璇佷功姒傝堪錛?/strong>
ICM鏈嶅姟鍣ㄨ瘉涔?鐢變腑闂碈A絳懼彂 涓棿CA鐢盋A絳懼彂
UCGW瀹㈡埛绔瘉涔?鐢變腑闂碈A絳懼彂 涓棿CA鐢盋A絳懼彂
璇佷功絳懼彂榪囩▼錛?/strong>
鍒涘緩ICM鑷璇佷功
ICM鏈嶅姟鍣ㄨ瘉涔?鐢變腑闂碈A絳懼彂 涓棿CA鐢盋A絳懼彂
UCGW瀹㈡埛绔瘉涔?鐢變腑闂碈A絳懼彂 涓棿CA鐢盋A絳懼彂
璇佷功絳懼彂榪囩▼錛?/strong>
鍒涘緩ICM鑷璇佷功
keytool -genkey -dname "CN=mars_icm, OU=rv, O=rcd, L=ZB, ST=bj, C=China" -alias icm -keyalg RSA -keystore temp/iview.keystore -keypass 111111 -storepass 111111 -validity 60
keytool -certreq -alias icm -keypass 111111 -file "temp/icm.self.csr" -keystore "temp/iview.keystore" -storepass 111111
keytool -export -alias icm -keystore temp/iview.keystore -storepass 111111 -rfc -file temp/icm.self.cer
鍒涘緩UCGW鑷璇佷功
keytool -genkey -dname "CN=mars_UCGW, OU=rv, O=rcd, L=ZB, ST=bj, C=China" -alias ucgw -keyalg RSA -keystore temp/ucgw.keystore -keypass 111111 -storepass 111111 -validity 60
keytool -certreq -alias ucgw -keypass 111111 -file "temp/ucgw.self.csr" -keystore "temp/ucgw.keystore" -storepass 111111
keytool -export -alias ucgw -keystore temp/ucgw.keystore -storepass 111111 -rfc -file temp/ucgw.self.cer
鍒涘緩涓棿CA鑷璇佷功
keytool -genkey -dname "CN=mars_inter, OU=rv, O=rcd, L=ZB, ST=bj, C=China" -alias intermediary -keyalg RSA -keystore temp/inter.keystore -keypass 111111 -storepass 111111 -validity 60
keytool -certreq -alias intermediary -keypass 111111 -file "temp/inter.self.csr" -keystore "temp/inter.keystore" -storepass 111111
keytool -export -alias intermediary -keystore temp/inter.keystore -storepass 111111 -rfc -file temp/inter.self.cer
鍒涘緩CA璇佷功
keytool -genkey -dname "CN=mars_ca, OU=rv, O=rcd, L=ZB, ST=bj, C=China" -alias root -keyalg RSA -keystore temp/ca--ca.keystore -keypass 111111 -storepass 111111 -validity 60
keytool -certreq -alias root -keypass 111111 -file "temp/root.csr" -keystore "temp/ca--ca.keystore" -storepass 111111
keytool -export -alias root -keystore temp/ca--ca.keystore -storepass 111111 -rfc -file temp/root.cer
CA絳懼彂涓棿CA璇佷功
keytool -export -alias ca_signed -keystore temp/ca--ca_sign.keystore -storepass 111111 -rfc -file temp/inter.cer
楠岃瘉涓棿CA璇佷功
It is signed by the CA
瀵煎叆涓棿CA鐨凨eyStore
keytool -importcert -noprompt -trustcacerts -alias root -file temp/root.cer -keystore temp/inter.keystore -storepass 111111 -keypass 111111
keytool -importcert -noprompt -alias intermediary -file temp/inter.cer -keystore temp/inter.keystore -storepass 111111
涓棿CA絳懼彂icm璇佷功
keytool -export -alias inter_signed -keystore temp/ca--ca_sign.keystore -storepass 111111 -rfc -file temp/icm.signed.cer
涓棿CA絳懼彂ucgw璇佷功
keytool -export -alias inter_signed -keystore temp/ca--ca_sign.keystore -storepass 111111 -rfc -file temp/ucgw.signed.cer
楠岃瘉ICM璇佷功
It is signed by the CA
楠岃瘉UCGW璇佷功
It is signed by the CA
瀵煎叆ICM鐨凨eyStore
keytool -importcert -noprompt -trustcacerts -alias root -file temp/root.cer -keystore temp/iview.keystore -storepass 111111 -keypass 111111
keytool -importcert -noprompt -trustcacerts -alias intermediary -file temp/inter.cer -keystore temp/iview.keystore -storepass 111111 -keypass 111111
keytool -importcert -noprompt -alias icm -file temp/icm.signed.cer -keystore temp/iview.keystore -storepass 111111
瀵煎叆UCGW鐨凨eyStore
keytool -importcert -noprompt -trustcacerts -alias root -file temp/root.cer -keystore temp/ucgw.keystore -storepass 111111 -keypass 111111
keytool -importcert -noprompt -trustcacerts -alias intermediary -file temp/inter.cer -keystore temp/ucgw.keystore -storepass 111111 -keypass 111111
keytool -importcert -noprompt -alias ucgw -file temp/ucgw.signed.cer -keystore temp/ucgw.keystore -storepass 111111
---------------------------------------------------------------
keytool -list -keystore temp/ca--ca.keystore -storepass 111111
...
