Copyright (C) 2000-2012 |
Manpages keytoolSection: User Commands (1)Updated: 2000 ǯ 7 ·î 28 Æü Index Return to Main Contents ̾Á°keytool - ¸°¤È¾ÚÌÀ½ñ¤Î´ÉÍý¥Ä¡¼¥ë·Á¼°keytool [ subcommands ]µ¡Ç½ÀâÌÀkeytool ¤Ï¡¢¸°¤È¾ÚÌÀ½ñ¤ò´ÉÍý¤¹¤ë¤¿¤á¤Î¥æ¡¼¥Æ¥£¥ê¥Æ¥£¤Ç¤¹¡£keytool ¤ò»È¤¦¤È¡¢¼«Ê¬¤Î ¸ø³«¸°¤ÈÈó¸ø³«¸°¤Î¥Ú¥¢¡¢¤ª¤è¤Ó´ØÏ¢¤¹¤ë¾ÚÌÀ½ñ¤ò´ÉÍý¤·¡¢¥Ç¥¸¥¿¥ë½ð̾¤ò »È¤Ã¤¿¼«¸Êǧ¾Ú (¤Û¤«¤Î¥æ¡¼¥¶¤Þ¤¿¤Ï¥µ¡¼¥Ó¥¹¤ËÂФ·¤Æ¼«Ê¬¼«¿È¤òǧ¾Ú¤¹¤ë ¤³¤È) ¤ä¡¢¥Ç¡¼¥¿¤Î´°Á´À¤Èǧ¾Ú¤Ë´Ø¤¹¤ë¥µ¡¼¥Ó¥¹¤ËÍøÍѤ¹¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£ keytool ¤Ç¤Ï¡¢ÄÌ¿®Áê¼ê¤Î¸ø³«¸°¤ò (¾ÚÌÀ½ñ¤Î·Á¤Ç) ¥¥ã¥Ã¥·¥å¤¹¤ë¤³¤È¤â¤Ç¤ ¤Þ¤¹¡£¡Ö¾ÚÌÀ½ñ¡×¤È¤Ï¡¢¤¢¤ë¥¨¥ó¥Æ¥£¥Æ¥£¤«¤é¤Î¥Ç¥¸¥¿¥ë½ð̾ÉÕ¤¤Îʸ½ñ¤Î¤³¤È¤Ç¤¹¡£ ¾ÚÌÀ½ñ¤Ë¤Ï¡¢¤Û¤«¤Î¤¢¤ë¥¨¥ó¥Æ¥£¥Æ¥£ (¿Íʪ¡¢²ñ¼Ò¤Ê¤É) ¤Î¸ø³«¸° (¤ª¤è¤Ó¤½¤Î ¾¤Î¾ðÊó) ¤¬ÆÃÊ̤ÊÃͤò»ý¤Ã¤Æ¤¤¤ë¤³¤È¤¬½ñ¤«¤ì¤Æ¤¤¤Þ¤¹ (¡Ö¾ÚÌÀ½ñ¡×¤ò»²¾È)¡£ ¥Ç¡¼¥¿¤Ë¥Ç¥¸¥¿¥ë½ð̾¤¬ÉÕ¤¤¤Æ¤¤¤ë¾ì¹ç¤Ï¡¢¥Ç¥¸¥¿¥ë½ð̾¤ò¸¡¾Ú¤¹¤ë¤³¤È¤Ç¡¢ ¥Ç¡¼¥¿¤Î´°Á´À¤ª¤è¤Ó¥Ç¡¼¥¿¤¬ËÜʪ¤Ç¤¢¤ë¤³¤È¤ò¥Á¥§¥Ã¥¯¤Ç¤¤Þ¤¹¡£¥Ç¡¼¥¿¤Î ¡Ö´°Á´À¡×¤È¤Ï¡¢¥Ç¡¼¥¿¤¬Êѹ¹¤µ¤ì¤¿¤ê¡¢²þÊѤµ¤ì¤¿¤ê¤·¤Æ¤¤¤Ê¤¤¤³¤È¤ò°ÕÌ£¤·¤Þ¤¹¡£ ¤Þ¤¿¡¢¥Ç¡¼¥¿¤¬¡ÖËÜʪ¤Ç¤¢¤ë¡×¤È¤Ï¡¢¤½¤Î¥Ç¡¼¥¿¤¬¡¢¥Ç¡¼¥¿¤òºîÀ®¤·¤Æ½ð̾¤·¤¿¤È ¾Î¤¹¤ë¿Íʪ¤«¤é¼ÂºÝ¤ËÅϤµ¤ì¤¿¥Ç¡¼¥¿¤Ç¤¢¤ë¤³¤È¤ò°ÕÌ£¤·¤Þ¤¹¡£ keytool ¤Ï¡¢¸°¤È¾ÚÌÀ½ñ¤ò¡Ö¥¡¼¥¹¥È¥¢¡×¤Ë³ÊǼ¤·¤Þ¤¹¡£¥Ç¥Õ¥©¥ë¥È¤Î¥¡¼¥¹¥È¥¢¤Î¼ÂÁõ¤Ï¡¢ ¥¡¼¥¹¥È¥¢¤ò¥Õ¥¡¥¤¥ë¤È¤·¤Æ¼ÂÁõ¤·¤Æ¤¤¤Þ¤¹¡£¥¡¼¥¹¥È¥¢¤Ï¡¢Èó¸ø³«¸°¤ò¥Ñ¥¹¥ï¡¼¥É ¤ÇÊݸ¤Þ¤¹¡£ jarsigner(1) ¥Ä¡¼¥ë¤Ï¡¢¥¡¼¥¹¥È¥¢¤Î¾ðÊó¤ò»È¤Ã¤Æ Java Archive (JAR) ¥Õ¥¡¥¤¥ë¤ËÂФ¹¤ë¥Ç¥¸¥¿¥ë½ð̾¤ÎÀ¸À®¤È¸¡¾Ú¤ò¹Ô¤¤¤Þ¤¹¡£JAR ¥Õ¥¡¥¤¥ë¤Ï¡¢ ¥¯¥é¥¹¥Õ¥¡¥¤¥ë¡¢¥¤¥á¡¼¥¸¡¢¥µ¥¦¥ó¥É¡¢¤ª¤è¤Ó¤½¤Î¾¤Î¥Ç¥¸¥¿¥ë¥Ç¡¼¥¿¤òñ°ì¤Î¥Õ¥¡ ¥¤¥ë¤Ë¥Ñ¥Ã¥±¡¼¥¸²½¤·¤Þ¤¹¡£ jarsigner(1) ¤Ï¡¢JAR ¥Õ¥¡¥¤¥ë¤ËÉÕ°¤¹¤ë¾ÚÌÀ½ñ (JAR ¥Õ¥¡¥¤¥ë¤Î½ð̾¥Ö¥í¥Ã¥¯¥Õ¥¡¥¤¥ë¤Ë´Þ¤Þ¤ì¤Æ¤¤¤ë¾ÚÌÀ½ñ) ¤ò»È¤Ã¤Æ JAR ¥Õ¥¡¥¤¥ë¤Î ¥Ç¥¸¥¿¥ë½ð̾¤ò¸¡¾Ú¤·¡¢¾ÚÌÀ½ñ¤Î¸ø³«¸°¤¬¡Ö¿®Íê¡×¤Ç¤¤ë¤«¤É¤¦¤«¡¢¤Ä¤Þ¤ê¡¢³ºÅö ¤¹¤ë¸ø³«¸°¤¬¡¢»ØÄꤵ¤ì¤¿¥¡¼¥¹¥È¥¢¤Ë´Þ¤Þ¤ì¤Æ¤¤¤ë¤«¤É¤¦¤«¤òÄ´¤Ù¤Þ¤¹¡£ Ãí: keytool ¥Ä¡¼¥ë¤È jarsigner(1) ¥Ä¡¼¥ë¤Ï¡¢JDK 1.1 ¤ÇÄ󶡤µ¤ì¤Æ¤¤¤¿ javakey ¥Ä¡¼¥ë¤ò´°Á´¤ËÃÖ¤´¹¤¨¤ë¤â¤Î ¤Ç¤¹¡£¤³¤ì¤é¤Î¿·¤·¤¤¥Ä¡¼¥ë¤Ï javakey ¤è¤ê¤â¿¤¯¤Îµ¡Ç½¤òÈ÷¤¨¤Æ¤ª¤ê¡¢¥¡¼¥¹¥È ¥¢¤ÈÈó¸ø³«¸°¤ò¥Ñ¥¹¥ï¡¼¥É¤ÇÊݸ¤ëµ¡Ç½¤ä¡¢½ð̾¤ÎÀ¸À®¤Ë²Ã¤¨¤Æ½ð̾¤ò¸¡¾Ú ¤¹¤ëµ¡Ç½¤ò»ý¤Ã¤Æ¤¤¤Þ¤¹¡£¿·¤·¤¤¥¡¼¥¹¥È¥¢¥¢¡¼¥¥Æ¥¯¥Á¥ã¤Ï¡¢javakey ¤¬ºîÀ®¤· ¤Æ´ÉÍý¤·¤Æ¤¤¤¿¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¥Ç¡¼¥¿¥Ù¡¼¥¹¤ËÂå¤ï¤ë¤â¤Î¤Ç¤¹¡£ -identitydb ¥µ¥Ö¥³¥Þ¥ó¥É¤ò»È¤¦¤È¡¢¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¥Ç¡¼¥¿¥Ù¡¼¥¹¤Î¾ðÊó¤ò¥¡¼¥¹¥È¥¢¤Ë¥¤¥ó¥Ý¡¼¥È¤Ç¤¤Þ¤¹¡£ ¥¡¼¥¹¥È¥¢¤Î¥¨¥ó¥È¥ê¥¡¼¥¹¥È¥¢¤Î¥¨¥ó¥È¥ê¤Ë¤Ï¡¢¼¡¤Î 2 ¤Ä¤Î¼ïÎब¤¢¤ê¤Þ¤¹¡£
¥¡¼¥¹¥È¥¢¤ÎÊÌ̾¥¡¼¥¹¥È¥¢¤Î¤¹¤Ù¤Æ¤Î¥¨¥ó¥È¥ê (¸°¤ª¤è¤Ó¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ) ¤Ï¡¢°ì°Õ¤Î¡ÖÊÌ̾¡× ¤ò²ð¤·¤Æ¥¢¥¯¥»¥¹¤µ¤ì¤Þ¤¹¡£ÊÌ̾¤Ç¤Ï¡¢Âçʸ»ú¤È¾®Ê¸»ú¤Ï¶èÊ̤µ¤ì¤Þ¤»¤ó¡£ ¤·¤¿¤¬¤Ã¤Æ¡¢ÊÌ̾ Hugo ¤È hugo ¤Ï¡¢¤É¤Á¤é¤âƱ¤¸¥¡¼¥¹¥È¥¢¥¨¥ó¥È¥ê¤ò»Ø¤·¤Þ¤¹¡£ -genkey ¥µ¥Ö¥³¥Þ¥ó¥É¤ò»È¤Ã¤Æ¸°¤Î¥Ú¥¢ (¸ø³«¸°¤ÈÈó¸ø³«¸°) ¤òÀ¸À®¤·¤¿¤ê¡¢ -import ¥µ¥Ö¥³¥Þ¥ó¥É¤ò»È¤Ã¤Æ¡¢¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¤Î¥ê¥¹¥È¤Ë¾ÚÌÀ½ñ¤Þ¤¿¤Ï¾ÚÌÀÏ¢º¿¤òÄɲà ¤¹¤ë¤Ê¤É¡¢¥¡¼¥¹¥È¥¢¤Ë¥¨¥ó¥Æ¥£¥Æ¥£¤òÄɲ乤ë¤È¤¤Ï¡¢ÊÌ̾¤ò»ØÄꤷ¤Þ¤¹¡£¤³¤ì°Ê¸å¡¢ keytool ¥³¥Þ¥ó¥É¤Ç¥¨¥ó¥Æ¥£¥Æ¥£¤ò»²¾È¤¹¤ë¾ì¹ç¤Ï¡¢¤³¤Î¤È¤¤Ë»ØÄꤷ¤¿ÊÌ̾¤ò»ÈÍѤ¹¤ë ɬÍפ¬¤¢¤ê¤Þ¤¹¡£ ¤¿¤È¤¨¤Ð¡¢duke ¤È¤¤¤¦ÊÌ̾¤ò»È¤Ã¤Æ¿·¤·¤¤¸ø³«¸°¤ÈÈó¸ø³«¸°¤Î¥Ú¥¢¤òÀ¸À®¤·¡¢ ¸ø³«¸°¤ò¼«¸Ê½ð̾¾ÚÌÀ½ñ (¾ÚÌÀÏ¢º¿¤ò»²¾È) ¤Ç¥é¥Ã¥×¤¹¤ë¤È¤·¤Þ¤¹¡£¤³¤Î¾ì¹ç¤Ï¡¢ ¼¡¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Þ¤¹¡£
example% keytool -genkey -alias duke -keypass dukekeypasswd ¤³¤³¤Ç¤Ï¡¢½é´ü¥Ñ¥¹¥ï¡¼¥É¤È¤·¤Æ dukekeypasswd ¤ò»ØÄꤷ¤Æ¤¤¤Þ¤¹¡£°Ê¸å¡¢ÊÌ̾ duke ¤Ë´ØÏ¢ÉÕ¤±¤é¤ì¤¿Èó¸ø³«¸°¤Ë¥¢¥¯¥»¥¹¤¹¤ë¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¤È¤¤Ï¡¢¤³¤Î¥Ñ¥¹ ¥ï¡¼¥É¤¬É¬Íפˤʤê¤Þ¤¹¡£ duke ¤ÎÈó¸ø³«¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤ò¤¢¤È¤«¤éÊѹ¹¤¹¤ë¤Ë ¤Ï¡¢¼¡¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Þ¤¹¡£
example% keytool -keypasswd -alias duke -keypass dukekeypasswd -new newpass ¥Ñ¥¹¥ï¡¼¥É¤¬¡¢dukekeypasswd ¤«¤é newpass ¤ËÊѹ¹¤µ¤ì¤Þ¤¹¡£ Ãí: ¥Æ¥¹¥È¤òÌÜŪ¤È¤¹¤ë¾ì¹ç¡¢¤Þ¤¿¤Ï°ÂÁ´¤Ç¤¢¤ë¤³¤È¤¬¤ï¤«¤Ã¤Æ¤¤¤ë¥·¥¹¥Æ¥à¤Ç ¼Â¹Ô¤¹¤ë¾ì¹ç°Ê³°¤Ï¡¢¥³¥Þ¥ó¥É¹Ô¤ä¥¹¥¯¥ê¥×¥È¤Ç¥Ñ¥¹¥ï¡¼¥É¤ò»ØÄꤷ¤Ê¤¤¤Ç¤¯¤À¤µ ¤¤¡£É¬Íפʥѥ¹¥ï¡¼¥É¤Î¥ª¥×¥·¥ç¥ó¤ò¥³¥Þ¥ó¥É¹Ô¤Ç»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï¡¢¥Ñ¥¹ ¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£password ¥×¥í¥ó¥×¥È¤Ç¥Ñ¥¹¥ï¡¼¥É¤òÆþÎϤ¹¤ë¤È¡¢ ÆþÎϤ·¤¿¥Ñ¥¹¥ï¡¼¥É¤¬¥¨¥³¡¼¤µ¤ì¡¢¤½¤Î¤Þ¤Þ²èÌ̤Ëɽ¼¨¤µ¤ì¤Þ¤¹¡£¤³¤Î¤¿¤á¡¢¼þ °Ï¤Ë¤Û¤«¤Î¥æ¡¼¥¶¤¬¤¤¤ë¾ì¹ç¤Ï¡¢¥Ñ¥¹¥ï¡¼¥É¤ò¸«¤é¤ì¤Ê¤¤¤è¤¦¤ËÃí°Õ¤·¤Æ¤¯¤À¤µ¤¤¡£ ¥¡¼¥¹¥È¥¢¤Î¾ì½êkeytool ¤Î³Æ¥³¥Þ¥ó¥É¤Ë¤Ï¡¢ -keystore ¥ª¥×¥·¥ç¥ó¤¬¤¢¤ê¤Þ¤¹¡£¤³¤Î¥ª¥×¥·¥ç¥ó¤Ç¤Ï¡¢ keytool ¤Ç´ÉÍý¤¹¤ë¥¡¼¥¹¥È¥¢¤ËÂбþ¤¹¤ë±Ê³Ū¤Ê¥¡¼¥¹¥È¥¢¥Õ¥¡¥¤¥ë¤Î̾Á°¤È¾ì½ê¤ò »ØÄꤷ¤Þ¤¹¡£¥¡¼¥¹¥È¥¢¤Ï¡¢¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¥æ¡¼¥¶¤Î¥Û¡¼¥à¥Ç¥£¥ì¥¯¥È¥ê¤Î .keystore ¤È¤¤¤¦Ì¾Á°¤Î¥Õ¥¡¥¤¥ë¤Ë³ÊǼ¤µ¤ì¤Þ¤¹¡£¥æ¡¼¥¶¤Î¥Û¡¼¥à¥Ç¥£¥ì¥¯¥È¥ê¤Ï¡¢ user.home ¥·¥¹¥Æ¥à¥×¥í¥Ñ¥Æ¥£¤Ë¤è¤Ã¤Æ·è¤Þ¤ê¤Þ¤¹¡£ ¥¡¼¥¹¥È¥¢¤ÎºîÀ®¤Þ¤À¸ºß¤·¤Æ¤¤¤Ê¤¤¥¡¼¥¹¥È¥¢¤ËÂФ·¡¢ -genkey ¡¢ -import ¡¢¤Þ¤¿¤Ï -identitydb ¥µ¥Ö¥³¥Þ¥ó¥É¤ò»È¤Ã¤Æ¥Ç¡¼¥¿¤òÄɲ乤ë¤È¡¢¥¡¼¥¹¥È¥¢¤¬ºîÀ®¤µ¤ì¤Þ¤¹¡£ ¶ñÂÎŪ¤Ë¤Ï¡¢ -keystore ¥ª¥×¥·¥ç¥ó¤Ç¥¡¼¥¹¥È¥¢¤ò»ØÄꤷ¤Æ¤¤¤Æ¡¢¤³¤Î¥¡¼¥¹¥È¥¢¤¬¤Þ¤À¸ºß¤·¤Æ¤¤¤Ê¤¤ ¾ì¹ç¤Ï¡¢»ØÄꤷ¤¿¥¡¼¥¹¥È¥¢¤¬ºîÀ®¤µ¤ì¤Þ¤¹¡£ -keystore ¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¡¢¥Ç¥Õ¥©¥ë¥È¤Î¥¡¼¥¹¥È¥¢¤Ï¡¢¥Û¡¼¥à¥Ç¥£¥ì¥¯¥È¥ê Æâ¤Î .keystore ¤È¤¤¤¦Ì¾Á°¤Î¥Õ¥¡¥¤¥ë¤Ë¤Ê¤ê¤Þ¤¹¡£¤³¤Î¥Õ¥¡¥¤¥ë¤¬¤Þ¤À¸ºß¤·¤Æ¤¤¤Ê¤¤¾ì¹ç¤ÏºîÀ® ¤µ¤ì¤Þ¤¹¡£ ¥¡¼¥¹¥È¥¢¤Î¼ÂÁõjava.security ¥Ñ¥Ã¥±¡¼¥¸¤ÇÄ󶡤µ¤ì¤ë KeyStore ¥¯¥é¥¹¤Ë¤Ï¡¢¥¡¼¥¹¥È¥¢Æâ¤Î¾ðÊó¤ËÂФ¹¤ë¥¢¥¯¥»¥¹¤ÈÊѹ¹¤ò¹Ô¤¦¤¿¤á¤ÎÌÀ³Î¤Ë ÄêµÁ¤µ¤ì¤¿¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤¬ÍÑ°Õ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£¥¡¼¥¹¥È¥¢¤Î¸ÇÄê¼ÂÁõ¤È¤·¤Æ¤Ï¡¢ ¤½¤ì¤¾¤ì¤¬ÆÃÄê¤Î¡Ö¥¿¥¤¥×¡×¤Î¥¡¼¥¹¥È¥¢¤òÂоݤȤ¹¤ëÊ£¿ô¤Î°Û¤Ê¤ë¼ÂÁõ¤¬Â¸ºß ²Äǽ¤Ç¤¹¡£ ¸½ºß¡¢keytool ¤È jarsigner(1) ¤Î 2 ¤Ä¤Î¥³¥Þ¥ó¥É¹Ô¥Ä¡¼¥ë¤È¡¢ policytool ¤È¤¤¤¦Ì¾Á°¤Î 1 ¤Ä¤Î GUI ¥Ù¡¼¥¹¤Î ¥Ä¡¼¥ë¤¬¤¢¤ê¤Þ¤¹¡£ KeyStore ¤Ï public ¤È¤·¤Æ»ÈÍѲÄǽ¤Ê¤Î¤Ç¡¢JDK ¥æ¡¼¥¶¤Ï KeyStore ¤ò»È¤Ã¤¿¤Û¤«¤Î¥»¥¥å¥ê¥Æ¥£¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤âºîÀ®¤Ç¤¤Þ¤¹¡£ ¥¡¼¥¹¥È¥¢¤Ë¤Ï¡¢Sun ¤¬Ä󶡤¹¤ëÁȤ߹þ¤ß¤Î¥Ç¥Õ¥©¥ë¥È¤Î¼ÂÁõ¤¬¤¢¤ê¤Þ¤¹¡£ ¤³¤ì¤Ï¡¢JKS ¤È¤¤¤¦Ì¾Á°¤ÎÆȼ«¤Î¥¡¼¥¹¥È¥¢¥¿¥¤¥× (·Á¼°) ¤òÍøÍѤ¹¤ë¤â¤Î¤Ç¡¢ ¥¡¼¥¹¥È¥¢¤ò¥Õ¥¡¥¤¥ë¤È¤·¤Æ¼ÂÁõ¤·¤Æ¤¤¤Þ¤¹¡£¤³¤Î¼ÂÁõ¤Ç¤Ï¡¢¸Ä¡¹¤ÎÈó¸ø³«¸°¤Ï ¸ÄÊ̤Υѥ¹¥ï¡¼¥É¤Ë¤è¤Ã¤ÆÊݸ¤ì¡¢¥¡¼¥¹¥È¥¢Á´ÂΤδ°Á´À¤â (Èó¸ø³«¸°¤È¤Ï Ê̤Î) ¥Ñ¥¹¥ï¡¼¥É¤Ë¤è¤Ã¤ÆÊݸ¤ì¤Þ¤¹¡£ ¥¡¼¥¹¥È¥¢¤Î¼ÂÁõ¤Ï¡¢¥×¥í¥Ð¥¤¥À¥Ù¡¼¥¹¤Ç¤¹¡£¶ñÂÎŪ¤Ë¤Ï¡¢ KeyStore ¤¬Ä󶡤¹¤ë¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤Ï¡¢Service Provider Interface (SPI) ¤È¤¤¤¦·Á¤Ç¼ÂÁõ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£¤Ä¤Þ¤ê¡¢Âбþ¤¹¤ë KeystoreSpi Ãê¾Ý¥¯¥é¥¹ (¤³¤ì¤â java.security ¥Ñ¥Ã¥±¡¼¥¸¤Ë´Þ¤Þ¤ì¤Æ¤¤¤ë) ¤¬¤¢¤ê¡¢¤³¤Î¥¯¥é¥¹ ¤¬ Service Provider Interface ¤Î¥á¥½¥Ã¥É¤òÄêµÁ¤·¤Æ¤¤¤Þ¤¹¡£¤³¤ì¤é¤Î¥á¥½¥Ã¥É¤Ï¡¢ ¡Ö¥×¥í¥Ð¥¤¥À¡×¤¬¼ÂÁõ¤·¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£¤³¤³¤Ç¡¢¡Ö¥×¥í¥Ð¥¤¥À¡×¤È¤Ï¡¢ Java Security API ¤Ë¤è¤Ã¤Æ¥¢¥¯¥»¥¹²Äǽ¤Ê¥µ¡¼¥Ó¥¹¤Î¥µ¥Ö¥»¥Ã¥È¤ËÂФ·¡¢¤½¤Î ¸ÇÄê¼ÂÁõ¤òÄ󶡤¹¤ë¥Ñ¥Ã¥±¡¼¥¸¤Þ¤¿¤Ï¥Ñ¥Ã¥±¡¼¥¸¤Î½¸¹ç¤Î¤³¤È¤Ç¤¹¡£¤·¤¿¤¬¤Ã¤Æ¡¢ ¥¡¼¥¹¥È¥¢¤Î¼ÂÁõ¤òÄ󶡤¹¤ë¤Ë¤Ï¡¢¡ÖJava °Å¹æ²½¥¢¡¼¥¥Æ¥¯¥Á¥ãÍÑ¥×¥í¥Ð¥¤¥À¤Î ¼ÂÁõÊýË¡¡×¤ÇÀâÌÀ¤·¤Æ¤¤¤ë¤è¤¦¤Ë¡¢¥¯¥é¥¤¥¢¥ó¥È¤¬¡Ö¥×¥í¥Ð¥¤¥À¡×¤ò¼ÂÁõ¤·¡¢ KeystoreSpi ¥µ¥Ö¥¯¥é¥¹¤Î¼ÂÁõ¤òÄ󶡤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£ ¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ç¤Ï¡¢ KeyStore ¥¯¥é¥¹¤¬Ä󶡤¹¤ë getInstance ¥Õ¥¡¥¯¥È¥ê¥á¥½¥Ã¥É¤ò»È¤¦¤³¤È¤Ç¡¢¤µ¤Þ¤¶¤Þ¤Ê¥×¥í¥Ð¥¤¥À ¤«¤é°Û¤Ê¤ë¡Ö¥¿¥¤¥×¡×¤Î¥¡¼¥¹¥È¥¢¤Î¼ÂÁõ¤òÁªÂò¤Ç¤¤Þ¤¹¡£¥¡¼¥¹¥È¥¢¤Î¥¿¥¤¥×¤Ï¡¢ ¥¡¼¥¹¥È¥¢¾ðÊó¤Î³ÊǼ·Á¼°¤È¥Ç¡¼¥¿·Á¼°¡¢¤ª¤è¤Ó¥¡¼¥¹¥È¥¢Æâ¤ÎÈó¸ø³«¸°¤È ¥¡¼¥¹¥È¥¢¼«ÂΤδ°Á´À¤òÊݸ¤ë¤¿¤á¤Ë»È¤ï¤ì¤ë¥¢¥ë¥´¥ê¥º¥à¤òÄêµÁ¤·¤Þ¤¹¡£ °Û¤Ê¤ë¥¿¥¤¥×¤Î¥¡¼¥¹¥È¥¢¤Î¼ÂÁõ¤Ë¤Ï¡¢¸ß¤¤¤Ë¸ß´¹À¤Ï¤¢¤ê¤Þ¤»¤ó¡£ keytool ¤Ï¡¢Ç¤°Õ¤Î¥Õ¥¡¥¤¥ë¥Ù¡¼¥¹¤Î¥¡¼¥¹¥È¥¢¼ÂÁõ¤ÇÆ°ºî¤·¤Þ¤¹¡£ keytool ¤Ï¡¢¥³¥Þ¥ó¥É¹Ô¤«¤éÅϤµ¤ì¤¿¥¡¼¥¹¥È¥¢¤Î¾ì½ê¤ò¥Õ¥¡¥¤¥ë̾¤È¤·¤Æ°·¤¤¡¢¤³¤ì¤ò FileInputStream ¤ËÊÑ´¹¤·¤Æ¡¢FileInputStream ¤«¤é¥¡¼¥¹¥È¥¢¤Î¾ðÊó¤ò¥í¡¼¥É ¤·¤Þ¤¹¡£°ìÊý¡¢ jarsigner(1) ¥Ä¡¼¥ë¤È policytool ¥Ä¡¼¥ë¤Ï¡¢URL ¤Ç»ØÄê²Äǽ¤ÊǤ°Õ¤Î¾ì½ê¤«¤é¥¡¼¥¹¥È¥¢¤ò Æɤ߹þ¤à¤³¤È¤¬¤Ç¤¤Þ¤¹¡£ keytool ¤È jarsigner(1) ¤Î¾ì¹ç¡¢ -storetype ¥ª¥×¥·¥ç¥ó¤ò»È¤Ã¤Æ¥³¥Þ¥ó¥É¹Ô¤Ç¥¡¼¥¹¥È¥¢¤Î¥¿¥¤¥×¤ò»ØÄê¤Ç¤¤Þ¤¹¡£ Policy Tool ¤Î¾ì¹ç¤Ï¡¢[Edit] ¥á¥Ë¥å¡¼¤Î [Change Keystore] ¥³¥Þ¥ó¥É¤ò»È¤Ã¤Æ ¥¡¼¥¹¥È¥¢¤Î¥¿¥¤¥×¤ò»ØÄê¤Ç¤¤Þ¤¹¡£ ¥¡¼¥¹¥È¥¢¤Î¥¿¥¤¥×¤òÌÀ¼¨Åª¤Ë»ØÄꤷ¤Ê¤¤¾ì¹ç¡¢keytool¡¢jarsigner¡¢¤ª¤è¤Ó policytool ¤Î³Æ¥Ä¡¼¥ë¤Ï¡¢¥»¥¥å¥ê¥Æ¥£¥×¥í¥Ñ¥Æ¥£¥Õ¥¡¥¤¥ëÆâ¤Ç»ØÄꤵ¤ì¤¿ keystore.type ¥×¥í¥Ñ¥Æ¥£¤ÎÃͤ˴ð¤Å¤¤¤Æ¥¡¼¥¹¥È¥¢¤Î¼ÂÁõ¤òÁªÂò¤·¤Þ¤¹¡£ ¥»¥¥å¥ê¥Æ¥£¥×¥í¥Ñ¥Æ¥£¥Õ¥¡¥¤¥ë¤Ï¡¢ java.security ¤È¤¤¤¦Ì¾Á°¤Ç JDK ¥»¥¥å¥ê¥Æ¥£¥×¥í¥Ñ¥Æ¥£¥Ç¥£¥ì¥¯¥È¥ê java.home/lib/security ¤ËÃÖ¤«¤ì¤Æ¤¤¤Þ¤¹¡£java.home ¤Ï¡¢JDK ¤Î¥¤¥ó¥¹¥È¡¼¥ëÀè¥Ç¥£¥ì¥¯¥È¥ê¤Ç¤¹¡£ ³Æ¥Ä¡¼¥ë¤Ï¡¢keystore.type ¤ÎÃͤò¼èÆÀ¤·¡¢¤³¤ÎÃͤǻØÄꤵ¤ì¤¿¥¿¥¤¥×¤Î¥¡¼¥¹¥È ¥¢¤ò¼ÂÁõ¤·¤Æ¤¤¤ë¥×¥í¥Ð¥¤¥À¤¬¸«¤Ä¤«¤ë¤Þ¤Ç¡¢¸½ºß¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Æ¤¤¤ë¤¹¤Ù¤Æ ¤Î¥×¥í¥Ð¥¤¥À¤òÄ´¤Ù¤Þ¤¹¡£ÌÜŪ¤Î¥×¥í¥Ð¥¤¥À¤¬¸«¤Ä¤«¤ë¤È¡¢¤½¤Î¥×¥í¥Ð¥¤¥À¤«¤é¤Î ¥¡¼¥¹¥È¥¢¤Î¼ÂÁõ¤ò»È¤¤¤Þ¤¹¡£ KeyStore ¥¯¥é¥¹¤Ç¤Ï getDefaultType ¤È¤¤¤¦Ì¾Á°¤Î static ¥á¥½¥Ã¥É¤¬ÄêµÁ¤µ¤ì¤Æ¤ª¤ê¡¢ ¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤È¥¢¥×¥ì¥Ã¥È¤Ï¤³¤Î¥á¥½¥Ã¥É¤ò»È¤¦¤³¤È¤Ç keystore.type ¥×¥í¥Ñ¥Æ¥£¤ÎÃͤò¼èÆÀ¤Ç¤¤Þ¤¹¡£¼¡¤Î¥³¡¼¥É¤Ï¡¢¥Ç¥Õ¥©¥ë¥È¤Î¥¡¼¥¹¥È¥¢¥¿¥¤¥× ( keystore.type ¥×¥í¥Ñ¥Æ¥£¤Ç»ØÄꤵ¤ì¤¿¥¿¥¤¥×) ¤Î¥¤¥ó¥¹¥¿¥ó¥¹¤òÀ¸À®¤·¤Þ¤¹¡£
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); ¥Ç¥Õ¥©¥ë¥È¤Î¥¡¼¥¹¥È¥¢¥¿¥¤¥×¤Ï jks (Sun ¤¬Ä󶡤¹¤ëÆȼ«¤Î¥¿¥¤¥×¤Î¥¡¼¥¹¥È¥¢ ¤Î¼ÂÁõ) ¤Ç¤¹¡£¤³¤ì¤Ï¡¢¥»¥¥å¥ê¥Æ¥£¥×¥í¥Ñ¥Æ¥£¥Õ¥¡¥¤¥ëÆâ¤Î¼¡¤Î¹Ô¤Ë¤è¤Ã¤Æ»ØÄê ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£
keystore.type=jks ³Æ¥Ä¡¼¥ë¤Ç¥Ç¥Õ¥©¥ë¥È°Ê³°¤Î¥¡¼¥¹¥È¥¢¤Î¼ÂÁõ¤ò»ÈÍѤ¹¤ë¤Ë¤Ï¡¢¾å¤Î¹Ô¤ò Êѹ¹¤·¤ÆÊ̤Υ¡¼¥¹¥È¥¢¤Î¥¿¥¤¥×¤ò»ØÄꤷ¤Þ¤¹¡£ ¤¿¤È¤¨¤Ð¡¢pkcs12 ¤È¸Æ¤Ð¤ì¤ë¥¿¥¤¥×¤Î¥¡¼¥¹¥È¥¢¤Î¼ÂÁõ¤òÄ󶡤·¤Æ¤¤¤ë ¥×¥í¥Ð¥¤¥À¥Ñ¥Ã¥±¡¼¥¸¤ò»ÈÍѤ¹¤ë¤Ë¤Ï¡¢¾å¤Î¹Ô¤ò¼¡¤Î¤è¤¦¤ËÊѹ¹¤·¤Þ¤¹¡£
keystore.type=pkcs12 Ãí: ¥¡¼¥¹¥È¥¢¤Î¥¿¥¤¥×¤Î»ØÄê¤Ç¤Ï¡¢Âçʸ»ú¤È¾®Ê¸»ú¤Ï¶èÊ̤µ¤ì¤Þ¤»¤ó¡£ ¤¿¤È¤¨¤Ð¡¢JKS ¤È jks ¤ÏƱ¤¸¤â¤Î¤È¤·¤Æ°·¤ï¤ì¤Þ¤¹¡£ ¥µ¥Ý¡¼¥È¤µ¤ì¤ë¥¢¥ë¥´¥ê¥º¥à¤È¸°¤Î¥µ¥¤¥ºkeytool ¤Ç¤Ï¡¢ÅÐÏ¿¤µ¤ì¤Æ¤¤¤ë°Å¹æ²½¥µ¡¼¥Ó¥¹¥×¥í¥Ð¥¤¥À¤¬Ä󶡤¹¤ë¸°¤Î¥Ú¥¢À¸À®¤ª¤è ¤Ó½ð̾¥¢¥ë¥´¥ê¥º¥à¤Î¤¦¤Á¡¢Ç¤°Õ¤Î¥¢¥ë¥´¥ê¥º¥à¤ò»ØÄê¤Ç¤¤Þ¤¹¡£¤Ä¤Þ¤ê¡¢¤µ¤Þ¤¶¤Þ ¤Ê¥³¥Þ¥ó¥É¤Ç»ØÄꤹ¤ë -keyalg ¥ª¥×¥·¥ç¥ó¤È -sigalg ¥ª¥×¥·¥ç¥ó¤Ï¡¢¥×¥í¥Ð¥¤¥À¼ÂÁõ¤Ë¤è¤Ã¤Æ¥µ¥Ý¡¼¥È¤µ¤ì¤Æ¤¤¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£ ¥Ç¥Õ¥©¥ë¥È¤Î¸°¤Î¥Ú¥¢À¸À®¥¢¥ë¥´¥ê¥º¥à¤Ï DSA ¤Ç¤¹¡£½ð̾¥¢¥ë¥´¥ê¥º¥à¤Ï¡¢´ð¤Ë ¤Ê¤ëÈó¸ø³«¸°¤Î¥¢¥ë¥´¥ê¥º¥à¤«¤éÇÉÀ¸¤·¤Þ¤¹¡£´ð¤Ë¤Ê¤ëÈó¸ø³«¸°¤¬ DSA ¥¿¥¤¥× ¤Ç¤¢¤ë¾ì¹ç¡¢¥Ç¥Õ¥©¥ë¥È¤Î½ð̾¥¢¥ë¥´¥ê¥º¥à¤Ï SHA1withDSA ¤Ë¤Ê¤ê¡¢´ð¤Ë¤Ê¤ë Èó¸ø³«¸°¤¬ RSA ¥¿¥¤¥×¤Ç¤¢¤ë¾ì¹ç¤Ï¡¢¥Ç¥Õ¥©¥ë¥È¤Î½ð̾¥¢¥ë¥´¥ê¥º¥à¤Ï MD5withRSA ¤Ë¤Ê¤ê¤Þ¤¹ DSA ¸°¤Î¥Ú¥¢¤òÀ¸À®¤¹¤ë¾ì¹ç¡¢¸°¤Î¥µ¥¤¥º¤Ï 512 ¡Á 1024 ¥Ó¥Ã¥È¤Ç¤¢¤ëɬÍפ¬ ¤¢¤ê¤Þ¤¹¡£¤Þ¤¿¡¢¸°¤Î¥µ¥¤¥º¤Ï¡¢64 ¤ÎÇÜ¿ô¤Ç¤¢¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¥Ç¥Õ¥©¥ë¥È¤Î¸° ¤Î¥µ¥¤¥º¤Ï¡¢¤É¤Î¥¢¥ë¥´¥ê¥º¥à¤Î¾ì¹ç¤Ç¤â 1024 ¥Ó¥Ã¥È¤Ç¤¹¡£ ¾ÚÌÀ½ñ¾ÚÌÀ½ñ (¸ø³«¸°¾ÚÌÀ½ñ¤È¤â¸Æ¤Ö) ¤È¤Ï¡¢¤¢¤ë¥¨¥ó¥Æ¥£¥Æ¥£ (¡Öȯ¹Ô¼Ô¡×) ¤«¤é¤Î ¥Ç¥¸¥¿¥ë½ð̾ÉÕ¤¤Îʸ½ñ¤Î¤³¤È¤Ç¤¹¡£¾ÚÌÀ½ñ¤Ë¤Ï¡¢¤Û¤«¤Î¤¢¤ë¥¨¥ó¥Æ¥£¥Æ¥£ ( ¡Ö½ð̾¼Ô¡×) ¤Î¸ø³«¸° (¤ª¤è¤Ó¤½¤Î¾¤Î¾ðÊó) ¤¬ÆÃÊ̤ÊÃͤò»ý¤Ã¤Æ¤¤¤ë¤³¤È¤¬ ½ñ¤«¤ì¤Æ¤¤¤Þ¤¹¡£ °Ê²¼¤Ç¤Ï¡¢¤¤¤¯¤Ä¤«¤Î½ÅÍפÊÍѸì¤Ë¤Ä¤¤¤ÆÀâÌÀ¤·¤Þ¤¹¡£
