www.fifi.org
    Documentation
        Manpages
        GNU Info
        Debian document tree
        Whole document tree
    Trigance web page
    Public services
    User info
    Mailing lists
    Secure server
    Multilingual usage
 

Copyright (C) 2000-2012
Philippe Troin
<webmaster@fifi.org>.

Validate HTML
Validate CSS

    

Manpages

Manpage of keytool

keytool

Section: User Commands (1)
Updated: 2000 ǯ 7 ·î 28 Æü
Index
Return to Main Contents
 

̾Á°

keytool - ¸°¤È¾ÚÌÀ½ñ¤Î´ÉÍý¥Ä¡¼¥ë  

·Á¼°

keytool [ subcommands ]  

µ¡Ç½ÀâÌÀ

keytool ¤Ï¡¢¸°¤È¾ÚÌÀ½ñ¤ò´ÉÍý¤¹¤ë¤¿¤á¤Î¥æ¡¼¥Æ¥£¥ê¥Æ¥£¤Ç¤¹¡£keytool ¤ò»È¤¦¤È¡¢¼«Ê¬¤Î ¸ø³«¸°¤ÈÈó¸ø³«¸°¤Î¥Ú¥¢¡¢¤ª¤è¤Ó´ØÏ¢¤¹¤ë¾ÚÌÀ½ñ¤ò´ÉÍý¤·¡¢¥Ç¥¸¥¿¥ë½ð̾¤ò »È¤Ã¤¿¼«¸Êǧ¾Ú (¤Û¤«¤Î¥æ¡¼¥¶¤Þ¤¿¤Ï¥µ¡¼¥Ó¥¹¤ËÂФ·¤Æ¼«Ê¬¼«¿È¤òǧ¾Ú¤¹¤ë ¤³¤È) ¤ä¡¢¥Ç¡¼¥¿¤Î´°Á´À­¤Èǧ¾Ú¤Ë´Ø¤¹¤ë¥µ¡¼¥Ó¥¹¤ËÍøÍѤ¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£ keytool ¤Ç¤Ï¡¢ÄÌ¿®Áê¼ê¤Î¸ø³«¸°¤ò (¾ÚÌÀ½ñ¤Î·Á¤Ç) ¥­¥ã¥Ã¥·¥å¤¹¤ë¤³¤È¤â¤Ç¤­ ¤Þ¤¹¡£

¡Ö¾ÚÌÀ½ñ¡×¤È¤Ï¡¢¤¢¤ë¥¨¥ó¥Æ¥£¥Æ¥£¤«¤é¤Î¥Ç¥¸¥¿¥ë½ð̾ÉÕ¤­¤Îʸ½ñ¤Î¤³¤È¤Ç¤¹¡£ ¾ÚÌÀ½ñ¤Ë¤Ï¡¢¤Û¤«¤Î¤¢¤ë¥¨¥ó¥Æ¥£¥Æ¥£ (¿Íʪ¡¢²ñ¼Ò¤Ê¤É) ¤Î¸ø³«¸° (¤ª¤è¤Ó¤½¤Î ¾¤Î¾ðÊó) ¤¬ÆÃÊ̤ÊÃͤò»ý¤Ã¤Æ¤¤¤ë¤³¤È¤¬½ñ¤«¤ì¤Æ¤¤¤Þ¤¹ (¡Ö¾ÚÌÀ½ñ¡×¤ò»²¾È)¡£ ¥Ç¡¼¥¿¤Ë¥Ç¥¸¥¿¥ë½ð̾¤¬ÉÕ¤¤¤Æ¤¤¤ë¾ì¹ç¤Ï¡¢¥Ç¥¸¥¿¥ë½ð̾¤ò¸¡¾Ú¤¹¤ë¤³¤È¤Ç¡¢ ¥Ç¡¼¥¿¤Î´°Á´À­¤ª¤è¤Ó¥Ç¡¼¥¿¤¬ËÜʪ¤Ç¤¢¤ë¤³¤È¤ò¥Á¥§¥Ã¥¯¤Ç¤­¤Þ¤¹¡£¥Ç¡¼¥¿¤Î ¡Ö´°Á´À­¡×¤È¤Ï¡¢¥Ç¡¼¥¿¤¬Êѹ¹¤µ¤ì¤¿¤ê¡¢²þÊѤµ¤ì¤¿¤ê¤·¤Æ¤¤¤Ê¤¤¤³¤È¤ò°ÕÌ£¤·¤Þ¤¹¡£ ¤Þ¤¿¡¢¥Ç¡¼¥¿¤¬¡ÖËÜʪ¤Ç¤¢¤ë¡×¤È¤Ï¡¢¤½¤Î¥Ç¡¼¥¿¤¬¡¢¥Ç¡¼¥¿¤òºîÀ®¤·¤Æ½ð̾¤·¤¿¤È ¾Î¤¹¤ë¿Íʪ¤«¤é¼ÂºÝ¤ËÅϤµ¤ì¤¿¥Ç¡¼¥¿¤Ç¤¢¤ë¤³¤È¤ò°ÕÌ£¤·¤Þ¤¹¡£