root, 2011-11-5, PrivateKeyEntry,
璁よ瘉鎸囩汗 (MD5)錛?49:44:8A:79:3C:62:ED:66:AA:20:D6:BF:65:3E:23:C4
---------------------------------------------------------------
keytool -list -keystore temp/inter.keystore -storepass 111111
...
root, 2011-11-5, trustedCertEntry,
璁よ瘉鎸囩汗 (MD5)錛?49:44:8A:79:3C:62:ED:66:AA:20:D6:BF:65:3E:23:C4
intermediary, 2011-11-5, PrivateKeyEntry,
璁よ瘉鎸囩汗 (MD5)錛?23:6C:C0:46:67:CF:9E:4E:EF:A9:74:95:AB:EE:37:21
---------------------------------------------------------------
keytool -list -v -keystore temp/iview.keystore -storepass 111111
...
鎮ㄧ殑 keystore 鍖呭惈 3 杈撳叆
鍒悕鍚嶇О錛?root
鍒涘緩鏃ユ湡錛?2011-11-5
杈撳叆綾誨瀷錛?trustedCertEntry
鎵鏈夎?CN=mars_ca, OU=rv, O=rcd, L=ZB, ST=bj, C=China
絳懼彂浜?CN=mars_ca, OU=rv, O=rcd, L=ZB, ST=bj, C=China
搴忓垪鍙?4eb449c5
鏈夋晥鏈? Sat Nov 05 04:23:33 CST 2011 鑷砏ed Jan 04 04:23:33 CST 2012
璇佷功鎸囩汗:
MD5:49:44:8A:79:3C:62:ED:66:AA:20:D6:BF:65:3E:23:C4
SHA1:EA:92:AE:59:D1:8D:B6:2F:33:B7:65:CC:6E:B0:B5:7D:40:CF:45:BE
絳懼悕綆楁硶鍚嶇О:SHA1withRSA
鐗堟湰: 3
*******************************************
*******************************************
鍒悕鍚嶇О錛?intermediary
鍒涘緩鏃ユ湡錛?2011-11-5
杈撳叆綾誨瀷錛?trustedCertEntry
鎵鏈夎?CN=mars_inter, OU=rv, O=rcd, L=ZB, ST=bj, C=China
絳懼彂浜?CN=mars_ca, OU=rv, O=rcd, L=ZB, ST=bj, C=China
搴忓垪鍙?4eb449c7
鏈夋晥鏈? Sat Nov 05 04:23:35 CST 2011 鑷砏ed Jan 22 04:23:35 CST 2020
璇佷功鎸囩汗:
MD5:23:6C:C0:46:67:CF:9E:4E:EF:A9:74:95:AB:EE:37:21
SHA1:54:86:85:BC:9C:D5:D2:E8:A4:E6:33:DD:4F:42:87:FB:2A:92:F3:84
絳懼悕綆楁硶鍚嶇О:MD5withRSA
鐗堟湰: 3
*******************************************
*******************************************
鍒悕鍚嶇О錛?icm
鍒涘緩鏃ユ湡錛?2011-11-5
欏圭被鍨? PrivateKeyEntry
璁よ瘉閾鵑暱搴︼細 3
璁よ瘉 [1]:
鎵鏈夎?CN=mars_icm, OU=rv, O=rcd, L=ZB, ST=bj, C=China
絳懼彂浜?CN=mars_inter, OU=rv, O=rcd, L=ZB, ST=bj, C=China
搴忓垪鍙?4eb449ca
鏈夋晥鏈? Sat Nov 05 04:23:38 CST 2011 鑷砏ed Jan 22 04:23:38 CST 2020
璇佷功鎸囩汗:
MD5:95:97:C3:2C:2C:A5:B4:7A:17:EF:98:B7:7B:BC:AE:4A
SHA1:E1:92:F9:79:48:FE:59:AF:3F:85:CE:2A:21:82:AD:B2:00:60:EB:D7
