gyrrOOpCd88mHokJKeV04

TVc93/MQYAVQQ3Ou7b/GafuFcDu1Z5s+YgN1iMEXR4iMczlFsS1SzWZ03WOFeEGn

xR31n6wLoOwcBEvD58v4zANntM9Ajwv0UHpd72nzBpwVFQYwY3vQrfK/5E5nbWJf

cixs85Ube9L5ID71d49f9XRctPLvAINkktjvAu627WGg9Vs2KmzfXd+xJTcjZdpH

WcW/PohxCZfyIaVP2tf5b7JwJFYp4ZkKt8KH8CR/5QIDAQABo4IC/jCCAvowJQYD

VR0RBB4wHIINKi5tYWlsZ3VuLmNvbYILbWFpbGd1bi5jb20wCQYDVR0TBAIwADBu

BgNVHSAEZzBlMGMGBmeBDAECAjBZMCYGCCsGAQUFBwIBFhpodHRwczovL3d3dy50

aGF3dGUuY29tL2NwczAvBggrBgEFBQcCAjAjDCFodHRwczovL3d3dy50aGF3dGUu

Y29tL3JlcG9zaXRvcnkwDgYDVR0PAQH/BAQDAgWgMB8GA1UdIwQYMBaAFCuaNa4B

GDgw4XB6BeARdqPOvZAUMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly90Zy5zeW1j

Yi5jb20vdGcuY3JsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBXBggr

BgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly90Zy5zeW1jZC5jb20wJgYI

KwYBBQUHMAKGGmh0dHA6Ly90Zy5zeW1jYi5jb20vdGcuY3J0MIIBfgYKKwYBBAHW

eQIEAgSCAW4EggFqAWgAdgDd6x0reg1PpiCLga2BaHB+Lo6dAdVciI09EcTNtuy+

zAAAAVLIMQUYAAAEAwBHMEUCIQDw4Wpn51ujDWjQefvSO+c+nyE3RqkV6dw6XFEN

eA8pugIgIxMLVoe+r1/MvLT4j3A9n7VexNSTQi1av1iMMGhnh5IAdgCkuQmQtBhY

FIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAVLIMQVLAAAEAwBHMEUCIQCBXz+e

sY2e3s4yN4gMKxHyg5aeB+5l8CN4/EG9PRDPIwIgb4nJn6xUKjEgLkSOOrfjejS+

HbAHHOZrWs7cAgc774gAdgBo9pj4H2SCvjqM7rkoHUz8cVFdZ5PURNEKZ6y7T0/

xAAAAVLIMQVHAAAEAwBHMEUCIH5+Rt1+ohQPjiGesEqJomZv8/LnuFE7RCTi1dai

Xk8sAiEAqycC8AGehR5pBhWUpGlx3IOXzA2EKda90FLF2Koq9D0wDQYJKoZIhvcN

AQELBQADggEBACPqESoobL82TMXdGGbGQoTu03Bk+9lL0uxOSzGP+TJnjrb4b7p4

SvaM/z8XIKmgT3z3BP/wjyTN71BLVbamdLjcfHnNA6AYHE/sv91enmmCExsSN5Yd

JWttWO8kk7pa944dOJ1vhPBmd3uGyTX1LuFTPe0++yUJvfv0dwvL/f7VFqM8ZYTO

bf9BwQf7OedInr5qQaGHGenOFJStiNalotvmivBnzkrFT8xkK4f3tq73v5iT+Cyl

MMLNho6OlLp4YNeUgglcmv2xv+HynkeWZeiIDtLsHceEdiOEP1FlkXT+BWJID2v4

M4CQfAVIzBQ/iNo+Dm9SHcae02JwWSGxeSM=

-----END CERTIFICATE-----

  s:/C=US/O=thawte, Inc./CN=thawte SHA256 SSL CA

   i:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c)  thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G3

-----BEGIN CERTIFICATE-----

MIIEwjCCA6qgAwIBAgIQNjSeGMmcJmm2Vi5s5a1xMjANBgkqhkiG9w0BAQsFADCB

rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf

Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw

MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV

BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0xMzA1MjMwMDAwMDBa

Fw0yMzA1MjIyMzU5NTlaMEMxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUs

IEluYy4xHTAbBgNVBAMTFHRoYXd0ZSBTSEEyNTYgU1NMIENBMIIBIjANBgkqhkiG

9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo2Mr1LpdOK6wz7lMON8gffErR3Edi2jzVvmc