keytool ¤Ï¡¢¸°¤È¾ÚÌÀ½ñ¤ò¡Ö¥­¡¼¥¹¥È¥¢¡×¤Ë³ÊǼ¤·¤Þ¤¹¡£¥Ç¥Õ¥©¥ë¥È¤Î¥­¡¼¥¹¥È¥¢¤Î¼ÂÁõ¤Ï¡¢ ¥­¡¼¥¹¥È¥¢¤ò¥Õ¥¡¥¤¥ë¤È¤·¤Æ¼ÂÁõ¤·¤Æ¤¤¤Þ¤¹¡£¥­¡¼¥¹¥È¥¢¤Ï¡¢Èó¸ø³«¸°¤ò¥Ñ¥¹¥ï¡¼¥É ¤ÇÊݸ¤Þ¤¹¡£

jarsigner(1) ¥Ä¡¼¥ë¤Ï¡¢¥­¡¼¥¹¥È¥¢¤Î¾ðÊó¤ò»È¤Ã¤Æ Java Archive (JAR) ¥Õ¥¡¥¤¥ë¤ËÂФ¹¤ë¥Ç¥¸¥¿¥ë½ð̾¤ÎÀ¸À®¤È¸¡¾Ú¤ò¹Ô¤¤¤Þ¤¹¡£JAR ¥Õ¥¡¥¤¥ë¤Ï¡¢ ¥¯¥é¥¹¥Õ¥¡¥¤¥ë¡¢¥¤¥á¡¼¥¸¡¢¥µ¥¦¥ó¥É¡¢¤ª¤è¤Ó¤½¤Î¾¤Î¥Ç¥¸¥¿¥ë¥Ç¡¼¥¿¤òñ°ì¤Î¥Õ¥¡ ¥¤¥ë¤Ë¥Ñ¥Ã¥±¡¼¥¸²½¤·¤Þ¤¹¡£ jarsigner(1) ¤Ï¡¢JAR ¥Õ¥¡¥¤¥ë¤ËÉÕ°¤¹¤ë¾ÚÌÀ½ñ (JAR ¥Õ¥¡¥¤¥ë¤Î½ð̾¥Ö¥í¥Ã¥¯¥Õ¥¡¥¤¥ë¤Ë´Þ¤Þ¤ì¤Æ¤¤¤ë¾ÚÌÀ½ñ) ¤ò»È¤Ã¤Æ JAR ¥Õ¥¡¥¤¥ë¤Î ¥Ç¥¸¥¿¥ë½ð̾¤ò¸¡¾Ú¤·¡¢¾ÚÌÀ½ñ¤Î¸ø³«¸°¤¬¡Ö¿®Íê¡×¤Ç¤­¤ë¤«¤É¤¦¤«¡¢¤Ä¤Þ¤ê¡¢³ºÅö ¤¹¤ë¸ø³«¸°¤¬¡¢»ØÄꤵ¤ì¤¿¥­¡¼¥¹¥È¥¢¤Ë´Þ¤Þ¤ì¤Æ¤¤¤ë¤«¤É¤¦¤«¤òÄ´¤Ù¤Þ¤¹¡£