¸ø³«¸°°Å¹æ²½¤Ç¤Ï¡¢¤½¤ÎÀ¼Á¾å¡¢¥æ¡¼¥¶¤Î¸ø³«¸°¤Ë¥¢¥¯¥»¥¹¤¹¤ëɬÍפ¬ ¤¢¤ê¤Þ¤¹¡£Â絬ÌϤʥͥåȥ¥¯´Ä¶¤Ç¤Ï¡¢¸ß¤¤¤ËÄÌ¿®¤·¤Æ¤¤¤ë¥¨¥ó¥Æ¥£¥Æ¥£ ´Ö¤Ç°ÊÁ°¤Î´Ø·¸¤¬°ú¤Â³¤³ÎΩ¤µ¤ì¤Æ¤¤¤ë¤È²¾Äꤷ¤¿¤ê¡¢»È¤ï¤ì¤Æ¤¤¤ë¤¹ ¤Ù¤Æ¤Î¸ø³«¸°¤ò¼ý¤á¤¿¿®Íê¤Ç¤¤ë¥ê¥Ý¥¸¥È¥ê¤¬Â¸ºß¤¹¤ë¤È²¾Äꤷ¤¿¤ê¤¹¤ë¤³ ¤È¤ÏÉÔ²Äǽ¤Ç¤¹¡£¾ÚÌÀ½ñ¤Ï¡¢¤³¤Î¤è¤¦¤Ê¸ø³«¸°ÇÛÉÛ¤ÎÌäÂê¤ËÂФ¹¤ë²ò·è ºö¤È¤·¤Æ¹Í°Æ¤µ¤ì¤Þ¤·¤¿¡£¡Ö¾ÚÌÀ½ñȯ¹Ô¶É¡×(CA) ¤Ï¡¢¿®Íê¤Ç¤¤ëÂè»°¼Ô¤È¤· ¤Æµ¡Ç½¤·¤Þ¤¹¡£CA ¤Ï¡¢¤Û¤«¤Î¥¨¥ó¥Æ¥£¥Æ¥£¤Î¾ÚÌÀ½ñ¤Ë½ð̾¤¹¤ë (ȯ¹Ô¤¹¤ë) ¹Ô°Ù¤ò¡¢¿®Íꤷ¤ÆǤ¤µ¤ì¤Æ¤¤¤ë¥¨¥ó¥Æ¥£¥Æ¥£ (´ë¶È¤Ê¤É) ¤Ç¤¹¡£CA ¤ÏˡΧ¾å ¤Î·ÀÌó¤Ë¹´Â«¤µ¤ì¤ë¤Î¤Ç¡¢Í¸ú¤«¤Ä¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¤À¤±¤òºîÀ®¤¹¤ë¤â¤Î ¤È¤·¤Æ°·¤ï¤ì¤Þ¤¹¡£VeriSign¡¢Thawte¡¢Entrust ¤ò¤Ï¤¸¤á¡¢Â¿¤¯¤Î CA ¤¬Â¸ºß ¤·¤Þ¤¹¡£Netscapetm ¤ä Microsoft ¤Îǧ¾Ú¥µ¡¼¥Ð¡¢Entrust ¤Î CA À½ÉÊ¤Ê¤É ¤ò½ê°ÁÈ¿¥Æâ¤ÇÍøÍѤ¹¤ì¤Ð¡¢Æȼ«¤Î¾ÚÌÀ½ñȯ¹Ô¶É¤ò±¿±Ä¤¹¤ë¤³¤È¤â²Äǽ¤Ç¤¹¡£ keytool ¤ò»È¤¦¤È¡¢¾ÚÌÀ½ñ¤Îɽ¼¨¡¢¥¤¥ó¥Ý¡¼¥È¡¢¤ª¤è¤Ó¥¨¥¯¥¹¥Ý¡¼¥È¤ò¹Ô¤¦¤³¤È¤¬¤Ç¤¤Þ¤¹¡£ ¤Þ¤¿¡¢¼«¸Ê½ð̾¾ÚÌÀ½ñ¤òÀ¸À®¤¹¤ë¤³¤È¤â¤Ç¤¤Þ¤¹¡£ ¸½ºß¡¢ keytool ¤Ï X.509 ¾ÚÌÀ½ñ¤òÂоݤˤ·¤Æ¤¤¤Þ¤¹¡£ X.509 ¾ÚÌÀ½ñX.509 µ¬³Ê¤Ç¤Ï¡¢¾ÚÌÀ½ñ¤Ë´Þ¤á¤ë¾ðÊó¤¬ÄêµÁ¤µ¤ì¤Æ¤ª¤ê¡¢¤³¤Î¾ðÊó¤ò¾ÚÌÀ½ñ¤Ë ½ñ¤¹þ¤àÊýË¡ (¥Ç¡¼¥¿·Á¼°) ¤Ë¤Ä¤¤¤Æ¤âµ½Ò¤µ¤ì¤Æ¤¤¤Þ¤¹¡£¤¹¤Ù¤Æ¤Î X.509 ¾ÚÌÀ½ñ¤Ï¡¢½ð̾¤Î¤Û¤«¤Ë¼¡¤Î¥Ç¡¼¥¿¤ò´Þ¤ó¤Ç¤¤¤Þ¤¹¡£ ¥Ð¡¼¥¸¥ç¥ó - ¾ÚÌÀ½ñ¤ËŬÍѤµ¤ì¤ë X.509 µ¬³Ê¤Î¥Ð¡¼¥¸¥ç¥ó¤òÆÃÄꤷ¤Þ¤¹¡£¾ÚÌÀ½ñ¤Ë»ØÄê¤Ç ¤¤ë¾ðÊó¤Ï¡¢¥Ð¡¼¥¸¥ç¥ó¤Ë¤è¤Ã¤Æ°Û¤Ê¤ê¤Þ¤¹¡£¤³¤ì¤Þ¤Ç¤Ë¡¢3 ¤Ä¤Î¥Ð¡¼¥¸¥ç¥ó¤¬ÄêµÁ ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£ keytool ¤Ç¤Ï¡¢v1¡¢v2¡¢¤ª¤è¤Ó v3 ¤Î¾ÚÌÀ½ñ¤Î¥¤¥ó¥Ý¡¼¥È¤È¥¨¥¯¥¹¥Ý¡¼¥È¤¬²Äǽ¤Ç¤¹¡£ keytool ¤¬À¸À®¤¹¤ë¤Î¤Ï¡¢v1 ¤Î¾ÚÌÀ½ñ¤Ç¤¹¡£ ¥·¥ê¥¢¥ëÈÖ¹æ - ¾ÚÌÀ½ñ¤òºîÀ®¤·¤¿¥¨¥ó¥Æ¥£¥Æ¥£¤Ï¡¢¤½¤Î¥¨¥ó¥Æ¥£¥Æ¥£¤¬ ȯ¹Ô¤¹¤ë¤Û¤«¤Î¾ÚÌÀ½ñ¤È ¶èÊ̤¹¤ë¤¿¤á¤Ë¡¢¾ÚÌÀ½ñ¤Ë¥·¥ê¥¢¥ëÈÖ¹æ¤ò³ä¤êÅö¤Æ¤Þ¤¹¡£¤³¤Î¾ðÊó¤Ï¡¢¤µ¤Þ¤¶¤Þ ¤ÊÊýË¡¤Ç»È¤ï¤ì¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢¾ÚÌÀ½ñ¤¬¼è¤ê¾Ã¤µ¤ì¤ë¤È¡¢¥·¥ê¥¢¥ëÈֹ椬¾ÚÌÀ ½ñ¤Î¼è¤ê¾Ã¤·¥ê¥¹¥È (CRL) ¤Ë³ÊǼ¤µ¤ì¤Þ¤¹¡£ ½ð̾¥¢¥ë¥´¥ê¥º¥à¼±ÊÌ»Ò - ¾ÚÌÀ½ñ¤Ë½ð̾¤òÉÕ¤±¤ë¤È¤¤Ë CA ¤¬»È¤Ã ¤¿¥¢¥ë¥´¥ê¥º¥à¤òÆÃÄꤷ¤Þ¤¹¡£ ȯ¹Ô¼Ô̾ - ¾ÚÌÀ½ñ¤Ë½ð̾¤òÉÕ¤±¤¿¥¨¥ó¥Æ¥£¥Æ¥£¤Î X.500 ¼±ÊÌ̾ ¤Ç¤¹¡£¥¨¥ó¥Æ¥£¥Æ¥£¤Ï¡¢ Ä̾ï¤Ï CA ¤Ç¤¹¡£¤³¤Î¾ÚÌÀ½ñ¤ò»È¤¦¤³¤È¤Ï¡¢¾ÚÌÀ½ñ¤Ë½ð̾¤òÉÕ¤±¤¿¥¨¥ó¥Æ¥£¥Æ¥£ ¤ò¿®Íꤹ¤ë¤³¤È¤ò°ÕÌ£¤·¤Þ¤¹¡£¡Ö¥ë¡¼¥È¡×¤Ä¤Þ¤ê¥È¥Ã¥×¥ì¥Ù¥ë¤Î CA ¤Î¾ÚÌÀ½ñ¤Ê¤É¡¢ ¾ì¹ç¤Ë¤è¤Ã¤Æ¤Ïȯ¹Ô¼Ô¤¬¼«¿È¤Î¾ÚÌÀ½ñ¤Ë½ð̾¤òÉÕ¤±¤ë¤³¤È¤¬¤¢¤ëÅÀ¤ËÃí°Õ¤·¤Æ ¤¯¤À¤µ¤¤¡£ ͸ú´ü´Ö - ³Æ¾ÚÌÀ½ñ¤Ï¡¢¸Â¤é¤ì¤¿´ü´Ö¤À¤±Í¸ú¤Ë¤Ê¤ê¤Þ¤¹¡£ ¤³¤Î´ü´Ö¤Ï³«»Ï¤ÎÆü»þ¤È½ªÎ» ¤ÎÆü»þ¤Ë¤è¤Ã¤Æ»ØÄꤵ¤ì¡¢¿ôÉäÎû¤¤´ü´Ö¤«¤é 100 ǯ¤È¤¤¤¦Ä¹´ü¤Ë¤ï¤¿¤ë¤³¤È¤â ¤¢¤ê¤Þ¤¹¡£Í¸ú´ü´Ö¤Ï¡¢¾ÚÌÀ½ñ¤Î½ð̾¤Ë»È¤ï¤ì¤¿Èó¸ø³«¸°¤Î¶¯ÅÙ¤ä¾ÚÌÀ½ñ¤Ë ÂФ·¤Æ»Ùʧ¤ï¤ì¤ë¶â³Û¤Ê¤É¡¢¤µ¤Þ¤¶¤Þ¤ÊÍ×°ø¤ò¹Íθ¤·¤ÆÁªÂò¤µ¤ì¤Þ¤¹¡£´ØÏ¢ÉÕ¤± ¤é¤ì¤Æ¤¤¤ëÈó¸ø³«¸°¤¬Â¾¿Í¤ËÃΤé¤ì¤Ê¤¤¸Â¤ê¡¢¥¨¥ó¥Æ¥£¥Æ¥£¤¬¾ÚÌÀ½ñ¤ò¿®Íê¤Ç¤ ¤ë´ü´Ö¤¬Í¸ú´ü´Ö¤Ç¤¹¡£ ¼çÂÎ̾ - ¾ÚÌÀ½ñ¤Ë´ØÏ¢ÉÕ¤±¤é¤ì¤¿¸ø³«¸°¤ò½êͤ·¤Æ¤¤¤ë¥¨¥ó¥Æ¥£¥Æ¥£ ¤Î̾Á°¤Ç¤¹¡£ ¥¤¥ó¥¿¡¼¥Í¥Ã¥È¾å¤Ç°ì°Õ¤Î̾Á°¤Ë¤¹¤ë¤¿¤á¡¢¤³¤Î̾Á°¤Ë¤Ï X.500 µ¬³Ê¤¬»È¤ï¤ì ¤Þ¤¹¡£¤³¤ì¤Ï¡¢¥¨¥ó¥Æ¥£¥Æ¥£¤Î X.500 ¼±ÊÌ̾ (DN) ¤Ç¤¹¡£¤¿¤È¤¨¤Ð¡¢¼¡¤Î¤è¤¦¤Ë¤Ê ¤ê¤Þ¤¹¡£
CN=Java Duke, OU=Java Software Division, O=Sun Microsystems Inc, C=US ¤³¤ì¤é¤Ï¤½¤ì¤¾¤ì¼çÂΤÎÄ̾Ρ¢ÁÈ¿¥Ã±°Ì¡¢ÁÈ¿¥¡¢¹ñ¤òɽ¤·¤Þ¤¹¡£ ¼çÂΤθø³«¸°¾ðÊó - ̾Á°¤òÉÕ¤±¤é¤ì¤¿¥¨¥ó¥Æ¥£¥Æ¥£¤Î¸ø³«¸°¤È ¥¢¥ë¥´¥ê¥º¥à¼±Ê̻ҤǤ¹¡£ ¥¢¥ë¥´¥ê¥º¥à¼±Ê̻ҤǤϡ¢¸ø³«¸°¤ËÂФ·¤Æ»È¤ï¤ì¤Æ¤¤¤ë¸ø³«¸°°Å¹æ²½¥·¥¹¥Æ¥à ¤ª¤è¤Ó´ØÏ¢¤¹¤ë¸°¥Ñ¥é¥á¡¼¥¿¤¬»ØÄꤵ¤ì¤Æ¤¤¤Þ¤¹¡£ X.509 Version 1 ¤Ï¡¢1988 ǯ¤«¤éÍøÍѤµ¤ì¤Æ¹¤¯ÉáµÚ¤·¤Æ¤ª¤ê¡¢¤â¤Ã¤È¤â°ìÈÌŪ¤Ç¤¹¡£ X.509 Version 2 ¤Ç¤Ï¡¢¼çÂΤäȯ¹Ô¼Ô¤Î̾Á°¤ò¤¢¤È¤ÇºÆÍøÍѤǤ¤ë¤è¤¦¤Ë¤¹¤ë¤¿¤á¤Ë¡¢¼çÂÎ¤È È¯¹Ô¼Ô¤È¤Ë°ì°Õ¼±Ê̻ҤγµÇ°¤¬Æ³Æþ¤µ¤ì¤Þ¤·¤¿¡£¤¿¤À¤·¡¢¤Û¤È¤ó¤É¤Î¾ÚÌÀ½ñ ¥×¥í¥Õ¥¡¥¤¥ëʸ½ñ¤Ç¤Ï¡¢Ì¾Á°¤ÎºÆÍøÍѤª¤è¤Ó¾ÚÌÀ½ñ¤Ç¤Î°ì°Õ¼±Ê̻ҤÎÍøÍÑ ¤ò¿ä¾©¤·¤Æ¤¤¤Þ¤»¤ó¡£Version 2 ¤Î¾ÚÌÀ½ñ¤Ï¡¢¹¤¯ÉáµÚ¤·¤Æ¤¤¤ë¤È¤Ï¤¤¤¨¤Þ¤»¤ó¡£ X.509 Version 3 ¤Ï¤â¤Ã¤È¤â¿·¤·¤¤ (1996 ǯ) µ¬³Ê¤Ç¡¢¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤Î³µÇ°¤ò¥µ¥Ý¡¼¥È¤·¤Æ ¤¤¤Þ¤¹¡£¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤Ïï¤Ç¤âÄêµÁ¤¹¤ë¤³¤È¤¬¤Ç¤¡¢¾ÚÌÀ½ñ¤Ë´Þ¤á¤ë¤³¤È ¤¬¤Ç¤¤Þ¤¹¡£¸½ºß»È¤ï¤ì¤Æ¤¤¤ë°ìÈÌŪ¤Ê¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤È¤·¤Æ¤Ï¡¢KeyUsage (¡Ö½ð̾ÀìÍѡפʤɡ¢¸°¤Î»ÈÍѤòÆÃÄê¤ÎÌÜŪ¤ËÀ©¸Â¤¹¤ë)¡¢AlternativeNames (¤¿¤È¤¨¤Ð¡¢DNS ̾¡¢ÅŻҥ᡼¥ë¥¢¥É¥ì¥¹¡¢IP ¥¢¥É¥ì¥¹¤Ê¤É¡¢¤Û¤«¤Î¥¢¥¤¥Ç¥ó¥Æ¥£ ¥Æ¥£¤ò¸ø³« ¸°¤Ë´ØÏ¢ÉÕ¤±¤ë¤³¤È¤¬¤Ç¤¤ë) ¤Ê¤É¤¬¤¢¤ê¤Þ¤¹¡£¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤Ë¤Ï¡¢critical ¤È¤¤¤¦¥Þ¡¼¥¯¤òÉÕ¤±¤Æ¡¢¤½¤Î¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤Î¥Á¥§¥Ã¥¯¤È»ÈÍѤòµÁ̳¤Å¤±¤ë¤³¤È ¤¬¤Ç¤¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢critical ¤È¥Þ¡¼¥¯¤µ¤ì¡¢KeyCertSign ¤¬ÀßÄꤵ¤ì¤¿ KeyUsage ¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤¬¾ÚÌÀ½ñ¤Ë´Þ¤Þ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢¤³¤Î¾ÚÌÀ½ñ¤ò SSL ÄÌ¿®Ãæ¤ËÄ󼨤¹¤ë¤È¡¢¾ÚÌÀ½ñ¤¬µñÈݤµ¤ì¤Þ¤¹¡£¤³¤ì¤Ï¡¢¾ÚÌÀ½ñ¤Î¥¨¥¯¥¹¥Æ¥ó¥· ¥ç¥ó¤Ë¤è¤Ã¤Æ¡¢´ØÏ¢¤¹¤ëÈó¸ø³«¸°¤¬¾ÚÌÀ½ñ¤Î½ð̾ÀìÍѤȤ·¤Æ»ØÄꤵ¤ì¤Æ¤ª¤ê¡¢SSL ¤Ç¤Ï»ÈÍѤǤ¤Ê¤¤¤¿¤á¤Ç¤¹¡£ ¾ÚÌÀ½ñ¤Î¤¹¤Ù¤Æ¤Î¥Ç¡¼¥¿¤Ï¡¢ASN.1/DER ¤È¸Æ¤Ð¤ì¤ë 2 ¤Ä¤Î´ØÏ¢µ¬³Ê¤ò »È¤Ã¤ÆÉä¹æ²½¤µ¤ì¤Þ¤¹¡£¡Ö Abstract Syntax Notation 1 ¡×¤Ï¥Ç¡¼¥¿¤Ë¤Ä¤¤¤Æµ½Ò¤·¤Æ¤¤¤Þ¤¹¡£¡ÖDefinite Encoding Rules¡×¤Ï¡¢¥Ç¡¼¥¿¤Î Êݸ¤ª¤è¤ÓžÁ÷¤ÎÊýË¡¤Ë¤Ä¤¤¤Æµ½Ò¤·¤Æ¤¤¤Þ¤¹¡£ X.500 ¼±ÊÌ̾X.500 ¼±ÊÌ̾¤Ï¡¢¥¨¥ó¥Æ¥£¥Æ¥£¤òÆÃÄꤹ¤ë¤¿¤á¤Ë»È¤ï¤ì¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢X.509 ¾ÚÌÀ½ñ¤Î subject ¥Õ¥£¡¼¥ë¥É¤È issuer (½ð̾¼Ô) ¥Õ¥£¡¼¥ë¥É¤Ç»ØÄꤵ¤ì¤ë̾Á°¤Ï¡¢ X.500 ¼±ÊÌ̾¤Ç¤¹¡£ keytool ¤Ï¡¢¼¡¤Î¥µ¥Ö¥Ñ¡¼¥È¤ò¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Þ¤¹¡£
-genkey ¥µ¥Ö¥³¥Þ¥ó¥É¤Þ¤¿¤Ï -selfcert ¥µ¥Ö¥³¥Þ¥ó¥É¤Î -dname ¥ª¥×¥·¥ç¥ó¤ÎÃͤȤ·¤Æ¼±ÊÌ̾ʸ»úÎó¤ò»ØÄꤹ¤ë¾ì¹ç¤Ï¡¢¼¡¤Î·Á¼°¤Ç»ØÄê ¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
CN=cName, OU=orgUnit, O=org, L=city, S=state, C=countryCode ¥¤¥¿¥ê¥Ã¥¯ÂΤιàÌܤϡ¢¼ÂºÝ¤Ë»ØÄꤹ¤ëÃͤòɽ¤·¤Þ¤¹¡£Ã»½Ì·Á¤Î¥¡¼¥ï¡¼¥É¤Î °ÕÌ£¤Ï¡¢¼¡¤Î¤È¤ª¤ê¤Ç¤¹¡£
CN=commonName OU=organizationUnit O=organizationName L=localityName S=stateName C=country ¼¡¤Ë¼¨¤¹¤Î¤Ï¡¢¼±ÊÌ̾ʸ»úÎó¤ÎÎã¤Ç¤¹¡£
CN=Mark Smith, OU=Java, O=Sun, L=Cupertino, S=California, C=US ¼¡¤Ï¡¢¤³¤Îʸ»úÎó¤ò»È¤Ã¤¿¥³¥Þ¥ó¥É¤ÎÎã¤Ç¤¹¡£
example% keytool -genkey -dname "CN=Mark Smith, OU=Java, O=Sun, L=Cupertino, S=California, C=US" -alias mark ¥¡¼¥ï¡¼¥É¤Îû½Ì·Á¤Ç¤Ï¡¢Âçʸ»ú¤È¾®Ê¸»ú¤Ï¶èÊ̤µ¤ì¤Þ¤»¤ó¡£¤¿¤È¤¨¤Ð¡¢ CN ¡¢ cn ¡¢¤ª¤è¤Ó Cn ¤Ï¡¢¤É¤ì¤âƱ¤¸¤â¤Î¤È¤·¤Æ°·¤ï¤ì¤Þ¤¹¡£ °ìÊý¡¢¥¡¼¥ï¡¼¥É¤Î»ØÄê½ç½ø¤Ë¤Ï°ÕÌ£¤¬¤¢¤ê¡¢³Æ¥µ¥Ö¥³¥ó¥Ý¡¼¥Í¥ó¥È¤Ï¾å¤Ë ¼¨¤·¤¿½ç½ø¤Ç»ØÄꤹ¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¤¿¤À¤·¡¢¥µ¥Ö¥³¥ó¥Ý¡¼¥Í¥ó¥È¤ò¤¹¤Ù¤Æ »ØÄꤹ¤ëɬÍפϤ¢¤ê¤Þ¤»¤ó¡£¤¿¤È¤¨¤Ð¡¢¼¡¤Î¤è¤¦¤Ë°ìÉô¤Î¥µ¥Ö¥³¥ó¥Ý¡¼¥Í¥ó¥È ¤À¤±¤ò»ØÄê¤Ç¤¤Þ¤¹¡£
CN=Steve Meier, OU=SunSoft, O=Sun, C=US ¼±ÊÌ̾ʸ»úÎó¤ÎÃͤ˥³¥ó¥Þ¤¬´Þ¤Þ¤ì¤ë¾ì¹ç¤Ë¥³¥Þ¥ó¥É¹Ô¤Îʸ»úÎó¤ò»ØÄꤹ¤ë ¤È¤¤Ë¤Ï¡¢¼¡¤Î¤è¤¦¤Ë¡¢¥³¥ó¥Þ¤ò \ ʸ»ú¤Ç¥¨¥¹¥±¡¼¥×¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