絳懼悕綆楁硶鍚嶇О:MD5withRSA
鐗堟湰: 3
璁よ瘉 [2]:
鎵鏈夎?CN=mars_inter, OU=rv, O=rcd, L=ZB, ST=bj, C=China
絳懼彂浜?CN=mars_ca, OU=rv, O=rcd, L=ZB, ST=bj, C=China
搴忓垪鍙?4eb449c7
鏈夋晥鏈? Sat Nov 05 04:23:35 CST 2011 鑷砏ed Jan 22 04:23:35 CST 2020
璇佷功鎸囩汗:
MD5:23:6C:C0:46:67:CF:9E:4E:EF:A9:74:95:AB:EE:37:21
SHA1:54:86:85:BC:9C:D5:D2:E8:A4:E6:33:DD:4F:42:87:FB:2A:92:F3:84
絳懼悕綆楁硶鍚嶇О:MD5withRSA
鐗堟湰: 3
璁よ瘉 [3]:
鎵鏈夎?CN=mars_ca, OU=rv, O=rcd, L=ZB, ST=bj, C=China
絳懼彂浜?CN=mars_ca, OU=rv, O=rcd, L=ZB, ST=bj, C=China
搴忓垪鍙?4eb449c5
鏈夋晥鏈? Sat Nov 05 04:23:33 CST 2011 鑷砏ed Jan 04 04:23:33 CST 2012
璇佷功鎸囩汗:
MD5:49:44:8A:79:3C:62:ED:66:AA:20:D6:BF:65:3E:23:C4
SHA1:EA:92:AE:59:D1:8D:B6:2F:33:B7:65:CC:6E:B0:B5:7D:40:CF:45:BE
絳懼悕綆楁硶鍚嶇О:SHA1withRSA
鐗堟湰: 3
---------------------------------------------------------------
keytool -list -v -keystore temp/ucgw.keystore -storepass 111111
...
鎮ㄧ殑 keystore 鍖呭惈 3 杈撳叆
鍒悕鍚嶇О錛?root
鍒涘緩鏃ユ湡錛?2011-11-5
杈撳叆綾誨瀷錛?trustedCertEntry
鎵鏈夎?CN=mars_ca, OU=rv, O=rcd, L=ZB, ST=bj, C=China
絳懼彂浜?CN=mars_ca, OU=rv, O=rcd, L=ZB, ST=bj, C=China
搴忓垪鍙?4eb449c5
鏈夋晥鏈? Sat Nov 05 04:23:33 CST 2011 鑷砏ed Jan 04 04:23:33 CST 2012
璇佷功鎸囩汗:
MD5:49:44:8A:79:3C:62:ED:66:AA:20:D6:BF:65:3E:23:C4
SHA1:EA:92:AE:59:D1:8D:B6:2F:33:B7:65:CC:6E:B0:B5:7D:40:CF:45:BE
絳懼悕綆楁硶鍚嶇О:SHA1withRSA
鐗堟湰: 3
*******************************************
*******************************************
鍒悕鍚嶇О錛?intermediary
鍒涘緩鏃ユ湡錛?2011-11-5
杈撳叆綾誨瀷錛?trustedCertEntry
鎵鏈夎?CN=mars_inter, OU=rv, O=rcd, L=ZB, ST=bj, C=China
絳懼彂浜?CN=mars_ca, OU=rv, O=rcd, L=ZB, ST=bj, C=China
搴忓垪鍙?4eb449c7
鏈夋晥鏈? Sat Nov 05 04:23:35 CST 2011 鑷砏ed Jan 22 04:23:35 CST 2020
璇佷功鎸囩汗:
MD5:23:6C:C0:46:67:CF:9E:4E:EF:A9:74:95:AB:EE:37:21
SHA1:54:86:85:BC:9C:D5:D2:E8:A4:E6:33:DD:4F:42:87:FB:2A:92:F3:84
絳懼悕綆楁硶鍚嶇О:MD5withRSA
鐗堟湰: 3
*******************************************
*******************************************
鍒悕鍚嶇О錛?ucgw
鍒涘緩鏃ユ湡錛?2011-11-5
欏圭被鍨? PrivateKeyEntry
璁よ瘉閾鵑暱搴︼細 3
璁よ瘉 [1]:
鎵鏈夎?CN=mars_UCGW, OU=rv, O=rcd, L=ZB, ST=bj, C=China