Ãí: keytool ¥Ä¡¼¥ë¤È jarsigner(1) ¥Ä¡¼¥ë¤Ï¡¢JDK 1.1 ¤ÇÄ󶡤µ¤ì¤Æ¤¤¤¿ javakey ¥Ä¡¼¥ë¤ò´°Á´¤ËÃÖ¤­´¹¤¨¤ë¤â¤Î ¤Ç¤¹¡£¤³¤ì¤é¤Î¿·¤·¤¤¥Ä¡¼¥ë¤Ï javakey ¤è¤ê¤â¿¤¯¤Îµ¡Ç½¤òÈ÷¤¨¤Æ¤ª¤ê¡¢¥­¡¼¥¹¥È ¥¢¤ÈÈó¸ø³«¸°¤ò¥Ñ¥¹¥ï¡¼¥É¤ÇÊݸ¤ëµ¡Ç½¤ä¡¢½ð̾¤ÎÀ¸À®¤Ë²Ã¤¨¤Æ½ð̾¤ò¸¡¾Ú ¤¹¤ëµ¡Ç½¤ò»ý¤Ã¤Æ¤¤¤Þ¤¹¡£¿·¤·¤¤¥­¡¼¥¹¥È¥¢¥¢¡¼¥­¥Æ¥¯¥Á¥ã¤Ï¡¢javakey ¤¬ºîÀ®¤· ¤Æ´ÉÍý¤·¤Æ¤¤¤¿¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¥Ç¡¼¥¿¥Ù¡¼¥¹¤ËÂå¤ï¤ë¤â¤Î¤Ç¤¹¡£ -identitydb ¥µ¥Ö¥³¥Þ¥ó¥É¤ò»È¤¦¤È¡¢¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¥Ç¡¼¥¿¥Ù¡¼¥¹¤Î¾ðÊó¤ò¥­¡¼¥¹¥È¥¢¤Ë¥¤¥ó¥Ý¡¼¥È¤Ç¤­¤Þ¤¹¡£

 

¥­¡¼¥¹¥È¥¢¤Î¥¨¥ó¥È¥ê

¥­¡¼¥¹¥È¥¢¤Î¥¨¥ó¥È¥ê¤Ë¤Ï¡¢¼¡¤Î 2 ¤Ä¤Î¼ïÎब¤¢¤ê¤Þ¤¹¡£

1.
¸°¤Î¥¨¥ó¥È¥ê - ³Æ¥¨¥ó¥È¥ê¤Ï¡¢Èó¾ï¤Ë½ÅÍפʰŹ沽¤Î¸°¤Î¾ðÊó¤òÊÝ»ý¤·¤Þ¤¹¡£ ¤³¤Î¾ðÊó¤Ï¡¢µö²Ä¤·¤Æ¤¤¤Ê¤¤¥¢¥¯¥»¥¹¤òËɤ°¤¿¤á¤Ë¡¢Êݸ¤ì¤¿·Á¤Ç³ÊǼ¤µ¤ì¤Þ ¤¹¡£°ìÈ̤ˡ¢¤³¤Î¼ï¤Î¥¨¥ó¥È¥ê¤È¤·¤Æ³ÊǼ¤µ¤ì¤ë¸°¤Ï¡¢ÈëÌ©¸°¤«¡¢Âбþ¤¹¤ë¸ø³«¸° ¤Î¾ÚÌÀÏ¢º¿¤òȼ¤¦Èó¸ø³«¸°¤Ç¤¹¡£ keytool ¥Ä¡¼¥ë¤È jarsigner(1) ¥Ä¡¼¥ë¤Ï¤³¤Î¤¦¤Á¸å¼Ô¤ÎÊý¡¢¤Ä¤Þ¤êÈó¸ø³«¸°¤ª¤è¤Ó´ØÏ¢¤¹¤ë¾ÚÌÀÏ¢º¿¤À¤±¤ò°· ¤¤¤Þ¤¹¡£
2.
¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¤Î¥¨¥ó¥È¥ê - ³Æ¥¨¥ó¥È¥ê¤Ï¡¢Âè»°¼Ô¤«¤é¤Î¸ø³«¸°¾ÚÌÀ½ñ¤ò 1 ¤Ä´Þ¤ó¤Ç¤¤¤Þ¤¹¡£¤³¤Î¾ÚÌÀ½ñ¤Ï¡¢¡Ö¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¡×¤È¸Æ¤Ð¤ì¤Þ¤¹¡£¤½¤ì¤Ï¡¢ ¾ÚÌÀ½ñÆâ¤Î¸ø³«¸°¤¬¡¢¾ÚÌÀ½ñ¤Î¡Ö¼çÂΡ×(½êÍ­¼Ô) ¤Ë¤è¤Ã¤ÆÆÃÄꤵ¤ì¤ë¥¢¥¤¥Ç¥ó¥Æ¥£ ¥Æ¥£¤ËͳÍ褹¤ë¤â¤Î¤Ç¤¢¤ë¤³¤È¤ò¡¢¥­¡¼¥¹¥È¥¢¤Î½êÍ­¼Ô¤¬¿®Íꤹ¤ë¤«¤é¤Ç¤¹¡£ ¾ÚÌÀ½ñ¤Îȯ¹Ô¼Ô¤Ï¡¢¾ÚÌÀ½ñ¤Ë½ð̾¤òÉÕ¤±¤ë¤³¤È¤Ë¤è¤Ã¤Æ¡¢¤½¤ÎÆâÍƤòÊݾڤ·¤Þ¤¹¡£