cn=peter schuster, o=Sun Microsystems\, Inc., o=sun, c=us ¼±ÊÌ̾ʸ»úÎó¤ò¥³¥Þ¥ó¥É¹Ô¤Ç»ØÄꤹ¤ëɬÍפϤ¢¤ê¤Þ¤»¤ó¡£¼±ÊÌ̾¤òɬÍפȤ¹¤ë ¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¤È¤¤Ë¡¢¥³¥Þ¥ó¥É¹Ô¤Ç¼±ÊÌ̾¤ò»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï¡¢³Æ ¥µ¥Ö¥³¥ó¥Ý¡¼¥Í¥ó¥È¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£¤³¤Î¾ì¹ç¤Ï¡¢¥³¥ó¥Þ¤ò \ ʸ»ú¤Ç ¥¨¥¹¥±¡¼¥×¤¹¤ëɬÍפϤ¢¤ê¤Þ¤»¤ó¡£ ¥¤¥ó¥¿¡¼¥Í¥Ã¥È RFC 1421 ¾ÚÌÀ½ñ¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°Â¿¤¯¤Î¾ì¹ç¡¢¾ÚÌÀ½ñ¤Ï¡¢¥Ð¥¤¥Ê¥ê¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°¤Ç¤Ï¤Ê¤¯¡¢¥¤¥ó¥¿¡¼¥Í¥Ã¥È RFC 1421 µ¬³Ê¤ÇÄêµÁ¤µ¤ì¤Æ¤¤¤ë¥×¥ê¥ó¥È²Äǽ¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°Êý¼°¤ò»È¤Ã¤Æ ³ÊǼ¤µ¤ì¤Þ¤¹¡£¡ÖBase 64 ¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°¡×¤È¤â¸Æ¤Ð¤ì¤ë¤³¤Î¾ÚÌÀ½ñ·Á¼°¤Ç¤Ï¡¢ ÅŻҥ᡼¥ë¤ä¤½¤Î¾¤Îµ¡¹½¤òÄ̤¸¤Æ¡¢¤Û¤«¤Î¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ë¾ÚÌÀ½ñ¤òÍÆ°× ¤Ë¥¨¥¯¥¹¥Ý¡¼¥È¤Ç¤¤Þ¤¹¡£ -import ¥µ¥Ö¥³¥Þ¥ó¥É¤È -printcert ¥µ¥Ö¥³¥Þ¥ó¥É¤Ç¤Ï¡¢¤³¤Î·Á¼°¤Î¾ÚÌÀ½ñ¤È¥Ð¥¤¥Ê¥ê¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°¤Î¾ÚÌÀ½ñ¤ò Æɤ߹þ¤à¤³¤È¤¬¤Ç¤¤Þ¤¹¡£ -export ¥µ¥Ö¥³¥Þ¥ó¥É¤Ç¤Ï¡¢¥Ç¥Õ¥©¥ë¥È¤Ç¥Ð¥¤¥Ê¥ê¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°¤Î¾ÚÌÀ½ñ¤¬½ÐÎϤµ¤ì¤Þ¤¹¡£ ¤¿¤À¤·¡¢ -rfc ¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤¿¾ì¹ç¤Ï¡¢¥×¥ê¥ó¥È²Äǽ¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°Êý¼°¤Î¾ÚÌÀ½ñ¤¬ ½ÐÎϤµ¤ì¤Þ¤¹¡£ -list ¥µ¥Ö¥³¥Þ¥ó¥É¤Ç¤Ï¡¢¥Ç¥Õ¥©¥ë¥È¤Ç¾ÚÌÀ½ñ¤Î MD5 ¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤¬½ÐÎϤµ¤ì¤Þ¤¹¡£ -v ¥ª¥×¥·¥ç¥ó¤ò»ØÄꤹ¤ë¤È¡¢¿Í´Ö¤¬Æɤळ¤È¤Î¤Ç¤¤ë·Á¼°¤Ç¾ÚÌÀ½ñ¤¬½ÐÎϤµ¤ì¤Þ¤¹¡£ °ìÊý¡¢ -rfc ¥ª¥×¥·¥ç¥ó¤ò»ØÄꤹ¤ë¤È¡¢¥×¥ê¥ó¥È²Äǽ¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°Êý¼°¤Ç¾ÚÌÀ½ñ¤¬½ÐÎϤµ¤ì ¤Þ¤¹¡£ ¥×¥ê¥ó¥È²Äǽ¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°Êý¼°¤ÇÉä¹æ²½¤µ¤ì¤¿¾ÚÌÀ½ñ¤Ï¡¢¼¡¤Î¹Ô¤Ç»Ï¤Þ¤ê¤Þ¤¹¡£
-----BEGIN CERTIFICATE----- ºÇ¸å¤Ï¡¢¼¡¤Î¹Ô¤Ç½ª¤ï¤ê¤Þ¤¹¡£
-----END CERTIFICATE----- ¾ÚÌÀÏ¢º¿keytool ¤Ç¤Ï¡¢Èó¸ø³«¸°¤ª¤è¤Ó´ØÏ¢¤¹¤ë¾ÚÌÀ¡ÖÏ¢º¿¡×¤ò´Þ¤à¥¡¼¥¹¥È¥¢¤Î¡Ö¸°¡×¥¨¥ó¥È¥ê¤ò ºîÀ®¤·¡¢´ÉÍý¤¹¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£¤³¤Î¤è¤¦¤Ê¥¨¥ó¥È¥ê¤Ç¤Ï¡¢Èó¸ø³«¸°¤ËÂбþ¤¹¤ë ¸ø³«¸°¤Ï¡¢Ï¢º¿¤ÎºÇ½é¤Î¾ÚÌÀ½ñ¤Ë´Þ¤Þ¤ì¤Æ¤¤¤Þ¤¹¡£ ¸°¤ò½é¤á¤ÆºîÀ®¤¹¤ë¤È ( -genkey ¥µ¥Ö¥³¥Þ¥ó¥É¤ò»²¾È)¡¢¡Ö¼«¸Ê½ð̾¾ÚÌÀ½ñ¡×¤È¤¤¤¦ 1 ¤Ä¤ÎÍ×ÁǤÀ¤±¤ò´Þ¤àÏ¢º¿¤¬³«»Ï ¤µ¤ì¤Þ¤¹¡£¼«¸Ê½ð̾¾ÚÌÀ½ñ¤È¤Ï¡¢È¯¹Ô¼Ô (½ð̾¼Ô) ¤È¼çÂÎ (¾ÚÌÀ½ñ¤Ë¤è¤Ã¤Æǧ¾Ú ¤µ¤ì¤ë¸ø³«¸°¤ò½êͤ·¤Æ¤¤¤ë¥¨¥ó¥Æ¥£¥Æ¥£) ¤È¤¬Æ±°ì¤Î¾ÚÌÀ½ñ¤Î¤³¤È¤Ç¤¹¡£ -genkey ¥µ¥Ö¥³¥Þ¥ó¥É¤ò¸Æ¤Ó½Ð¤·¤Æ¿·¤·¤¤¸ø³«¸°¤ÈÈó¸ø³«¸°¤Î¥Ú¥¢¤òºîÀ®¤¹¤ë¤È¡¢¸ø³«¸°¤Ï ¾ï¤Ë¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Ç¥é¥Ã¥×¤µ¤ì¤Þ¤¹¡£ ¤³¤Î¤¢¤È¡¢¾ÚÌÀ½ñ½ð̾Í×µá (CSR) ¤¬À¸À®¤µ¤ì¤Æ ( -certreq ¥µ¥Ö¥³¥Þ¥ó¥É¤ò»²¾È)¡¢CSR ¤¬¾ÚÌÀ½ñȯ¹Ô¶É (CA) ¤ËÁ÷¿®¤µ¤ì¤ë¤È¡¢CA ¤«¤é¤Î ±þÅú¤¬¥¤¥ó¥Ý¡¼¥È¤µ¤ì ( -import ¥³¥Þ¥ó¥É¤ò»²¾È)¡¢¸µ¤Î¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Ï¾ÚÌÀÏ¢º¿¤Ë¤è¤Ã¤ÆÃÖ¤´¹¤¨¤é¤ì¤Þ¤¹¡£ Ï¢º¿¤ÎºÇ¸å¤Ë¤¢¤ë¤Î¤Ï¡¢¼çÂΤθø³«¸°¤òǧ¾Ú¤·¤¿ CA ¤¬È¯¹Ô¤·¤¿¾ÚÌÀ½ñ (±þÅú) ¤Ç¤¹¡£Ï¢º¿Æâ¤Î¤½¤ÎÁ°¤Î¾ÚÌÀ½ñ¤Ï¡¢¡ÖCA¡×¤Î¸ø³«¸°¤òǧ¾Ú¤¹¤ë¾ÚÌÀ½ñ¤Ç¤¹¡£ CA ¤Î¸ø³«¸°¤òǧ¾Ú¤¹¤ë¾ÚÌÀ½ñ¤Ï¡¢Â¿¤¯¤Î¾ì¹ç¡¢¼«¸Ê½ð̾¾ÚÌÀ½ñ (¤Ä¤Þ¤ê CA ¤¬¼«¿È¤Î¸ø³«¸°¤òǧ¾Ú¤·¤¿¾ÚÌÀ½ñ) ¤Ç¤¢¤ê¡¢¤³¤ì¤ÏÏ¢º¿¤ÎºÇ½é¤Î¾ÚÌÀ½ñ¤Ë¤Ê¤ê ¤Þ¤¹¡£¾ì¹ç¤Ë¤è¤Ã¤Æ¤Ï¡¢CA ¤¬¾ÚÌÀ¤ÎÏ¢º¿¤òÊÖ¤¹¤³¤È¤â¤¢¤ê¤Þ¤¹¡£¤³¤Î¾ì¹ç¡¢Ï¢º¿ Æâ¤ÎºÇ¸å¤Î¾ÚÌÀ½ñ (CA ¤Ë¤è¤Ã¤Æ½ð̾¤µ¤ì¡¢¸°¥¨¥ó¥È¥ê¤Î¸ø³«¸°¤òǧ¾Ú¤¹¤ë¾Ú ÌÀ½ñ) ¤ËÊѤï¤ê¤Ï¤¢¤ê¤Þ¤»¤ó¤¬¡¢Ï¢º¿Æâ¤Î¤½¤ÎÁ°¤Î¾ÚÌÀ½ñ¤Ï¡¢CSR ¤ÎÁ÷¿®Àè ¤Î CA ¤È¤Ï¡ÖÊ̤Ρ×CA ¤Ë¤è¤Ã¤Æ½ð̾¤µ¤ì¡¢CSR ¤ÎÁ÷¿®Àè¤Î CA ¤Î¸ø³«¸°¤òǧ ¾Ú¤¹¤ë¾ÚÌÀ½ñ¤Ë¤Ê¤ê¤Þ¤¹¡£¤µ¤é¤Ë¡¢Ï¢º¿Æâ¤Î¤½¤ÎÁ°¤Î¾ÚÌÀ½ñ¤Ï¡¢¼¡¤Î CA ¤Î¸° ¤òǧ¾Ú¤¹¤ë¾ÚÌÀ½ñ¤Ë¤Ê¤ê¤Þ¤¹¡£°Ê²¼Æ±Íͤˡ¢¼«¸Ê½ð̾¤µ¤ì¤¿¡Ö¥ë¡¼¥È¡×¾ÚÌÀ½ñ¤Ë 㤹¤ë¤Þ¤ÇÏ¢º¿¤¬Â³¤¤Þ¤¹¡£¤·¤¿¤¬¤Ã¤Æ¡¢Ï¢º¿Æâ¤Î (ºÇ½é¤Î¾ÚÌÀ½ñ°Ê¸å¤Î) ³Æ¾ÚÌÀ½ñ¤Ç¤Ï¡¢Ï¢º¿Æâ¤Î¼¡¤Î¾ÚÌÀ½ñ¤Î½ð̾¼Ô¤Î¸ø³«¸°¤¬Ç§¾Ú¤µ¤ì¤Æ¤¤¤ë¤³ ¤È¤Ë¤Ê¤ê¤Þ¤¹¡£ ¿¤¯¤Î CA ¤Ï¡¢Ï¢º¿¤ò¥µ¥Ý¡¼¥È¤»¤º¤Ëȯ¹ÔºÑ¤ß¤Î¾ÚÌÀ½ñ¤À¤±¤òÊÖ¤·¤Þ¤¹¡£ Æäˡ¢Ãæ´Ö¤Î CA ¤¬Â¸ºß¤·¤Ê¤¤¥Õ¥é¥Ã¥È¤Ê³¬Áع½Â¤¤Î¾ì¹ç¤Ï¡¢¤½¤Î·¹¸þ¤¬ ¸²Ãø¤Ç¤¹¡£¤³¤Î¤è¤¦¤Ê¾ì¹ç¤Ï¡¢¥¡¼¥¹¥È¥¢¤Ë¤¹¤Ç¤Ë³ÊǼ¤µ¤ì¤Æ¤¤¤ë¿®Íê¤Ç¤ ¤ë¾ÚÌÀ½ñ¾ðÊ󤫤顢¾ÚÌÀÏ¢º¿¤ò³ÎΩ¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£ Ê̤αþÅú·Á¼° (PKCS#7 ¤ÇÄêµÁ¤µ¤ì¤Æ¤¤¤ë·Á¼°) ¤Ç¤â¡¢È¯¹ÔºÑ¤ß¾ÚÌÀ½ñ¤Ë ²Ã¤¨¡¢¾ÚÌÀ½ñÏ¢º¿¤Î¥µ¥Ý¡¼¥È¤¬´Þ¤Þ¤ì¤Æ¤¤¤Þ¤¹¡£ keytool ¤Ç¤Ï¡¢¤É¤Á¤é¤Î±þÅú·Á¼°¤â°·¤¦¤³¤È¤¬¤Ç¤¤Þ¤¹¡£ ¥È¥Ã¥×¥ì¥Ù¥ë (¥ë¡¼¥È) CA ¤Î¾ÚÌÀ½ñ¤Ï¡¢¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Ç¤¹¡£¤¿¤À¤·¡¢¥ë¡¼¥È¤Î ¸ø³«¸°¤ËÂФ¹¤ë¿®Íê¤Ï¡¢¥ë¡¼¥È¤Î¾ÚÌÀ½ñ¼«ÂΤ«¤éƳ¤½Ð¤µ¤ì¤ë¤â¤Î¤Ç¤Ï¤Ê¤¯ (¤¿¤È¤¨¤Ð¡¢VeriSign ¥ë¡¼¥È CA ¤Î¤è¤¦¤ÊÍ̾¤Ê¼±ÊÌ̾¤ò»È¤Ã¤¿¼«¸Ê½ð̾¾ÚÌÀ½ñ ¤òºîÀ®¤¹¤ë¤³¤È¼«ÂΤÏï¤Ç¤â²Äǽ)¡¢¿·Ê¹¤Ê¤É¤Î¤Û¤«¤Î¾ðÊ󸻤ËͳÍ褹¤ë¤â¤Î¤Ç ¤¹¡£¥ë¡¼¥È CA ¤Î¸ø³«¸°¤Ï¹¤¯ÃΤé¤ì¤Æ¤¤¤Þ¤¹¡£¥ë¡¼¥È CA ¤Î¸ø³«¸°¤ò¾ÚÌÀ½ñ ¤Ë³ÊǼ¤¹¤ëÍýͳ¤Ï¡¢¾ÚÌÀ½ñ¤È¤¤¤¦·Á¼°¤Ë¤¹¤ë¤³¤È¤Ç¿¤¯¤Î¥Ä¡¼¥ë¤«¤éÍøÍѤǤ¤ë ¤è¤¦¤Ë¤Ê¤ë¤«¤é¤Ë¤¹¤®¤Þ¤»¤ó¡£¤Ä¤Þ¤ê¡¢¾ÚÌÀ½ñ¤Ï¡¢¥ë¡¼¥È CA ¤Î¸ø³«¸°¤ò±¿¤Ö ¡ÖÇÞÂΡפȤ·¤ÆÍøÍѤµ¤ì¤ë¤À¤±¤Ç¤¹¡£¥ë¡¼¥È CA ¤Î¾ÚÌÀ½ñ¤ò¥¡¼¥¹¥È¥¢¤ËÄɲä¹ ¤ë¤È¤¤Ï¡¢¤½¤ÎÁ°¤Ë¾ÚÌÀ½ñ¤ÎÆâÍƤòɽ¼¨¤· (-printcert ¥ª¥×¥·¥ç¥ó¤ò»ÈÍÑ)¡¢É½¼¨ ¤µ¤ì¤¿¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤È¡¢¿·Ê¹¤ä¥ë¡¼¥È CA ¤Î Web ¥Ú¡¼¥¸¤Ê¤É¤«¤éÆþ¼ê¤·¤¿ ´ûÃΤΥե£¥ó¥¬¡¼¥×¥ê¥ó¥È¤È¤òÈæ³Ó¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£ ¾ÚÌÀ½ñ¤Î¥¤¥ó¥Ý¡¼¥È¾ÚÌÀ½ñ¤ò¥Õ¥¡¥¤¥ë¤«¤é¥¤¥ó¥Ý¡¼¥È¤¹¤ë¤Ë¤Ï¡¢ -import ¥µ¥Ö¥³¥Þ¥ó¥É¤ò»È¤¤¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢¼¡¤Î¤è¤¦¤Ë¤·¤Þ¤¹¡£
example% keytool -import -alias joe -file jcertfile.cer ¤³¤ÎÎã¤Ï¡¢¥Õ¥¡¥¤¥ë jcertfile.cer ¤Î¾ÚÌÀ½ñ¤ò¥¤¥ó¥Ý¡¼¥È¤·¡¢ÊÌ̾ joe ¤Ë¤è¤Ã¤ÆÆÃÄꤵ¤ì¤ë¥¡¼¥¹¥È¥¢¥¨¥ó¥È¥ê¤Ë¾ÚÌÀ½ñ¤ò³ÊǼ¤·¤Þ¤¹¡£ ¾ÚÌÀ½ñ¤Î¥¤¥ó¥Ý¡¼¥È¤Ë¤Ï¡¢¼¡¤Î 2 ¤Ä¤ÎÌÜŪ¤¬¤¢¤ê¤Þ¤¹¡£