2qrlhCbepXEwvPMxI53oO4DIZld1tlcO25P1Jo5wumRSZooqiFxEGE2oony9VmEy

kBL5NYdIYLBukGdEAY3nyQ1jaHJyq2M8hrgffa2IJadqiCn7WcZ4cV8suonm04D9

V+y5UV9DMy5+JTukBNFgjLNEM5MMrSq2RKIZO6/EkG97BYeGmyxqnStsd8kAn8nP

rO0+G/fD89n4bNSgV8T7KDKqM/Dmupjf5cJOnHS/ikjC8hvwd0BBBwSyOtVMxCmp

EUA/AkbwkdXSgYOGE7Mx7UarqId2qZl9vM0xUPSltdylMrOLiwIDAQABo4IBRDCC

AUAwMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC50aGF3

dGUuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAwQQYDVR0gBDowODA2BgpghkgBhvhF

AQc2MCgwJgYIKwYBBQUHAgEWGmh0dHBzOi8vd3d3LnRoYXd0ZS5jb20vY3BzMDcG

A1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQQ0Et

RzMuY3JsMA4GA1UdDwEB/wQEAwIBBjAqBgNVHREEIzAhpB8wHTEbMBkGA1UEAxMS

VmVyaVNpZ25NUEtJLTItNDE1MB0GA1UdDgQWBBQrmjWuARg4MOFwegXgEXajzr2Q

FDAfBgNVHSMEGDAWgBStbKqUYJzt5P/6Pgp0K2MD97ZZvzANBgkqhkiG9w0BAQsF

AAOCAQEAdKZW6K+Tlhn7JvkNsESlzel6SAN0AWwTcbfggpCZYiPj1pmv8McenqgY

Idu0lD80VhuZVS+O8EUzMrdywRNbNNP1YOUuGNFcxWrBqodQDBydZCv/G9zVLmEL

57m2kVOG2QMq0T17StorB74p8mBCqZEaDi480X2lExQC+u6LjbbIuD5WgVchJD9l

w7TJzlyNRqxT8/lVdMgr/dJ4cPX4EeX0p60g9Z3x7HD2E6zmjI3bP8byeQ6rUvLM

G3knzxaz1vPGNoBD7MWU8N2QjfjGUkZW63RHvqbzGa5xTMDh59TP7dQGKCoRPLrZ

QW4A54E3k+TaYsYdZ29jtBSG2aZi8A==

-----END CERTIFICATE-----

---

Server certificate

subject=/C=US/ST=Texas/L=San Antonio/O=Rackspace US, Inc/OU=Mailgun/CN=*.mailgun.com

issuer=/C=US/O=thawte, Inc./CN=thawte SHA256 SSL CA

---

No client certificate CA names sent

Peer signing digest: SHA512

Server Temp Key: ECDH, P-,  bits

---

SSL handshake has read  bytes and written  bytes

---

New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256

Server public key is  bit

Secure Renegotiation IS supported

Compression: NONE

Expansion: NONE

No ALPN negotiated

SSL-Session:

    Protocol  : TLSv1.

    Cipher    : ECDHE-RSA-AES128-GCM-SHA256

    Session-ID: E279B2FA33421D0A68D77E6405256671A7E0438D8F61C9A85FB67ABE40B07437

    Session-ID-ctx:

    Master-Key: 9A46CDBA8230B31F0AD744A49AEB97D44346DD26687689C5BF52A1F93BC4F0EFC4A8DFCD1F38DE35FF6007E4823ED0C7

    Key-Arg   : None

    PSK identity: None

    PSK identity hint: None

    SRP username: None

    Start Time:

    Timeout   :  (sec)

    Verify return code:  (unable to get local issuer certificate)

---

将输出内容保存为pem文件,这里我保存为名为mailgun.pem的文件。

二、将证书导入truststore文件

cp $JAVA_HOME/jre/lib/security/cacerts  trustore

本质上keyStore和strustStore文件格式上是一回事,keyStore存的一般是私钥,trustStore存放的是公钥。

导入证书(初始密码是changeit):

keytool -import -alias gca -file mailgun.pem -keystore truststore

导入成功会有提示。GOOD LUCK

三、参考

https://www.cloudera.com/documentation/enterprise/5-8-x/topics/cm_sg_create_key_trust.html

获得网址的Https的SSL证书并且保存到truststore的更多相关文章

  1. Https系列之二:https的SSL证书在服务器端的部署,基于tomcat,spring boot

    Https系列会在下面几篇文章中分别作介绍: 一:https的简单介绍及SSL证书的生成二:https的SSL证书在服务器端的部署,基于tomcat,spring boot三:让服务器同时支持http ...