 

¥­¡¼¥¹¥È¥¢¤ÎÊÌ̾

¥­¡¼¥¹¥È¥¢¤Î¤¹¤Ù¤Æ¤Î¥¨¥ó¥È¥ê (¸°¤ª¤è¤Ó¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ) ¤Ï¡¢°ì°Õ¤Î¡ÖÊÌ̾¡× ¤ò²ð¤·¤Æ¥¢¥¯¥»¥¹¤µ¤ì¤Þ¤¹¡£ÊÌ̾¤Ç¤Ï¡¢Âçʸ»ú¤È¾®Ê¸»ú¤Ï¶èÊ̤µ¤ì¤Þ¤»¤ó¡£ ¤·¤¿¤¬¤Ã¤Æ¡¢ÊÌ̾ Hugo ¤È hugo ¤Ï¡¢¤É¤Á¤é¤âƱ¤¸¥­¡¼¥¹¥È¥¢¥¨¥ó¥È¥ê¤ò»Ø¤·¤Þ¤¹¡£

-genkey ¥µ¥Ö¥³¥Þ¥ó¥É¤ò»È¤Ã¤Æ¸°¤Î¥Ú¥¢ (¸ø³«¸°¤ÈÈó¸ø³«¸°) ¤òÀ¸À®¤·¤¿¤ê¡¢ -import ¥µ¥Ö¥³¥Þ¥ó¥É¤ò»È¤Ã¤Æ¡¢¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¤Î¥ê¥¹¥È¤Ë¾ÚÌÀ½ñ¤Þ¤¿¤Ï¾ÚÌÀÏ¢º¿¤òÄɲà ¤¹¤ë¤Ê¤É¡¢¥­¡¼¥¹¥È¥¢¤Ë¥¨¥ó¥Æ¥£¥Æ¥£¤òÄɲ乤ë¤È¤­¤Ï¡¢ÊÌ̾¤ò»ØÄꤷ¤Þ¤¹¡£¤³¤ì°Ê¸å¡¢ keytool ¥³¥Þ¥ó¥É¤Ç¥¨¥ó¥Æ¥£¥Æ¥£¤ò»²¾È¤¹¤ë¾ì¹ç¤Ï¡¢¤³¤Î¤È¤­¤Ë»ØÄꤷ¤¿ÊÌ̾¤ò»ÈÍѤ¹¤ë ɬÍפ¬¤¢¤ê¤Þ¤¹¡£