絳懼彂浜?CN=mars_inter, OU=rv, O=rcd, L=ZB, ST=bj, C=China
搴忓垪鍙?4eb449cb
鏈夋晥鏈? Sat Nov 05 04:23:39 CST 2011 鑷砏ed Jan 22 04:23:39 CST 2020
璇佷功鎸囩汗:
MD5:D7:6D:ED:9C:13:B6:79:D2:4C:B1:B7:57:CE:AA:BB:54
SHA1:C0:AD:FC:86:53:CB:4F:92:D6:6C:2E:23:25:8F:EF:89:7D:8D:3A:EB
絳懼悕綆楁硶鍚嶇О:MD5withRSA
鐗堟湰: 3
璁よ瘉 [2]:
鎵鏈夎?CN=mars_inter, OU=rv, O=rcd, L=ZB, ST=bj, C=China
絳懼彂浜?CN=mars_ca, OU=rv, O=rcd, L=ZB, ST=bj, C=China
搴忓垪鍙?4eb449c7
鏈夋晥鏈? Sat Nov 05 04:23:35 CST 2011 鑷砏ed Jan 22 04:23:35 CST 2020
璇佷功鎸囩汗:
MD5:23:6C:C0:46:67:CF:9E:4E:EF:A9:74:95:AB:EE:37:21
SHA1:54:86:85:BC:9C:D5:D2:E8:A4:E6:33:DD:4F:42:87:FB:2A:92:F3:84
絳懼悕綆楁硶鍚嶇О:MD5withRSA
鐗堟湰: 3
璁よ瘉 [3]:
鎵鏈夎?CN=mars_ca, OU=rv, O=rcd, L=ZB, ST=bj, C=China
絳懼彂浜?CN=mars_ca, OU=rv, O=rcd, L=ZB, ST=bj, C=China
搴忓垪鍙?4eb449c5
鏈夋晥鏈? Sat Nov 05 04:23:33 CST 2011 鑷砏ed Jan 04 04:23:33 CST 2012
璇佷功鎸囩汗:
MD5:49:44:8A:79:3C:62:ED:66:AA:20:D6:BF:65:3E:23:C4
SHA1:EA:92:AE:59:D1:8D:B6:2F:33:B7:65:CC:6E:B0:B5:7D:40:CF:45:BE
絳懼悕綆楁硶鍚嶇О:SHA1withRSA
鐗堟湰: 3
鍙屽悜璁よ瘉TLS緗戠粶鍖咃細
filter:
tcp.port==9527&&ssl
route add <your_IP> mask 255.255.255.255 <the_gateway> metric 1
鍙屽悜璁よ瘉TLS緗戠粶鍖咃細
filter:
tcp.port==9527&&ssl
route add <your_IP> mask 255.255.255.255 <the_gateway> metric 1
route delete <your_IP>
route add 192.168.0.100 mask 255.255.255.255 192.168.0.1 metric 1
route delete 192.168.0.100
1錛?54292[client] 9527[server] TLSv1 Client Hello
2錛?錛?錛?錛?9527[server] 54292[client] TLSv1 Server Hello, Certificate, Server Key Exchange, Certificate Request, Server Hello Done
6錛?錛?54292[client] 9527[server] TLSv1 Certificate, Client Key Exchange
8錛?54292[client] 9527[server] TLSv1 Certificate Verify
9錛?0錛?54292[client] 9527[server] TLSv1 Change Cipher Spec, Encrypted Handshake Message
11錛?2錛?9527[server] 54292[client] TLSv1 Change Cipher Spec (Finished)
9527[server] 54292[client] TLSv1 Encrypted Handshake Message, Application Data, Application Data, Encrypted Alert
鍙屽悜璁よ瘉嫻佺▼錛?br />
鍙屽悜璁よ瘉嫻佺▼錛?br />
]]>
]]>