  2. Https系列之四:https的SSL证书在Android端基于okhttp,Retrofit的使用

    Https系列会在下面几篇文章中分别作介绍: 一:https的简单介绍及SSL证书的生成二:https的SSL证书在服务器端的部署,基于tomcat,spring boot三:让服务器同时支持http ...

  3. windows Apache 环境下配置支持HTTPS的SSL证书

    windows Apache 环境下配置支持HTTPS的SSL证书 1.准备工作 1)在设置Apache + SSL之前, 需要做: 安装Apache, 下载安装Apache时请下载带有SSL版本的A ...

  4. Nginx https免费SSL证书配置指南

    生成证书 $ cd /usr/local/nginx/conf $ openssl genrsa -des3 -out server.key 1024 $ openssl req -new -key  ...

  5. [整理]HTTPS和SSL证书

    在互联网安全通信方式上,目前用的最多的就是https配合ssl和数字证书来保证传输和认证安全了.本文追本溯源围绕这个模式谈一谈. 名词解释 首先解释一下上面的几个名词: • https:在http(超 ...

  6. HTTPS的SSL证书配置

    SSL证书 TOMCAT7.0部署_百度经验https://jingyan.baidu.com/article/7082dc1c65066be40a89bda8.html SSL证书安装指引 - 青春 ...

  7. 为什么各大网站都纷纷用起了https?哪些网站需要https(SSL证书)

    其实最近我也在易维信网站的开发组内讨论应用全站https事宜. 其原因非常简单. 因为不断接到用户投诉说网站上出现影响浏览体验的大面积广告. 可是网站平常只针对未登录用户在顶栏和底栏打两小条广告.而且 ...

  8. HTTPS请求 SSL证书验证

    import urllib2 url = "https://www.12306.cn/mormhweb/" headers = {"User-Agent": & ...

  9. HTTPS和SSL证书

    1. HTTPS工作原理 HTTPS在传输数据之前需要客户端(浏览器)与服务端(网站)之间进行一次握手,(目的是安全的获得对称密钥用户后续传输加密)过程的简单描述如下: a).浏览器讲自己支持的多个加 ...

随机推荐

  1. scala学习手记29 - 偏应用函数

    调用函数可以说成是将函数应用于实参.如果传入所有的预期的参数,就完全应用了这个函数.如果只传入几个参数,就会得到一个偏应用函数. 偏应用函数是一个特殊的概念,在scala中它是使用val定义的,但是在 ...

  2. 七 web爬虫讲解2—urllib库爬虫—状态吗—异常处理—浏览器伪装技术、设置用户代理

    如果爬虫没有异常处理,那么爬行中一旦出现错误,程序将崩溃停止工作,有异常处理即使出现错误也能继续执行下去 1.常见状态吗 301:重定向到新的URL,永久性302:重定向到临时URL,非永久性304: ...

  3. MySQL连接中出现大量的 init 状态问题

    最怕的就是睡一觉醒来,系统出了问题. 大早系统无法登陆,以前没有经验的同学code的代码,竟然 try catch 没有记录异常日志信息. 查的问题一点头绪都没有,一直锁定在公司公共网关接口出了问题. ...

  4. Linux文件的默认权限:umask

    1. 文件的默认权限 Linux下当我们新建一个文件和目录时,该文件和目录的默认权限是什么? 通过umask命令来查看: $ umask0002 $ umask -Su=rwx,g=rwx,o=rx ...

  5. [转载]Java动态填充word文档并上传到服务器

    一. 需求背景 在一些特殊应用场合,客户希望在服务器上生成文档的同时并填充数据,客户端的页面不显示打开文档,但是服务器上生成文档对服务器压力很大,目前服务器上生成文档第一种就是方式是jacob, 但是 ...

  6. LeetCode OJ:Palindrome Linked List(回文链表判断)

    Given a singly linked list, determine if it is a palindrome. Follow up:Could you do it in O(n) time ...

  7. C++轮子队 敏捷冲刺

    团队Github地址:https://github.com/Pryriat/2048.git 敏捷开发——第1天 Alpha阶段第1次Scrum Meeting 敏捷开发起始时间 2018/10/27 ...

  8. OLE剪切板与拖拽

    https://www.xuebuyuan.com/1074399.html https://blog.csdn.net/uda1985/article/details/6179801

  9. golang日期转字符串,仿照C#中的日期格式结构体

    1.日期格式集合.日期转字符串方法 package util import ( "strings" "time" ) //日期格式:模仿java中的结构体 ty ...

  10. Markdown list状态下插入代码

    /***************************************************************************** * Markdown list状态下插入代 ...