¤¿¤È¤¨¤Ð¡¢duke ¤È¤¤¤¦ÊÌ̾¤ò»È¤Ã¤Æ¿·¤·¤¤¸ø³«¸°¤ÈÈó¸ø³«¸°¤Î¥Ú¥¢¤òÀ¸À®¤·¡¢ ¸ø³«¸°¤ò¼«¸Ê½ð̾¾ÚÌÀ½ñ (¾ÚÌÀÏ¢º¿¤ò»²¾È) ¤Ç¥é¥Ã¥×¤¹¤ë¤È¤·¤Þ¤¹¡£¤³¤Î¾ì¹ç¤Ï¡¢ ¼¡¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Þ¤¹¡£ 

example% keytool -genkey -alias duke -keypass dukekeypasswd

¤³¤³¤Ç¤Ï¡¢½é´ü¥Ñ¥¹¥ï¡¼¥É¤È¤·¤Æ dukekeypasswd ¤ò»ØÄꤷ¤Æ¤¤¤Þ¤¹¡£°Ê¸å¡¢ÊÌ̾ duke ¤Ë´ØÏ¢ÉÕ¤±¤é¤ì¤¿Èó¸ø³«¸°¤Ë¥¢¥¯¥»¥¹¤¹¤ë¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¤È¤­¤Ï¡¢¤³¤Î¥Ñ¥¹ ¥ï¡¼¥É¤¬É¬Íפˤʤê¤Þ¤¹¡£ duke ¤ÎÈó¸ø³«¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤ò¤¢¤È¤«¤éÊѹ¹¤¹¤ë¤Ë ¤Ï¡¢¼¡¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Þ¤¹¡£ 

example% keytool -keypasswd -alias duke -keypass dukekeypasswd -new newpass

¥Ñ¥¹¥ï¡¼¥É¤¬¡¢dukekeypasswd ¤«¤é newpass ¤ËÊѹ¹¤µ¤ì¤Þ¤¹¡£

Ãí: ¥Æ¥¹¥È¤òÌÜŪ¤È¤¹¤ë¾ì¹ç¡¢¤Þ¤¿¤Ï°ÂÁ´¤Ç¤¢¤ë¤³¤È¤¬¤ï¤«¤Ã¤Æ¤¤¤ë¥·¥¹¥Æ¥à¤Ç ¼Â¹Ô¤¹¤ë¾ì¹ç°Ê³°¤Ï¡¢¥³¥Þ¥ó¥É¹Ô¤ä¥¹¥¯¥ê¥×¥È¤Ç¥Ñ¥¹¥ï¡¼¥É¤ò»ØÄꤷ¤Ê¤¤¤Ç¤¯¤À¤µ ¤¤¡£É¬Íפʥѥ¹¥ï¡¼¥É¤Î¥ª¥×¥·¥ç¥ó¤ò¥³¥Þ¥ó¥É¹Ô¤Ç»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï¡¢¥Ñ¥¹ ¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£password ¥×¥í¥ó¥×¥È¤Ç¥Ñ¥¹¥ï¡¼¥É¤òÆþÎϤ¹¤ë¤È¡¢ ÆþÎϤ·¤¿¥Ñ¥¹¥ï¡¼¥É¤¬¥¨¥³¡¼¤µ¤ì¡¢¤½¤Î¤Þ¤Þ²èÌ̤Ëɽ¼¨¤µ¤ì¤Þ¤¹¡£¤³¤Î¤¿¤á¡¢¼þ °Ï¤Ë¤Û¤«¤Î¥æ¡¼¥¶¤¬¤¤¤ë¾ì¹ç¤Ï¡¢¥Ñ¥¹¥ï¡¼¥É¤ò¸«¤é¤ì¤Ê¤¤¤è¤¦¤ËÃí°Õ¤·¤Æ¤¯¤À¤µ¤¤¡£

 