¤É¤Á¤é¤Î¼ïÎà¤Î¥¤¥ó¥Ý¡¼¥È¤ò¹Ô¤¦¤«¤Ï¡¢ -alias ¥ª¥×¥·¥ç¥ó¤ÎÃͤˤè¤Ã¤Æ»ØÄꤷ¤Þ¤¹¡£»ØÄꤷ¤¿ÊÌ̾¤¬¥Ç¡¼¥¿¥Ù¡¼¥¹Æâ¤Ë¸ºß¤·¡¢ ¤½¤ÎÊÌ̾¤Ë¤è¤Ã¤ÆÈó¸ø³«¸°¤ò»ý¤Ä¥¨¥ó¥È¥ê¤¬ÆÃÄꤵ¤ì¤ë¾ì¹ç¤Ï¡¢¾ÚÌÀ½ñ±þÅú ¤Î¥¤¥ó¥Ý¡¼¥È¤¬»ØÄꤵ¤ì¤¿¤â¤Î¤È¤ß¤Ê¤µ¤ì¤Þ¤¹¡£ keytool ¤Ï¡¢¾ÚÌÀ½ñ±þÅúÆâ¤Î¸ø³«¸°¤¬¡¢»ØÄꤵ¤ì¤¿ÊÌ̾¤Ç³ÊǼ¤µ¤ì¤¿¸ø³«¸°¤È°ìÃפ¹ ¤ë¤«¤É¤¦¤«¤òÄ´¤Ù¡¢°ìÃפ·¤Ê¤¤¾ì¹ç¤Ï½èÍý¤ò¹Ô¤¤¤Þ¤»¤ó¡£»ØÄꤵ¤ì¤¿ÊÌ̾¤Ç ÆÃÄꤵ¤ì¤ë¥¡¼¥¹¥È¥¢¥¨¥ó¥È¥ê¤¬¡¢¾åµ°Ê³°¤Î¼ïÎà¤Î¥¨¥ó¥È¥ê¤Ç¤¢¤ë¾ì¹ç¡¢¾ÚÌÀ½ñ ¤Ï¥¤¥ó¥Ý¡¼¥È¤µ¤ì¤Þ¤»¤ó¡£»ØÄꤵ¤ì¤¿ÊÌ̾¤¬Â¸ºß¤·¤Ê¤¤¾ì¹ç¤Ï¡¢ÊÌ̾¤¬ºîÀ®¤µ¤ì¡¢ ºîÀ®¤µ¤ì¤¿ÊÌ̾¤Ï¡¢¥¤¥ó¥Ý¡¼¥È¤µ¤ì¤¿¾ÚÌÀ½ñ¤Ë´ØÏ¢ÉÕ¤±¤é¤ì¤Þ¤¹¡£ ¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¤Î¥¤¥ó¥Ý¡¼¥È¤Ë´Ø¤¹¤ëÃí°Õ»ö¹à ½ÅÍ×: ¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¤È¤·¤Æ¾ÚÌÀ½ñ¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ëÁ°¤Ë¡¢¾ÚÌÀ½ñ¤Î ÆâÍƤò¿µ½Å¤ËÄ´¤Ù¤Æ¤¯¤À¤µ¤¤¡£ ¤Þ¤º¡¢¾ÚÌÀ½ñ¤ÎÆâÍƤòɽ¼¨¤· ( -printcert ¥µ¥Ö¥³¥Þ¥ó¥É¤ò»ÈÍѤ¹¤ë¤«¡¢¤Þ¤¿¤Ï -noprompt ¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤Ê¤¤¤Ç -import ¥µ¥Ö¥³¥Þ¥ó¥É¤ò»ÈÍÑ)¡¢É½¼¨¤µ¤ì¤¿¾ÚÌÀ½ñ¤Î¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤¬¡¢´üÂÔ¤µ¤ì¤ë¥Õ¥£¥ó ¥¬¡¼¥×¥ê¥ó¥È¤È°ìÃפ¹¤ë¤«¤É¤¦¤«¤ò³Îǧ¤·¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢¤¢¤ë¥æ¡¼¥¶¤«¤é¾ÚÌÀ½ñ ¤¬Á÷¤é¤ì¤Æ¤¤Æ¡¢¤³¤Î¾ÚÌÀ½ñ¤ò /tmp/cert ¤È¤¤¤¦Ì¾Á°¤Ç¥Õ¥¡¥¤¥ë¤Ë³ÊǼ¤·¤Æ¤¤¤ë¤È¤·¤Þ¤¹¡£¤³¤Î¾ì¹ç¤Ï¡¢¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¤Î ¥ê¥¹¥È¤Ë¤³¤Î¾ÚÌÀ½ñ¤òÄɲ乤ëÁ°¤Ë¡¢ -printcert ¥µ¥Ö¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Æ¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤òɽ¼¨¤Ç¤¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢¼¡¤Î¤è¤¦¤Ë¤· ¤Þ¤¹¡£
example% keytool -printcert -file /tmp/cert Owner: CN=ll, OU=ll, O=ll, L=ll, S=ll, C=ll Issuer: CN=ll, OU=ll, O=ll, L=ll, S=ll, C=ll Serial Number: 59092b34 Valid from: Thu Sep 25 18:01:13 PDT 1997 until: Wed Dec 24 17:01:13 PST 1997 Certificate Fingerprints: MD5: 11:81:AD:92:C8:E5:0E:A2:01:2E:D4:7A:D7:5F:07:6F SHA1: 20:B6:17:FA:EF:E5:55:8A:D0:71:1F:E8:D6:9D:C0:37:13:0E:5E:FE ¼¡¤Ë¡¢¾ÚÌÀ½ñ¤òÁ÷¿®¤·¤¿¿Íʪ¤ËÏ¢Íí¤·¡¢¤³¤Î¿Íʪ¤¬Ä󼨤·¤¿¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È ¤È¡¢¾å¤Î¥³¥Þ¥ó¥É¤Çɽ¼¨¤µ¤ì¤¿¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤È¤òÈæ³Ó¤·¤Þ¤¹¡£¥Õ¥£¥ó¥¬¡¼¥× ¥ê¥ó¥È¤¬°ìÃפ¹¤ì¤Ð¡¢Á÷¿®ÅÓÃæ¤Ç¤Û¤«¤Î²¿¼Ô¤« (¹¶·â¼Ô¤Ê¤É) ¤Ë¤è¤ë¾ÚÌÀ½ñ¤Î ¤¹¤êÂؤ¨¤¬¹Ô¤ï¤ì¤Æ¤¤¤Ê¤¤¤³¤È¤ò³Îǧ¤Ç¤¤Þ¤¹¡£Á÷¿®ÅÓÃæ¤Ç¤³¤Î¼ï¤Î¹¶·â¤¬¹Ô ¤ï¤ì¤Æ¤¤¤¿¾ì¹ç¡¢¥Á¥§¥Ã¥¯¤ò¹Ô¤ï¤º¤Ë¾ÚÌÀ½ñ¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ë¤È¡¢¹¶·â¼Ô¤Ë¤è¤Ã ¤Æ½ð̾¤µ¤ì¤¿¤¹¤Ù¤Æ¤Î¤â¤Î (¹¶·âŪ°Õ¿Þ¤ò»ý¤Ä¥¯¥é¥¹¥Õ¥¡¥¤¥ë¤ò´Þ¤ó¤À JAR ¥Õ ¥¡¥¤¥ë¤Ê¤É) ¤ò¿®Íꤹ¤ë¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£ Ãí: ¾ÚÌÀ½ñ¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ëÁ°¤Ëɬ¤º -printcert ¥µ¥Ö¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¤ï¤±¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£ -import ¥µ¥Ö¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¤È¡¢¥¡¼¥¹¥È¥¢Æâ¤Î¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¤Î¥ê¥¹¥È¤Ë¾ÚÌÀ½ñ¤ò Äɲ乤ëÁ°¤Ë¡¢¾ÚÌÀ½ñ¤Î¾ðÊó¤¬É½¼¨¤µ¤ì¡¢³Îǧ¤òµá¤á¤ë¥á¥Ã¥»¡¼¥¸¤¬É½¼¨¤µ¤ì ¤Þ¤¹¡£¥¤¥ó¥Ý¡¼¥ÈÁàºî¤Ï¡¢¤³¤Î»þÅÀ¤ÇÃæ»ß¤Ç¤¤Þ¤¹¡£¤¿¤À¤·¡¢³Îǧ¥á¥Ã¥»¡¼¥¸¤¬É½ ¼¨¤µ¤ì¤ë¤Î¤Ï¡¢ -import ¥µ¥Ö¥³¥Þ¥ó¥É¤ò -noprompt ¥ª¥×¥·¥ç¥ó¤ò»ØÄꤻ¤º¤Ë¼Â¹Ô¤·¤¿¾ì¹ç¤À¤±¤Ç¤¹¡£ -noprompt ¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢¥æ¡¼¥¶¤È¤ÎÂÐÏäϹԤï¤ì¤Þ¤»¤ó¡£ ¾ÚÌÀ½ñ¤Î¥¨¥¯¥¹¥Ý¡¼¥È¾ÚÌÀ½ñ¤ò¥Õ¥¡¥¤¥ë¤Ë¥¨¥¯¥¹¥Ý¡¼¥È¤¹¤ë¤Ë¤Ï¡¢ -export ¥µ¥Ö¥³¥Þ¥ó¥É¤ò»È¤¤¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢¼¡¤Î¤è¤¦¤Ë¤·¤Þ¤¹¡£
example% keytool -export -alias jane -file janecertfile.cer ¤³¤ÎÎã¤Ï¡¢ jane ¤Î¾ÚÌÀ½ñ¤ò¥Õ¥¡¥¤¥ë janecertfile.cer ¤Ë¥¨¥¯¥¹¥Ý¡¼¥È¤·¤Þ¤¹¡£ jane ¤¬¸°¥¨¥ó¥È¥ê¤ÎÊÌ̾¤Ç¤¢¤ë¾ì¹ç¤Ï¡¢»ØÄꤵ¤ì¤¿¥¡¼¥¹¥È¥¢¥¨¥ó¥È¥ê¤Î¾ÚÌÀÏ¢º¿¤Î ºÇ¸å¤Î¾ÚÌÀ½ñ¤ò¥¨¥¯¥¹¥Ý¡¼¥È¤·¤Þ¤¹¡£¤³¤Î¾ÚÌÀ½ñ¤Ï¡¢ jane ¤Î¸ø³«¸°¤òǧ¾Ú¤¹¤ë¾ÚÌÀ½ñ¤Ç¤¹¡£ °ìÊý¡¢ jane ¤¬¡¢¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¤Î¥¨¥ó¥È¥ê¤ÎÊÌ̾¤Ç¤¢¤ë¾ì¹ç¤Ï¡¢³ºÅö¤¹¤ë¿®Íê¤Ç¤¤ë ¾ÚÌÀ½ñ¤¬¥¨¥¯¥¹¥Ý¡¼¥È¤µ¤ì¤Þ¤¹¡£ ¾ÚÌÀ½ñ¤Îɽ¼¨¥¡¼¥¹¥È¥¢¥¨¥ó¥È¥ê¤ÎÆâÍƤòɽ¼¨¤¹¤ë¤Ë¤Ï¡¢ -list ¥µ¥Ö¥³¥Þ¥ó¥É¤ò»È¤¤¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢¼¡¤Î¤è¤¦¤Ë¤·¤Þ¤¹¡£
example% keytool -list -alias joe ¼¡¤Ï¡¢ÊÌ̾¤ò»ØÄꤷ¤Ê¤¤Îã¤Ç¤¹¡£
example% keytool -list ÊÌ̾¤ò»ØÄꤷ¤Ê¤¤¾ì¹ç¤Ï¡¢¥¡¼¥¹¥È¥¢Á´ÂΤÎÆâÍƤ¬É½¼¨¤µ¤ì¤Þ¤¹¡£ ¥Õ¥¡¥¤¥ë¤Ë³ÊǼ¤µ¤ì¤Æ¤¤¤ë¾ÚÌÀ½ñ¤ÎÆâÍƤòɽ¼¨¤¹¤ë¤Ë¤Ï¡¢ -printcert ¥µ¥Ö¥³¥Þ¥ó¥É¤ò»È¤¤¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢¼¡¤Î¤è¤¦¤Ë¤·¤Þ¤¹¡£
example% keytool -printcert -file certfile.cer ¤³¤ÎÎã¤Ç¤Ï¡¢¥Õ¥¡¥¤¥ë certfile.cer ¤Ë³ÊǼ¤µ¤ì¤Æ¤¤¤ë¾ÚÌÀ½ñ¤Î¾ðÊó¤¬É½¼¨¤µ¤ì¤Þ¤¹¡£ Ãí: ¤³¤Î¥³¥Þ¥ó¥É¤Ï¡¢¥¡¼¥¹¥È¥¢¤È¤Ï´Ø·¸¤Ê¤¯Æ°ºî¤·¤Þ¤¹¡£¤Ä¤Þ¤ê¡¢¥¡¼¥¹¥È¥¢¤¬ ¤Ê¤¤¾ì¹ç¤Ç¤â¡¢¥Õ¥¡¥¤¥ë¤Ë³ÊǼ¤µ¤ì¤¿¾ÚÌÀ½ñ¤òɽ¼¨¤Ç¤¤Þ¤¹¡£ ¼«¸Ê½ð̾¾ÚÌÀ½ñ¤ÎÀ¸À®¡Ö¼«¸Ê½ð̾¾ÚÌÀ½ñ¡×¤È¤Ï¡¢È¯¹Ô¼Ô (½ð̾¼Ô) ¤È¼çÂÎ (¾ÚÌÀ½ñ¤Ë¤è¤Ã¤Æǧ¾Ú¤µ¤ì¤ë ¸ø³«¸°¤ò½êͤ·¤Æ¤¤¤ë¥¨¥ó¥Æ¥£¥Æ¥£) ¤È¤¬Æ±°ì¤Î¾ÚÌÀ½ñ¤Î¤³¤È¤Ç¤¹¡£ -genkey ¥µ¥Ö¥³¥Þ¥ó¥É¤ò¸Æ¤Ó½Ð¤·¤Æ¿·¤·¤¤¸ø³«¸°¤ÈÈó¸ø³«¸°¤Î¥Ú¥¢¤òºîÀ®¤¹¤ë¤È¡¢¸ø³«¸°¤Ï ¾ï¤Ë¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Ç¥é¥Ã¥×¤µ¤ì¤Þ¤¹¡£ ¾ì¹ç¤Ë¤è¤Ã¤Æ¤Ï¡¢¿·¤·¤¤¼«¸Ê½ð̾¾ÚÌÀ½ñ¤òºîÀ®¤·¤¿¤¤¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£ ¤¿¤È¤¨¤Ð¡¢Æ±¤¸¸°¤Î¥Ú¥¢¤òÊ̤Υ¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£ (¼±ÊÌ̾) ¤Ç»È¤¤¤¿¤¤¾ì¹ç¤Ê¤É ¤Ç¤¹¡£Îã¤È¤·¤Æ¡¢½ê°Éô²Ý¤¬Êѹ¹¤Ë¤Ê¤Ã¤¿¤È¤·¤Þ¤¹¡£¤³¤Î¾ì¹ç¤Ï¡¢¼¡¤Î¤è¤¦¤Ë¤· ¤Þ¤¹¡£
¼«¸Ê½ð̾¾ÚÌÀ½ñ¤òÀ¸À®¤¹¤ë¤Ë¤Ï¡¢ -selfcert ¥µ¥Ö¥³¥Þ¥ó¥É¤ò»È¤¤¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢¼¡¤Î¤è¤¦¤Ë¤·¤Þ¤¹¡£
example% keytool -selfcert -alias dukeNew -keypass b92kqmp -dname "cn=Duke Smith, ou=Purchasing, o=BlueSoft, c=US" À¸À®¤µ¤ì¤¿¾ÚÌÀ½ñ¤Ï¡¢»ØÄꤷ¤¿ÊÌ̾ (¤³¤ÎÎã¤Ç¤Ï dukeNew) ¤Ë¤è¤Ã¤Æ ÆÃÄꤵ¤ì¤ë¥¡¼¥¹¥È¥¢¥¨¥ó¥È¥ê¤Ë¡¢Í×ÁǤò 1 ¤Ä¤À¤±»ý¤Ä¾ÚÌÀÏ¢º¿¤È¤·¤Æ³ÊǼ¤µ¤ì ¤Þ¤¹¡£³ºÅö¤¹¤ë¥¡¼¥¹¥È¥¢¥¨¥ó¥È¥ê¤Î´û¸¤Î¾ÚÌÀÏ¢º¿¤Ï¡¢¿·¤·¤¤¾ÚÌÀÏ¢º¿¤Ë¤è¤Ã¤Æ ÃÖ¤´¹¤¨¤é¤ì¤Þ¤¹¡£ »ÈÍÑÊýË¡°Ê²¼¤Ç¤Ï¡¢¥µ¥Ö¥³¥Þ¥ó¥É¤È¤½¤Î¥ª¥×¥·¥ç¥ó¤Ë¤Ä¤¤¤ÆÀâÌÀ¤·¤Þ¤¹¡£¥³¥Þ¥ó¥É¤È¥ª¥×¥·¥ç¥ó¤ò»ØÄꤹ¤ë¤È¤¤Ï¡¢¼¡¤ÎÅÀ¤ËÃí°Õ¤·¤Æ¤¯¤À¤µ¤¤¡£
example% keytool -printcert {-file cert_file} {-v} -printcert ¥µ¥Ö¥³¥Þ¥ó¥É¤ò»ØÄꤹ¤ë¤È¤¤Ï¡¢ cert_file ¤ÎÂå¤ï¤ê¤Ë¼ÂºÝ¤Î¥Õ¥¡¥¤¥ë̾¤ò»ØÄꤹ¤ë¡£¼¡¤ËÎã¤ò¼¨¤¹
example% keytool -printcert -file VScert.cer
example% keytool ¤³¤ì¤Ï¡¢¼¡¤Î¤è¤¦¤Ë»ØÄꤹ¤ë¤³¤È¤ÈƱ¤¸¤Ç¤¢¤ë
example% keytool -help ¥ª¥×¥·¥ç¥ó¤Î´ûÄêÃÍ¥ª¥×¥·¥ç¥ó¤Î´ûÄêÃͤϡ¢¼¡¤Î¤È¤ª¤ê¤Ç¤¹¡£