¥­¡¼¥¹¥È¥¢¤Î¾ì½ê

keytool ¤Î³Æ¥³¥Þ¥ó¥É¤Ë¤Ï¡¢ -keystore ¥ª¥×¥·¥ç¥ó¤¬¤¢¤ê¤Þ¤¹¡£¤³¤Î¥ª¥×¥·¥ç¥ó¤Ç¤Ï¡¢ keytool ¤Ç´ÉÍý¤¹¤ë¥­¡¼¥¹¥È¥¢¤ËÂбþ¤¹¤ë±Ê³Ū¤Ê¥­¡¼¥¹¥È¥¢¥Õ¥¡¥¤¥ë¤Î̾Á°¤È¾ì½ê¤ò »ØÄꤷ¤Þ¤¹¡£¥­¡¼¥¹¥È¥¢¤Ï¡¢¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¥æ¡¼¥¶¤Î¥Û¡¼¥à¥Ç¥£¥ì¥¯¥È¥ê¤Î .keystore ¤È¤¤¤¦Ì¾Á°¤Î¥Õ¥¡¥¤¥ë¤Ë³ÊǼ¤µ¤ì¤Þ¤¹¡£¥æ¡¼¥¶¤Î¥Û¡¼¥à¥Ç¥£¥ì¥¯¥È¥ê¤Ï¡¢ user.home ¥·¥¹¥Æ¥à¥×¥í¥Ñ¥Æ¥£¤Ë¤è¤Ã¤Æ·è¤Þ¤ê¤Þ¤¹¡£

 

¥­¡¼¥¹¥È¥¢¤ÎºîÀ®

¤Þ¤À¸ºß¤·¤Æ¤¤¤Ê¤¤¥­¡¼¥¹¥È¥¢¤ËÂФ·¡¢ -genkey ¡¢ -import ¡¢¤Þ¤¿¤Ï -identitydb ¥µ¥Ö¥³¥Þ¥ó¥É¤ò»È¤Ã¤Æ¥Ç¡¼¥¿¤òÄɲ乤ë¤È¡¢¥­¡¼¥¹¥È¥¢¤¬ºîÀ®¤µ¤ì¤Þ¤¹¡£

¶ñÂÎŪ¤Ë¤Ï¡¢ -keystore ¥ª¥×¥·¥ç¥ó¤Ç¥­¡¼¥¹¥È¥¢¤ò»ØÄꤷ¤Æ¤¤¤Æ¡¢¤³¤Î¥­¡¼¥¹¥È¥¢¤¬¤Þ¤À¸ºß¤·¤Æ¤¤¤Ê¤¤ ¾ì¹ç¤Ï¡¢»ØÄꤷ¤¿¥­¡¼¥¹¥È¥¢¤¬ºîÀ®¤µ¤ì¤Þ¤¹¡£

-keystore ¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¡¢¥Ç¥Õ¥©¥ë¥È¤Î¥­¡¼¥¹¥È¥¢¤Ï¡¢¥Û¡¼¥à¥Ç¥£¥ì¥¯¥È¥ê Æâ¤Î .keystore ¤È¤¤¤¦Ì¾Á°¤Î¥Õ¥¡¥¤¥ë¤Ë¤Ê¤ê¤Þ¤¹¡£¤³¤Î¥Õ¥¡¥¤¥ë¤¬¤Þ¤À¸ºß¤·¤Æ¤¤¤Ê¤¤¾ì¹ç¤ÏºîÀ® ¤µ¤ì¤Þ¤¹¡£

 

¥­¡¼¥¹¥È¥¢¤Î¼ÂÁõ

java.security ¥Ñ¥Ã¥±¡¼¥¸¤ÇÄ󶡤µ¤ì¤ë KeyStore ¥¯¥é¥¹¤Ë¤Ï¡¢¥­¡¼¥¹¥È¥¢Æâ¤Î¾ðÊó¤ËÂФ¹¤ë¥¢¥¯¥»¥¹¤ÈÊѹ¹¤ò¹Ô¤¦¤¿¤á¤ÎÌÀ³Î¤Ë ÄêµÁ¤µ¤ì¤¿¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤¬ÍÑ°Õ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£¥­¡¼¥¹¥È¥¢¤Î¸ÇÄê¼ÂÁõ¤È¤·¤Æ¤Ï¡¢ ¤½¤ì¤¾¤ì¤¬ÆÃÄê¤Î¡Ö¥¿¥¤¥×¡×¤Î¥­¡¼¥¹¥È¥¢¤òÂоݤȤ¹¤ëÊ£¿ô¤Î°Û¤Ê¤ë¼ÂÁõ¤¬Â¸ºß ²Äǽ¤Ç¤¹¡£