-alias "mykey" -keyalg "DSA" -keysize 1024 -validity 90 -keystore ¥æ¡¼¥¶¤Î¥Û¡¼¥à¥Ç¥£¥ì¥¯¥È¥ê¤Î .keystore ¤È¤¤¤¦¥Õ¥¡¥¤¥ë -file Æɤ߹þ¤ß¤Î¾ì¹ç¤Ïɸ½àÆþÎÏ¡¢½ñ¤¹þ¤ß¤Î¾ì¹ç¤Ïɸ½à½ÐÎÏ ½ð̾¥¢¥ë¥´¥ê¥º¥à ( -sigalg ¥ª¥×¥·¥ç¥ó) ¤Ï¡¢´ð¤Ë¤Ê¤ëÈó¸ø³«¸°¤Î¥¢¥ë¥´¥ê¥º¥à¤«¤éÇÉÀ¸¤·¤Þ¤¹¡£´ð¤Ë¤Ê¤ë Èó¸ø³«¸°¤Î¥¿¥¤¥×¤¬ DSA ¤Ç¤¢¤ê¡¢ -sigalg Èó¸ø³«¸°¤Î¥¿¥¤¥×¤¬ RSA ¤Ç¤¢¤ë¾ì¹ç¡¢ -sigalg ¤Ï´ûÄêÃÍ¤Ç MD5withRSA ¤Ë¤Ê¤ê¤Þ¤¹¡£ ¤Û¤È¤ó¤É¤Î¥µ¥Ö¥³¥Þ¥ó¥É¤Ç»È¤ï¤ì¤ë¥ª¥×¥·¥ç¥ó-v ¥ª¥×¥·¥ç¥ó¤Ï¡¢ -help ¤ò½ü¤¯¤¹¤Ù¤Æ¤Î¥µ¥Ö¥³¥Þ¥ó¥É¤Ç»ÈÍѤǤ¤Þ¤¹¡£¤³¤Î¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤¿¾ì¹ç¡¢¥³¥Þ¥ó¥É¤Ï¡Ö¾éĹ¡×¥â¡¼¥É¤Ç¼Â¹Ô¤µ¤ì¡¢¾ÜºÙ¤Ê¾ÚÌÀ½ñ¾ðÊ󤬽ÐÎϤµ¤ì¤Þ¤¹¡£ ¤Þ¤¿¡¢ -Jjavaoption ¥ª¥×¥·¥ç¥ó¤â¡¢Ç¤°Õ¤Î¥µ¥Ö¥³¥Þ¥ó¥É¤Ç»ÈÍѤǤ¤Þ¤¹¡£¤³¤Î¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤¿¾ì¹ç¡¢»ØÄꤵ¤ì¤¿ -javaoption ʸ»úÎó¤¬ Java ¥¤¥ó¥¿¥×¥ê¥¿¤ËľÀÜÅϤµ¤ì¤Þ¤¹¡£ keytool ¤Ï¡¢¼ÂºÝ¤Ë¤Ï Java ¥¤¥ó¥¿¥×¥ê¥¿¤ËÂФ¹¤ë¡Ö¥é¥Ã¥Ñ¡¼¡×¤Ç¤¹¡£¤³¤Î¥ª¥×¥·¥ç¥ó¤Ë¤Ï¡¢¶õÇò¤ò´Þ¤á¤ë¤³¤È¤Ï¤Ç¤¤Þ¤»¤ó¡£¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¡¢¼Â¹Ô´Ä¶¤Þ¤¿¤Ï¥á¥â¥ê»ÈÍѤòÄ´À°¤¹¤ë¾ì¹ç¤ËÊØÍø¤Ç¤¹¡£»ØÄê¤Ç¤¤ë¥¤¥ó¥¿¥×¥ê¥¿¥ª¥×¥·¥ç¥ó¤ò°ìÍ÷ɽ¼¨¤¹¤ë¤Ë¤Ï¡¢¥³¥Þ¥ó¥É¹Ô¤Ç java -h ¤Þ¤¿¤Ï java -X ¤ÈÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£ ¼¡¤Î 3 ¤Ä¤Î¥ª¥×¥·¥ç¥ó¤Ï¡¢¥¡¼¥¹¥È¥¢¤ËÂФ¹¤ëÁàºî¤ò¹Ô¤¦¤¹¤Ù¤Æ¤Î¥³¥Þ¥ó¥É¤Ç»Ø Äê¤Ç¤¤Þ¤¹¡£
¥¡¼¥¹¥È¥¢¤«¤é¾ðÊó¤ò¼è¤ê½Ð¤¹¾ì¹ç¤Ï¡¢¥Ñ¥¹¥ï¡¼¥É¤ò¾Êά¤Ç¤¤Þ¤¹¡£ ¥Ñ¥¹¥ï¡¼¥É¤ò¾Êά¤¹¤ë¤È¡¢¼è¤ê½Ð¤¹¾ðÊó¤Î´°Á´À¤ò¥Á¥§¥Ã¥¯¤Ç¤¤Ê¤¤¤Î ¤Ç¡¢·Ù¹ð¤¬É½¼¨¤µ¤ì¤Þ¤¹¡£ ¥Ñ¥¹¥ï¡¼¥É¤Î°·¤¤¤Ë¤Ï½½Ê¬Ãí°Õ¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¡Ö ¥Ñ¥¹¥ï¡¼¥É¤Ë´Ø¤¹¤ëÃí°Õ»ö¹à ¡×¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£ ¥Ñ¥¹¥ï¡¼¥É¤Ë´Ø¤¹¤ëÃí°Õ»ö¹à¥¡¼¥¹¥È¥¢¤ËÂФ¹¤ëÁàºî¤ò¹Ô¤¦¤Û¤È¤ó¤É¤Î¥µ¥Ö¥³¥Þ¥ó¥É¤Ç¤Ï¡¢¥¹¥È¥¢¤Î¥Ñ¥¹¥ï¡¼¥É¤¬ ɬÍפǤ¹¡£¤Þ¤¿¡¢°ìÉô¤Î¥µ¥Ö¥³¥Þ¥ó¥É¤Ç¤Ï¡¢Èó¸ø³«¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤¬É¬Í×¤Ë¤Ê¤ë ¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£ ¥Ñ¥¹¥ï¡¼¥É¤Ï¥³¥Þ¥ó¥É¹Ô¤Ç»ØÄê¤Ç¤¤Þ¤¹ (¥¹¥È¥¢¤Î¥Ñ¥¹¥ï¡¼¥É¤Ë¤Ï -storepass ¥ª¥×¥·¥ç¥ó¡¢Èó¸ø³«¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤Ë¤Ï -keypass ¥ª¥×¥·¥ç¥ó¤ò»ÈÍÑ)¡£¤¿¤À¤·¡¢¥Æ¥¹¥È¤òÌÜŪ¤È¤¹¤ë¾ì¹ç¡¢¤Þ¤¿¤Ï°ÂÁ´¤Ç¤¢¤ë¤³¤È¤¬ ¤ï¤«¤Ã¤Æ¤¤¤ë¥·¥¹¥Æ¥à¤Ç¼Â¹Ô¤¹¤ë¾ì¹ç°Ê³°¤Ï¡¢¥³¥Þ¥ó¥É¹Ô¤ä¥¹¥¯¥ê¥×¥È¤Ç¥Ñ¥¹¥ï ¡¼¥É¤ò»ØÄꤷ¤Ê¤¤¤Ç¤¯¤À¤µ¤¤¡£ ɬÍפʥѥ¹¥ï¡¼¥É¤Î¥ª¥×¥·¥ç¥ó¤ò¥³¥Þ¥ó¥É¹Ô¤Ç»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï¡¢ ¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£password ¥×¥í¥ó¥×¥È¤Ç¥Ñ¥¹¥ï¡¼¥É¤òÆþÎÏ ¤¹¤ë¤È¡¢ÆþÎϤ·¤¿¥Ñ¥¹¥ï¡¼¥É¤¬¥¨¥³¡¼¤µ¤ì¡¢¤½¤Î¤Þ¤Þ²èÌ̤Ëɽ¼¨¤µ¤ì¤Þ¤¹¡£¤³ ¤Î¤¿¤á¡¢¼þ°Ï¤Ë¤Û¤«¤Î¥æ¡¼¥¶¤¬¤¤¤ë¾ì¹ç¤Ï¡¢¥Ñ¥¹¥ï¡¼¥É¤ò¸«¤é¤ì¤Ê¤¤¤è¤¦¤Ë Ãí°Õ¤·¤Æ¤¯¤À¤µ¤¤¡£ ¥µ¥Ö¥³¥Þ¥ó¥É»ÈÍÑÊýË¡¤â»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£ ¥¡¼¥¹¥È¥¢¤Ø¤Î¥Ç¡¼¥¿¤ÎÄɲÃ
{-noprompt} {-trustcacerts} {-storetype {-keystore keystore} [-storepass storepass] [-provider provider_class_name] {-v} {-Jjavaoption}
{-validity {-storetype storetype} {-keystore keystore} [-storepass storepass] [-provider provider_class_name] {-v} {-Jjavaoption} À¸À®¤µ¤ì¤¿¾ÚÌÀ½ñ¤Ï¡¢Ã±°ì¤ÎÍ×ÁǤò»ý¤Ä¾ÚÌÀÏ¢º¿¤È¤·¤Æ¡¢ alias ¤ÇÆÃÄꤵ¤ì¤ë¥¡¼¥¹¥È¥¢¥¨¥ó¥È¥ê¤Ë³ÊǼ¤µ¤ì¤Þ¤¹¡£³ºÅö¤¹¤ë¥¨¥ó¥È¥ê¤Î´û¸¤Î ¾ÚÌÀÏ¢º¿¤Ï¡¢¿·¤·¤¤¾ÚÌÀÏ¢º¿¤Ë¤è¤Ã¤ÆÃÖ¤´¹¤¨¤é¤ì¤Þ¤¹¡£ sigalg ¤Ë¤Ï¡¢¾ÚÌÀ½ñ¤Ë½ð̾¤òÉÕ¤±¤ë¤È¤¤Ë»È¤¦¥¢¥ë¥´¥ê¥º¥à¤ò»ØÄꤷ¤Þ¤¹¡£¡Ö¥µ¥Ý¡¼¥È¤µ¤ì¤ë¥¢¥ë¥´¥ê¥º¥à¤È¸°¤Î¥µ¥¤¥º¡×¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£ Èó¸ø³«¸°¤Ï¥¡¼¥¹¥È¥¢Æâ¤Ç¤Ï¥Ñ¥¹¥ï¡¼¥É¤Ë¤è¤Ã¤ÆÊݸ¤ì¤Æ¤¤¤ë¤Î¤Ç¡¢Èó¸ø³« ¸°¤Ë¥¢¥¯¥»¥¹¤¹¤ë¤Ë¤Ï¡¢Å¬Àڤʥѥ¹¥ï¡¼¥É¤òÄ󶡤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¥³¥Þ¥ó¥É¹Ô¤Ç keypass ¤ò»ØÄꤷ¤Æ¤ª¤é¤º¡¢Èó¸ø³«¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤¬¥¡¼¥¹¥È¥¢¤Î¥Ñ¥¹¥ï¡¼¥É¤È°Û¤Ê¤ë¾ì ¹ç¤Ï¡¢Èó¸ø³«¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£¥Ñ¥¹¥ï¡¼¥É¤Î°·¤¤¤Ë¤Ï½½ ʬÃí°Õ¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¡Ö ¥Ñ¥¹¥ï¡¼¥É¤Ë´Ø¤¹¤ëÃí°Õ»ö¹à ¡×¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£ valDays ¤Ë¤Ï¡¢¾ÚÌÀ½ñ¤Î͸úÆü¿ô¤ò»ØÄꤷ¤Þ¤¹¡£ {-keystore keystore} [-storepass storepass] [-provider provider_class_name] {-v} {-Jjavaoption}
¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¥Ç¡¼¥¿¥Ù¡¼¥¹¤Î¥¨¥ó¥È¥ê (¡Ö¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¡×) ¤Î¤¦¤Á¡¢¥¡¼¥¹¥È¥¢ ¤Ë¥¤¥ó¥Ý¡¼¥È¤µ¤ì¤ë¤Î¤Ï¡¢¿®Íê¤Ç¤¤ë¤â¤Î¤È¤·¤Æ¥Þ¡¼¥¯¤µ¤ì¤¿¥¨¥ó¥È¥ê¤À¤±¤Ç¤¹¡£¤½ ¤Î¾¤Î¤¹¤Ù¤Æ¤Î¥¨¥ó¥È¥ê¤Ï̵»ë¤µ¤ì¤Þ¤¹¡£¿®Íê¤Ç¤¤ë¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¤´¤È¤Ë¡¢¥ ¡¼¥¹¥È¥¢¥¨¥ó¥È¥ê¤¬ 1 ¤ÄºîÀ®¤µ¤ì¤Þ¤¹¡£¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¤Î̾Á°¤Ï¡¢¥¡¼¥¹¥È¥¢¥¨¥ó ¥È¥ê¤Î¡ÖÊÌ̾¡×¤È¤·¤Æ»È¤ï¤ì¤Þ¤¹¡£ ¿®Íê¤Ç¤¤ë¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¤«¤é¤Î¤¹¤Ù¤Æ¤ÎÈó¸ø³«¸°¤Ï¡¢¤É¤ì¤âƱ¤¸¥Ñ¥¹¥ï¡¼¥É storepass ¤Ç°Å¹æ²½¤µ¤ì¤Þ¤¹¡£¤³¤Î¥Ñ¥¹¥ï¡¼¥É¤Ï¡¢¥¡¼¥¹¥È¥¢¤Î´°Á´À¤òÊݸ¤ë ¤¿¤á¤Ë»È¤ï¤ì¤ë¥Ñ¥¹¥ï¡¼¥É¤ÈƱ¤¸¤Ç¤¹¡£ keytool ¤Î -keypasswd ¥³¥Þ¥ó¥É¤Î¥ª¥×¥· ¥ç¥ó¤ò»È¤¨¤Ð¡¢¤¢¤È¤Ç¸ÄÊ̤ËÈó¸ø³«¸°¤Ë¥Ñ¥¹¥ï¡¼¥É¤ò³ä¤êÅö¤Æ¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£ ¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¥Ç¡¼¥¿¥Ù¡¼¥¹Æâ¤Î¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¤Ï¡¢¤½¤ì¤¾¤ì¤¬Æ±¤¸¸ø³«¸° ¤òǧ¾Ú¤¹¤ëÊ£¿ô¤Î¾ÚÌÀ½ñ¤ò´Þ¤ó¤Ç¤¤¤ë¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£°ìÊý¡¢Èó¸ø³«¸°¤ò³ÊǼ ¤¹¤ë¥¡¼¥¹¥È¥¢¤Î¸°¥¨¥ó¥È¥ê¤Ë´Þ¤Þ¤ì¤ë¤Î¤Ï¡¢¤½¤ÎÈó¸ø³«¸°¤È¡¢Ã±°ì¤Î¡Ö¾ÚÌÀÏ¢º¿ ¡×(ºÇ½é¤Ïñ°ì¤Î¾ÚÌÀ½ñ¤À¤±) ¤Ç¤¢¤ê¡¢Èó¸ø³«¸°¤ËÂбþ¤¹¤ë¸ø³«¸°¤ÏÏ¢º¿Æâ¤ÎºÇ ½é¤Î¾ÚÌÀ½ñ¤Ë´Þ¤Þ¤ì¤Æ¤¤¤Þ¤¹¡£¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¤«¤é¾ðÊó¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ë¾ì¹ç¤Ï ¡¢¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¤ÎºÇ½é¤Î¾ÚÌÀ½ñ¤À¤±¤¬¥¡¼¥¹¥È¥¢¤Ë³ÊǼ¤µ¤ì¤Þ¤¹¡£¤³¤ì¤Ï¡¢¥¢ ¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¥Ç¡¼¥¿¥Ù¡¼¥¹Æâ¤Î¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¤Î̾Á°¤¬¡¢Âбþ¤¹¤ë¥¡¼¥¹¥È¥¢ ¥¨¥ó¥È¥ê¤ÎÊÌ̾¤È¤·¤Æ»È¤ï¤ì¡¢ÊÌ̾¤Ï¥¡¼¥¹¥È¥¢Æâ¤Ç°ì°Õ¤Ç¤¢¤ë¤¿¤á¤Ç¤¹¡£ ¥Ç¡¼¥¿¤Î¥¨¥¯¥¹¥Ý¡¼¥È
{-keystore keystore} [-storepass storepass] [-provider provider_class_name] {-rfc} {-v} {-Jjavaoption} ¥Õ¥¡¥¤¥ë¤¬»ØÄꤵ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¡¢ ɸ½à½ÐÎÏ ¤Ë¾ÚÌÀ½ñ¤¬½ÐÎϤµ¤ì¤Þ¤¹¡£ ¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢¥Ð¥¤¥Ê¥ê¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°¤Î¾ÚÌÀ½ñ¤¬½ÐÎϤµ¤ì¤Þ¤¹¡£¤¿¤À¤·¡¢ -rfc ¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤¿¾ì¹ç¤Ï¡¢¥×¥ê¥ó¥È²Äǽ¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°Êý¼°¤Î¾ÚÌÀ½ñ¤¬ ½ÐÎϤµ¤ì¤Þ¤¹¡£¥×¥ê¥ó¥È²Äǽ¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°Êý¼°¤Ï¡¢¥¤¥ó¥¿¡¼¥Í¥Ã¥È RFC 1421 ¾ÚÌÀ½ñ¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°µ¬³Ê¤ÇÄêµÁ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£ alias ¤¬¡¢¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¤ò»²¾È¤·¤Æ¤¤¤ë¾ì¹ç¤Ï¡¢³ºÅö¤¹¤ë¾ÚÌÀ½ñ¤¬½ÐÎϤµ¤ì¤Þ¤¹¡£ ¤½¤ì°Ê³°¤Î¾ì¹ç¡¢ alias ¤Ï¡¢´ØÏ¢ÉÕ¤±¤é¤ì¤¿¾ÚÌÀÏ¢º¿¤ò»ý¤Ä¸°¥¨¥ó¥È¥ê¤ò»²¾È¤·¤Þ¤¹¡£¤³¤Î¾ì¹ç¤Ï¡¢Ï¢º¿ Æâ¤ÎºÇ½é¤Î¾ÚÌÀ½ñ¤¬ÊÖ¤µ¤ì¤Þ¤¹¡£¤³¤Î¾ÚÌÀ½ñ¤Ï¡¢ alias ¤Ë¤è¤Ã¤Æɽ¤µ¤ì¤ë¥¨¥ó¥Æ¥£¥Æ¥£¤Î¸ø³«¸°¤òǧ¾Ú¤¹¤ë¾ÚÌÀ½ñ¤Ç¤¹¡£ ¥Ç¡¼¥¿¤Îɽ¼¨
¾ÚÌÀ½ñ¤Ï¡¢¥Ð¥¤¥Ê¥ê¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°¤Þ¤¿¤Ï¥×¥ê¥ó¥È²Äǽ¥¨¥ó¥³¡¼¥Ç¥£¥ó¥° Êý¼°¤Çɽ¼¨¤Ç¤¤Þ¤¹¡£¥×¥ê¥ó¥È²Äǽ¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°Êý¼°¤Ï¡¢¥¤¥ó¥¿¡¼¥Í¥Ã¥È RFC 1421 ¾ÚÌÀ½ñ¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°µ¬³Ê¤ÇÄêµÁ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£ Ãí: ¤³¤Î¥³¥Þ¥ó¥É¤Ï¥¡¼¥¹¥È¥¢¤È¤Ï´Ø·¸¤Ê¤¯Æ°ºî¤·¤Þ¤¹¡£ ¥¡¼¥¹¥È¥¢¤Î´ÉÍý
{-keystore [-provider provider_class_name] {-v} {-Jjavaoption}
¥Ñ¥¹¥ï¡¼¥É¤Î°·¤¤¤Ë¤Ï½½Ê¬Ãí°Õ¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£ ¡Ö ¥Ñ¥¹¥ï¡¼¥É¤Ë´Ø¤¹¤ëÃí°Õ»ö¹à ¡×¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£ [-new {-keystore keystore} [-storepass storepass] [-provider provider_class_name] {-v} {-Jjavaoption} ¥³¥Þ¥ó¥É¹Ô¤Ç -keypass ¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤Æ¤ª¤é¤º¡¢Èó¸ø³«¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤¬¥¡¼¥¹¥È¥¢¤Î¥Ñ¥¹¥ï¡¼¥É¤È °Û¤Ê¤ë¾ì¹ç¤Ï¡¢Èó¸ø³«¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£ ¥³¥Þ¥ó¥É¹Ô¤Ç -new ¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï¡¢¿·¤·¤¤¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£ ¥Ñ¥¹¥ï¡¼¥É¤Î°·¤¤¤Ë¤Ï½½Ê¬Ãí°Õ¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¡Ö ¥Ñ¥¹¥ï¡¼¥É¤Ë´Ø¤¹¤ëÃí°Õ»ö¹à ¡×¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£ {-keystore [-provider provider_class_name] {-v} {-Jjavaoption} ¥Ø¥ë¥×¤Îɽ¼¨
Î㤳¤³¤Ç¤Ï¡¢¼«Ê¬¤Î¸°¤Î¥Ú¥¢¤ª¤è¤Ó¿®Íê¤Ç¤¤ë¥¨¥ó¥Æ¥£¥Æ¥£¤«¤é¤Î¾ÚÌÀ½ñ¤ò´ÉÍý ¤¹¤ë¤¿¤á¤Î¥¡¼¥¹¥È¥¢¤òºîÀ®¤¹¤ë¾ì¹ç¤òÎã¤È¤·¤Æ¼¨¤·¤Þ¤¹¡£ ¸°¤Î¥Ú¥¢¤ÎÀ¸À®¤Þ¤º¡¢¥¡¼¥¹¥È¥¢¤òºîÀ®¤·¤Æ¸°¤Î¥Ú¥¢¤òÀ¸À®¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¼¡¤Ë¼¨¤¹¤Î¤Ï¡¢ ¼Â¹Ô¤¹¤ë¥³¥Þ¥ó¥É¤ÎÎã¤Ç¤¹¡£
example% keytool -genkey -dname "cn=Mark Jones, ou=Java, o=Sun, c=US" -alias business -keypass kpi135 -keystore /working/mykeystore -storepass ab987c -validity 180 Ãí: ¾å¤Î¥³¥Þ¥ó¥ÉÎã¤Ï¡¢Æɤߤ䤹¤¯¤¹¤ë¤¿¤á¤ËÊ£¿ô¤Î¹Ô¤Ëʬ¤±¤Æ¤¢¤ê¤Þ¤¹¤¬¡¢ ¼ÂºÝ¤Ë¤Ï 1 ¹Ô¤Ç»ØÄꤹ¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£ ¤³¤ÎÎã¤Ç¤Ï¡¢ working ¥Ç¥£¥ì¥¯¥È¥ê¤Ë mykeystore ¤È¤¤¤¦Ì¾Á°¤Î¥¡¼¥¹¥È¥¢¤òºîÀ®¤· (¥¡¼¥¹¥È¥¢¤Ï¤Þ¤À¸ºß¤·¤Æ¤¤¤Ê¤¤¤È²¾Äꤹ¤ë)¡¢ ºîÀ®¤·¤¿¥¡¼¥¹¥È¥¢¤Ë¥Ñ¥¹¥ï¡¼¥É ab987c ¤ò³ä¤êÅö¤Æ¤Þ¤¹¡£À¸À®¤¹¤ë¸ø³«¸°¤ÈÈó¸ø³«¸°¤Î¥Ú¥¢¤ËÂбþ¤¹¤ë¥¨¥ó¥Æ¥£¥Æ¥£¤Î ¡Ö¼±ÊÌ̾¡×¤Ï¡¢Ä̾Τ¬ MarkJones ¡¢ÁÈ¿¥Ã±°Ì¤¬ Java ¡¢ÁÈ¿¥¤¬ Sun ¡¢2 ʸ»ú¤Î¹ñÈֹ椬 US ¤Ç¤¹¡£¸ø³«¸°¤ÈÈó¸ø³«¸°¤Î¥µ¥¤¥º¤Ï¤É¤Á¤é¤â 1024 ¥Ó¥Ã¥È¤Ç¡¢¸°¤ÎºîÀ®¤Ë¤Ï¥Ç ¥Õ¥©¥ë¥È¤Î DSA ¸°À¸À®¥¢¥ë¥´¥ê¥º¥à¤ò»ÈÍѤ·¤Þ¤¹¡£ ¤³¤Î¥³¥Þ¥ó¥É¤Ï¡¢¸ø³«¸°¤È¼±ÊÌ̾¾ðÊó¤ò´Þ¤à¼«¸Ê½ð̾¾ÚÌÀ½ñ (¥Ç¥Õ¥©¥ë¥È¤Î SHA1withDSA ½ð̾¥¢¥ë¥´¥ê¥º¥à¤ò»ÈÍÑ) ¤òºîÀ®¤·¤Þ¤¹¡£¾ÚÌÀ½ñ¤Î͸ú´ü´Ö¤Ï 180 Æü¤Ç¤¹¡£¾ÚÌÀ½ñ¤Ï¡¢ÊÌ̾ business ¤ÇÆÃÄꤵ¤ì¤ë¥¡¼¥¹¥È¥¢¥¨¥ó¥È¥êÆâ¤ÎÈó¸ø³«¸°¤Ë´ØÏ¢ÉÕ¤±¤é¤ì¤Þ¤¹¡£Èó¸ø³«¸° ¤Ë¤Ï¥Ñ¥¹¥ï¡¼¥É kpi135 ¤¬³ä¤êÅö¤Æ¤é¤ì¤Þ¤¹¡£ ¥ª¥×¥·¥ç¥ó¤Î´ûÄêÃͤò»È¤¦¾ì¹ç¤Ï¡¢¾å¤Ë¼¨¤·¤¿¥³¥Þ¥ó¥É¤òÂçÉý¤Ëû¤¯¤¹¤ë¤³¤È¤¬ ¤Ç¤¤Þ¤¹¡£¼ÂºÝ¤Ë¤Ï¡¢¥ª¥×¥·¥ç¥ó¤ò 1 ¤Ä¤â»ØÄꤻ¤º¤Ë¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¤³¤È¤â ²Äǽ¤Ç¤¹¡£´ûÄêÃͤò»ý¤Ä¥ª¥×¥·¥ç¥ó¤Ç¤Ï¡¢¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤Ê¤±¤ì¤Ð´ûÄêÃÍ ¤¬»È¤ï¤ì¡¢É¬ÍפÊÃͤˤĤ¤¤Æ¤ÏÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢Ã±¤Ë¼¡¤Î¤è¤¦ ¤ËÆþÎϤ¹¤ë¤³¤È¤â¤Ç¤¤Þ¤¹¡£
example% keytool -genkey ¤³¤Î¾ì¹ç¤Ï¡¢ mykey ¤È¤¤¤¦ÊÌ̾¤Ç¥¡¼¥¹¥È¥¢¥¨¥ó¥È¥ê¤¬ºîÀ®¤µ¤ì¡¢¿·¤·¤¯À¸À®¤µ¤ì¤¿¸°¤Î¥Ú¥¢¡¢¤ª¤è¤Ó 90 Æü´Ö͸ú¤Ê¾ÚÌÀ½ñ¤¬¤³¤Î¥¨¥ó¥È¥ê¤Ë³ÊǼ¤µ¤ì¤Þ¤¹¡£¤³¤Î¥¨¥ó¥È¥ê¤Ï¡¢¥Û¡¼¥à¥Ç¥£ ¥ì¥¯¥È¥êÆâ¤Î .keystore ¤È¤¤¤¦Ì¾Á°¤Î¥¡¼¥¹¥È¥¢¤ËÃÖ¤«¤ì¤Þ¤¹¡£¤³¤Î¥¡¼¥¹¥È¥¢¤¬¤Þ¤À¸ºß¤·¤Æ¤¤¤Ê¤¤¾ì¹ç ¤Ï¡¢ºîÀ®¤µ¤ì¤Þ¤¹¡£¼±ÊÌ̾¾ðÊó¡¢¥¡¼¥¹¥È¥¢¤Î¥Ñ¥¹¥ï¡¼¥É¡¢¤ª¤è¤ÓÈó¸ø³«¸°¤Î¥Ñ ¥¹¥ï¡¼¥É¤Ë¤Ä¤¤¤Æ¤Ï¡¢ÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£ °Ê²¼¤Ç¤Ï¡¢¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤Ê¤¤¤Ç -genkey ¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤¿¤â¤Î¤È¤·¤ÆÎã¤ò¼¨¤·¤Þ¤¹¡£¾ðÊó¤ÎÆþÎϤòµá¤á¤é¤ì¤¿¾ì¹ç¤Ï¡¢ ºÇ½é¤Ë¼¨¤·¤¿ -genkey ¥³¥Þ¥ó¥É¤ÎÃͤòÆþÎϤ·¤¿¤â¤Î¤È¤·¤Þ¤¹ (¤¿¤È¤¨¤Ð¡¢Èó¸ø³«¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤Ë¤Ï kpi135 ¤È»ØÄê)¡£ ¾ÚÌÀ½ñȯ¹Ô¶É¤ËÂФ¹¤ë½ð̾ÉÕ¤¾ÚÌÀ½ñ¤ÎÍ׵ḽ»þÅÀ¤Ç¼ê¸µ¤Ë¤¢¤ë¤Î¤Ï¡¢1 Ä̤μ«¸Ê½ð̾¾ÚÌÀ½ñ¤À¤±¤Ç¤¹¡£¾ÚÌÀ½ñ¤Ë¾ÚÌÀ½ñ ȯ¹Ô¶É (CA) ¤Î½ð̾¤¬ÉÕ¤¤¤Æ¤¤¤ì¤Ð¡¢¤Û¤«¤Î¥æ¡¼¥¶¤«¤é¾ÚÌÀ½ñ¤¬¿®Íê¤Ç¤¤ë ²ÄǽÀ¤â¹â¤¯¤Ê¤ê¤Þ¤¹¡£CA ¤Î½ð̾¤ò¼èÆÀ¤¹¤ë¤Ë¤Ï¡¢¤Þ¤º¡¢¾ÚÌÀ½ñ½ð̾Í×µá (CSR) ¤òÀ¸À®¤·¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢¼¡¤Î¤è¤¦¤Ë¤·¤Þ¤¹¡£
example% keytool -certreq -file MarkJ.csr CSR (¥Ç¥Õ¥©¥ë¥ÈÊÌ̾ mykey ¤Ë¤è¤Ã¤ÆÆÃÄꤵ¤ì¤ë¥¨¥ó¥Æ¥£¥Æ¥£¤Î CSR) ¤¬ºîÀ®¤µ¤ì¡¢ MarkJ.csr ¤È¤¤¤¦Ì¾Á°¤Î¥Õ¥¡¥¤¥ë¤ËÃÖ¤«¤ì¤Þ¤¹¡£¤³¤Î¥Õ¥¡¥¤¥ë¤Ï¡¢VeriSign ¤Ê¤É¤Î CA ¤Ë Äó½Ð¤·¤Þ¤¹¡£CA ¤ÏÍ×µá¼Ô¤ò (Ä̾ï¤Ï¥ª¥Õ¥é¥¤¥ó¤Ç) ǧ¾Ú¤·¡¢Í×µá¼Ô¤Î¸ø³«¸° ¤òǧ¾Ú¤·¤¿½ð̾ÉÕ¤¤Î¾ÚÌÀ½ñ¤òÁ÷¤êÊÖ¤·¤Þ¤¹¡£¾ì¹ç¤Ë¤è¤Ã¤Æ¤Ï¡¢CA ¤¬¾ÚÌÀ½ñ ¤ÎÏ¢º¿¤òÊÖ¤¹¤³¤È¤â¤¢¤ê¤Þ¤¹¡£¾ÚÌÀ½ñ¤ÎÏ¢º¿¤Ç¤Ï¡¢³Æ¾ÚÌÀ½ñ¤¬Ï¢º¿Æâ¤Î¤½¤Î Á°¤Î½ð̾¼Ô¤Î¸ø³«¸°¤òǧ¾Ú¤·¤Þ¤¹¡£ CA ¤«¤é¤Î¾ÚÌÀ½ñ¤Î¥¤¥ó¥Ý¡¼¥ÈºîÀ®¤·¤¿¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Ï¡¢¾ÚÌÀÏ¢º¿¤ÇÃÖ¤´¹¤¨¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£ ¾ÚÌÀÏ¢º¿¤Ç¤Ï¡¢³Æ¾ÚÌÀ½ñ¤¬¡¢¡Ö¥ë¡¼¥È¡×CA ¤òµ¯ÅÀ¤È¤¹¤ëÏ¢º¿Æâ¤Î¼¡¤Î¾ÚÌÀ½ñ ¤Î½ð̾¼Ô¤Î¸ø³«¸°¤òǧ¾Ú¤·¤Þ¤¹¡£ CA ¤«¤é¤Î¾ÚÌÀ½ñ±þÅú¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ë¤Ë¤Ï¡¢¥¡¼¥¹¥È¥¢¤«¡¢( import ¥³¥Þ¥ó¥É¤ÇÀâÌÀ¤·¤Æ¤¤¤ë¤è¤¦¤Ë) cacerts ¥¡¼¥¹¥È¥¢¥Õ¥¡¥¤¥ëÆâ¤Ë 1 ¤Ä°Ê¾å¤Î ¡Ö¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¡×¤òɬÍפȤ·¤Þ¤¹¡£
cacerts ¥¡¼¥¹¥È¥¢¥Õ¥¡¥¤¥ë¤Ï¡¢5 ¤Ä¤Î VeriSign ¥ë¡¼¥È CA ¾ÚÌÀ½ñ¤ò´Þ¤ó¤À¾õÂÖ¤Ç ½Ð²Ù¤µ¤ì¤Æ¤¤¤ë¤Î¤Ç¡¢VeriSign ¤Î¾ÚÌÀ½ñ¤ò¡¢¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¤È¤·¤Æ¥¡¼¥¹¥È¥¢ Æâ¤Ë¥¤¥ó¥Ý¡¼¥È¤¹¤ëɬÍפϤʤ¤²ÄǽÀ¤¬¤¢¤ê¤Þ¤¹¡£¤¿¤À¤·¡¢¤Û¤«¤Î CA ¤ËÂФ·¤Æ ½ð̾ÉÕ¤¾ÚÌÀ½ñ¤òÍ׵ᤷ¤Æ¤¤¤Æ¡¢¤³¤Î CA ¤Î¸ø³«¸°¤òǧ¾Ú¤¹¤ë¾ÚÌÀ½ñ¤¬¡¢ cacerts ¤Ë¤Þ¤ÀÄɲ䵤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¡¢³ºÅö¤¹¤ë CA ¤«¤é¤Î¾ÚÌÀ½ñ¤ò¡¢¡Ö¿®Íê¤Ç¤¤ë ¾ÚÌÀ½ñ¡×¤È¤·¤Æ¥¤¥ó¥Ý¡¼¥È¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£ Ä̾CA ¤«¤é¤Î¾ÚÌÀ½ñ¤Ï¡¢¼«¸Ê½ð̾¾ÚÌÀ½ñ¡¢¤Þ¤¿¤Ï¤Û¤«¤Î CA ¤Ë¤è¤Ã¤Æ½ð̾ ¤µ¤ì¤¿¾ÚÌÀ½ñ¤Ç¤¹ (¸å¼Ô¤Î¾ì¹ç¤Ï¡¢³ºÅö¤¹¤ë¤Û¤«¤Î CA ¤Î¸ø³«¸°¤òǧ¾Ú¤¹¤ë ¾ÚÌÀ½ñ¤âɬÍ×)¡£¤¿¤È¤¨¤Ð¡¢ABC ¤È¤¤¤¦´ë¶È¤¬ CA ¤À¤È¤·¤Þ¤¹¡£¤³¤Î¤È¤¡¢¤³¤Î CA ¤Î¸ø³«¸°¤òǧ¾Ú¤¹¤ë¼«¸Ê½ð̾¾ÚÌÀ½ñ¤È¹Í¤¨¤é¤ì¤ë ABCCA.cer ¤È¤¤¤¦Ì¾Á°¤Î¥Õ¥¡¥¤¥ë¤ò¡¢ABC ¤«¤éÆþ¼ê¤·¤¿¤È¤·¤Þ¤¹¡£ ¡Ö¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¡×¤È¤·¤Æ¾ÚÌÀ½ñ¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ëÁ°¤Ë¡¢¾ÚÌÀ½ñ¤¬Í¸ú¤Ç¤¢¤ë¤³¤È¤òɬ¤º³Îǧ¤·¤Æ¤¯¤À¤µ¤¤¡£¤Þ¤º¡¢¾ÚÌÀ½ñ¤ÎÆâÍƤòɽ¼¨¤· ( -printcert ¥µ¥Ö¥³¥Þ¥ó¥É¡¢¤Þ¤¿¤Ï -noprompt ¥ª¥×¥·¥ç¥ó¤Ê¤·¤Ç -import ¥µ¥Ö¥³¥Þ¥ó¥É¤ò»ÈÍÑ)¡¢É½¼¨¤µ¤ì¤¿¾ÚÌÀ½ñ¤Î¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤¬¡¢´üÂÔ¤µ¤ì¤ë¥Õ¥£¥ó ¥¬¡¼¥×¥ê¥ó¥È¤È°ìÃפ¹¤ë¤«¤É¤¦¤«¤ò³Îǧ¤·¤Þ¤¹¡£¾ÚÌÀ½ñ¤òÁ÷¿®¤·¤¿¿Íʪ¤ËÏ¢Íí¤·¡¢ ¤³¤Î¿Íʪ¤¬Ä󼨤·¤¿ (¤Þ¤¿¤Ï°ÂÁ´¤Ê¸ø³«¸°¤Î¥ê¥Ý¥¸¥È¥ê¤Ë¤è¤Ã¤ÆÄ󼨤µ¤ì¤ë) ¥Õ¥£ ¥ó¥¬¡¼¥×¥ê¥ó¥È¤È¡¢¾å¤Î¥³¥Þ¥ó¥É¤Çɽ¼¨¤µ¤ì¤¿¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤È¤òÈæ³Ó¤·¤Þ¤¹¡£ ¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤¬°ìÃפ¹¤ì¤Ð¡¢Á÷¿®ÅÓÃæ¤Ç¤Û¤«¤Î²¿¼Ô¤« (¹¶·â¼Ô¤Ê¤É) ¤Ë¤è ¤ë¾ÚÌÀ½ñ¤Î¤¹¤êÂؤ¨¤¬¹Ô¤ï¤ì¤Æ¤¤¤Ê¤¤¤³¤È¤ò³Îǧ¤Ç¤¤Þ¤¹¡£Á÷¿®ÅÓÃæ¤Ç¤³¤Î¼ï¤Î ¹¶·â¤¬¹Ô¤ï¤ì¤Æ¤¤¤¿¾ì¹ç¡¢¥Á¥§¥Ã¥¯¤ò¹Ô¤ï¤º¤Ë¾ÚÌÀ½ñ¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ë¤È¡¢¹¶·â ¼Ô¤Ë¤è¤Ã¤Æ½ð̾¤µ¤ì¤¿¤¹¤Ù¤Æ¤Î¤â¤Î¤ò¿®Íꤹ¤ë¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£ ABCCA.cer ¤ò͸ú¤Ê¾ÚÌÀ½ñ¤È¤·¤Æ¿®Íꤹ¤ë¾ì¹ç¤Ï¡¢¾ÚÌÀ½ñ¤ò¥¡¼¥¹¥È¥¢¤ËÄɲà ¤Ç¤¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢¼¡¤Î¤è¤¦¤Ë¤·¤Þ¤¹¡£
example% keytool -import -alias abc -file ABCCA.cer ABCCA.cer ¥Õ¥¡¥¤¥ë¤Î¥Ç¡¼¥¿¤ò´Þ¤à¡Ö¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¡×¤Î¥¨¥ó¥È¥ê¤¬¥¡¼¥¹¥È¥¢Æâ¤ËºîÀ®¤µ¤ì¡¢³ºÅö¤¹¤ë¥¨¥ó¥È¥ê¤Ë abc ¤È¤¤¤¦ÊÌ̾¤¬³ä¤êÅö¤Æ¤é¤ì¤Þ¤¹¡£ CA ¤«¤é¤Î¾ÚÌÀ½ñ±þÅú¤Î¥¤¥ó¥Ý¡¼¥È¾ÚÌÀ½ñ½ð̾Í×µá¤ÎÄó½ÐÀè¤Î CA ¤Î¸ø³«¸°¤òǧ¾Ú¤¹¤ë¾ÚÌÀ½ñ¤ò¥¤¥ó¥Ý¡¼¥È¤·¤¿ ¤¢¤È¤Ï (¤Þ¤¿¤ÏƱ¼ï¤Î¾ÚÌÀ½ñ¤¬¤¹¤Ç¤Ë cacerts ¥Õ¥¡¥¤¥ëÆâ¤Ë¸ºß¤·¤Æ¤¤¤ë¾ì¹ç¤Ï)¡¢¾ÚÌÀ½ñ±þÅú¤ò¥¤¥ó¥Ý¡¼¥È¤·¡¢¼«¸Ê½ð̾¾ÚÌÀ ½ñ¤ò¾ÚÌÀÏ¢º¿¤ÇÃÖ¤´¹¤¨¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£¤³¤Î¾ÚÌÀÏ¢º¿¤Ï¡¢CA ¤Î±þÅú¤¬Ï¢ º¿¤Î¾ì¹ç¡¢¾ÚÌÀ½ñ½ð̾Í×µá¤ËÂФ¹¤ë±þÅú¤È¤·¤Æ CA ¤«¤éÁ÷¤êÊÖ¤µ¤ì¤¿¾ÚÌÀÏ¢º¿ ¤Ç¤¹¡£¤Þ¤¿¡¢CA ¤Î±þÅú¤¬Ã±°ì¤Î¾ÚÌÀ½ñ¤Î¾ì¹ç¤Ï¡¢¤³¤Î¾ÚÌÀ½ñ±þÅú¤È¡¢¥¤¥ó¥Ý¡¼¥ÈÀè¤Î ¥¡¼¥¹¥È¥¢Æâ¤Þ¤¿¤Ï cacerts ¥¡¼¥¹¥È¥¢¥Õ¥¡¥¤¥ëÆâ¤Ë¤¹¤Ç¤Ë¸ºß¤¹¤ë¿®Íê¤Ç¤¤ë¾ÚÌÀ½ñ¤È¤ò»È¤Ã¤Æ¹½ÃÛ¤·¤¿¾Ú ÌÀÏ¢º¿¤Ç¤¹¡£ ¤¿¤È¤¨¤Ð¡¢¾ÚÌÀ½ñ½ð̾Í×µá¤ò VeriSign ¤ËÁ÷¿®¤·¤¿¤È¤·¤Þ¤¹¡£Á÷¤êÊÖ¤µ¤ì¤¿¾ÚÌÀ½ñ¤Î̾Á°¤¬ VSMarkJ.cer ¤À¤È¤¹¤ë¤È¡¢¼¡¤Î¤è¤¦¤Ë¤·¤Æ±þÅú¤ò¥¤¥ó¥Ý¡¼¥È¤Ç¤¤Þ¤¹¡£
example% keytool -import -trustcacerts -file VSMarkJ.cer ¸ø³«¸°¤òǧ¾Ú¤¹¤ë¾ÚÌÀ½ñ¤Î¥¨¥¯¥¹¥Ý¡¼¥È¤¿¤È¤¨¤Ð¡¢ jarsigner(1) ¥Ä¡¼¥ë¤ò»È¤Ã¤Æ Java ARchive (JAR) ¥Õ¥¡¥¤¥ë¤Ë½ð̾¤òÉÕ¤±¤¿¤È¤·¤Þ¤¹¡£ ¤³¤Î JAR ¥Õ¥¡¥¤¥ë¤Ï¥¯¥é¥¤¥¢¥ó¥È¤Ë¤è¤Ã¤Æ»È¤ï¤ì¤Þ¤¹¤¬¡¢¥¯¥é¥¤¥¢¥ó¥È¦¤Ç¤Ï ½ð̾¤òǧ¾Ú¤·¤¿¤¤¤È¹Í¤¨¤Æ¤¤¤Þ¤¹¡£ ¥¯¥é¥¤¥¢¥ó¥È¤¬½ð̾¤òǧ¾Ú¤¹¤ëÊýË¡¤Î 1 ¤Ä¤Ë¡¢¤Þ¤º¼«Ê¬¤Î¸ø³«¸°¤Î¾ÚÌÀ½ñ¤ò ¡Ö¿®Íê¤Ç¤¤ë¡×¥¨¥ó¥È¥ê¤È¤·¤Æ¥¯¥é¥¤¥¢¥ó¥È¤Î¥¡¼¥¹¥È¥¢¤Ë¥¤¥ó¥Ý¡¼¥È¤¹¤ëÊýË¡¤¬¤¢¤ê¤Þ ¤¹¡£¤½¤Î¤¿¤á¤Ë¤Ï¡¢¾ÚÌÀ½ñ¤ò¥¨¥¯¥¹¥Ý¡¼¥È¤·¤Æ¡¢¥¯¥é¥¤¥¢¥ó¥È¤ËÄ󶡤·¤Þ¤¹¡£¤¿¤È¤¨ ¤Ð¡¢¼¡¤Î¤è¤¦¤Ë¤·¤Æ¡¢¾ÚÌÀ½ñ¤ò MJ.cer ¤È¤¤¤¦Ì¾Á°¤Î¥Õ¥¡¥¤¥ë¤Ë¥³¥Ô¡¼¤·¤Þ¤¹¡£¤³¤Î¥¨¥ó¥È¥ê¤Ë¤Ï¡Ö mykey ¡×¤È¤¤¤¦ÊÌ̾¤¬»È¤ï¤ì¤Æ¤¤¤ë¤È¤·¤Þ¤¹¡£
example% keytool -export -alias mykey -file MJ.cer ¾ÚÌÀ½ñ¤È½ð̾ÉÕ¤ JAR ¥Õ¥¡¥¤¥ë¤òÆþ¼ê¤·¤¿¥¯¥é¥¤¥¢¥ó¥È¤Ï¡¢ jarsigner(1) ¥Ä¡¼¥ë¤ò»È¤Ã¤Æ½ð̾¤òǧ¾Ú¤Ç¤¤Þ¤¹¡£ ¸°¤Î¥Ú¥¢¤òÊÝ»ý¤·¤¿¤Þ¤Þ¤Ç¤Î¼±ÊÌ̾¤ÎÊѹ¹½ê°Éô²Ý¤ÎÊѹ¹¤äž¶Ð¤Ê¤É¤Ë¤è¤Ã¤Æ¡¢¼±ÊÌ̾¤¬Êѹ¹¤µ¤ì¤¿¤È¤·¤Þ¤¹¡£¤³¤Î¤è¤¦¤Ê ¾ì¹ç¤Ï¡¢¼±ÊÌ̾¤ò¹¹¿·¤¹¤ë°ìÊý¤Ç¡¢°ú¤Â³¤°ÊÁ°¤ÈƱ¤¸¸ø³«¸°¤ÈÈó¸ø³«¸°¤Î ¥Ú¥¢¤ò»ÈÍѤ¹¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢Ì¾Á°¤¬ Susan Miller ¤Ç¡¢°ÊÁ°¤Ë sMiller ¤È¤¤¤¦ÊÌ̾¤Ç¸°¥¨¥ó¥È¥ê¤òºîÀ®¤·¤Æ¤¤¤¿¤È¤·¤Þ¤¹¡£¼±ÊÌ̾¤Ï¡¢¼¡¤Î¤è¤¦¤Ë»ØÄꤷ¤Æ ¤¤¤Þ¤·¤¿¡£
"cn=Susan Miller, ou=Finance Department, o=BlueSoft, c=us" ¤³¤³¤Ç¡¢½ê°Éô²Ý¤¬ Finance Department ¤«¤é Accounting Department ¤Ë Êѹ¹¤Ë¤Ê¤Ã¤¿¤È¤·¤Þ¤¹¡£¤³¤Î¾ì¹ç¡¢°ÊÁ°¤ËÀ¸À®¤·¤¿¸ø³«¸°¤ÈÈó¸ø³«¸°¤Î¥Ú¥¢¤ò »È¤¤Â³¤±¤Ê¤¬¤é¼±ÊÌ̾¤ò¹¹¿·¤¹¤ë¤Ë¤Ï¡¢¼¡¤Î¤è¤¦¤Ë¤·¤Þ¤¹¡£ ¤Þ¤º¡¢¸°¥¨¥ó¥È¥ê¤ò ¥³¥Ô¡¼ (Ê£À½) ¤·¤Þ¤¹¡£
example% keytool -keyclone -alias sMiller -dest sMillerNew ¤³¤ÎÎã¤Ç¤Ï¡¢¥¹¥È¥¢¤Î¥Ñ¥¹¥ï¡¼¥É¤ª¤è¤Ó¸µ¤ÎÈó¸ø³«¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤ÈÊ£À½Àè¤Î Èó¸ø³«¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤ò¥³¥Þ¥ó¥É¹Ô¤Ç»ØÄꤷ¤Æ¤¤¤Ê¤¤¤Î¤Ç¡¢¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤò µá¤á¤é¤ì¤Þ¤¹¡£¸°¥¨¥ó¥È¥ê¤ò¥³¥Ô¡¼¤·¤¿¤¢¤È¤Ï¡¢Ï¢º¿Æâ¤ÎºÇ½é¤Î¾ÚÌÀ½ñ¤¬Êѹ¹¸å ¤Î¼±ÊÌ̾¤ò»È¤¦¤è¤¦¤Ë¤¹¤ë¤¿¤á¤Ë¡¢¥³¥Ô¡¼¤·¤¿¸°¥¨¥ó¥È¥ê¤Ë´ØÏ¢ÉÕ¤±¤é¤ì¤Æ¤¤¤ë ¾ÚÌÀÏ¢º¿¤òÊѹ¹¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¤Þ¤º¡¢Å¬ÀÚ¤Ê̾Á°¤Ç¼«¸Ê½ð̾¾ÚÌÀ½ñ¤ò À¸À®¤·¤Þ¤¹¡£
example% keytool -selfcert -alias sMillerNew -dname "cn=Susan Miller, ou=Accounting Department, o=BlueSoft, c=us" ¼¡¤Ë¡¢¤³¤Î¿·¤·¤¤¾ÚÌÀ½ñ¤Î¾ðÊó¤Ë´ð¤Å¤¤¤Æ¾ÚÌÀ½ñ½ð̾Í×µá¤òÀ¸À®¤·¤Þ¤¹¡£
example% keytool -certreq -alias sMillerNew CA ¤Î¾ÚÌÀ½ñ±þÅú¤òÆþ¼ê¤·¤¿¤é¡¢±þÅú¤ò¥¤¥ó¥Ý¡¼¥È¤·¤Þ¤¹¡£
example% keytool -import -alias sMillerNew -file VSSMillerNew.cer ¾ÚÌÀ½ñ±þÅú¤Î¥¤¥ó¥Ý¡¼¥È¸å¤Ï¡¢¸Å¤¤¼±ÊÌ̾¤¬»È¤ï¤ì¤Æ¤¤¤ë¸µ¤Î¸°¥¨¥ó¥È¥ê¤òºï½ü¤Ç¤¤Þ¤¹¡£
example% keytool -delete -alias sMiller ´ØÏ¢¹àÌÜjar(1)¡¢ jarsigner(1)¼¡¤Ë¤Ä¤¤¤Æ¤Ï¡¢ java.sun.com ¤ò»²¾È¤Þ¤¿¤Ï¸¡º÷¤·¤Æ¤¯¤À¤µ¤¤¡£
IndexThis document was created by man2html, using the manual pages. Time: 04:12:30 GMT, April 18, 2024 |