¸½ºß¡¢keytool ¤È jarsigner(1) ¤Î 2 ¤Ä¤Î¥³¥Þ¥ó¥É¹Ô¥Ä¡¼¥ë¤È¡¢ policytool ¤È¤¤¤¦Ì¾Á°¤Î 1 ¤Ä¤Î GUI ¥Ù¡¼¥¹¤Î ¥Ä¡¼¥ë¤¬¤¢¤ê¤Þ¤¹¡£ KeyStore ¤Ï public ¤È¤·¤Æ»ÈÍѲÄǽ¤Ê¤Î¤Ç¡¢JDK ¥æ¡¼¥¶¤Ï KeyStore ¤ò»È¤Ã¤¿¤Û¤«¤Î¥»¥­¥å¥ê¥Æ¥£¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤âºîÀ®¤Ç¤­¤Þ¤¹¡£

¥­¡¼¥¹¥È¥¢¤Ë¤Ï¡¢Sun ¤¬Ä󶡤¹¤ëÁȤ߹þ¤ß¤Î¥Ç¥Õ¥©¥ë¥È¤Î¼ÂÁõ¤¬¤¢¤ê¤Þ¤¹¡£ ¤³¤ì¤Ï¡¢JKS ¤È¤¤¤¦Ì¾Á°¤ÎÆȼ«¤Î¥­¡¼¥¹¥È¥¢¥¿¥¤¥× (·Á¼°) ¤òÍøÍѤ¹¤ë¤â¤Î¤Ç¡¢ ¥­¡¼¥¹¥È¥¢¤ò¥Õ¥¡¥¤¥ë¤È¤·¤Æ¼ÂÁõ¤·¤Æ¤¤¤Þ¤¹¡£¤³¤Î¼ÂÁõ¤Ç¤Ï¡¢¸Ä¡¹¤ÎÈó¸ø³«¸°¤Ï ¸ÄÊ̤Υѥ¹¥ï¡¼¥É¤Ë¤è¤Ã¤ÆÊݸ¤ì¡¢¥­¡¼¥¹¥È¥¢Á´ÂΤδ°Á´À­¤â (Èó¸ø³«¸°¤È¤Ï Ê̤Î) ¥Ñ¥¹¥ï¡¼¥É¤Ë¤è¤Ã¤ÆÊݸ¤ì¤Þ¤¹¡£

¥­¡¼¥¹¥È¥¢¤Î¼ÂÁõ¤Ï¡¢¥×¥í¥Ð¥¤¥À¥Ù¡¼¥¹¤Ç¤¹¡£¶ñÂÎŪ¤Ë¤Ï¡¢ KeyStore ¤¬Ä󶡤¹¤ë¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤Ï¡¢Service Provider Interface (SPI) ¤È¤¤¤¦·Á¤Ç¼ÂÁõ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£¤Ä¤Þ¤ê¡¢Âбþ¤¹¤ë KeystoreSpi Ãê¾Ý¥¯¥é¥¹ (¤³¤ì¤â java.security ¥Ñ¥Ã¥±¡¼¥¸¤Ë´Þ¤Þ¤ì¤Æ¤¤¤ë) ¤¬¤¢¤ê¡¢¤³¤Î¥¯¥é¥¹ ¤¬ Service Provider Interface ¤Î¥á¥½¥Ã¥É¤òÄêµÁ¤·¤Æ¤¤¤Þ¤¹¡£¤³¤ì¤é¤Î¥á¥½¥Ã¥É¤Ï¡¢ ¡Ö¥×¥í¥Ð¥¤¥À¡×¤¬¼ÂÁõ¤·¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£¤³¤³¤Ç¡¢¡Ö¥×¥í¥Ð¥¤¥À¡×¤È¤Ï¡¢ Java Security API ¤Ë¤è¤Ã¤Æ¥¢¥¯¥»¥¹²Äǽ¤Ê¥µ¡¼¥Ó¥¹¤Î¥µ¥Ö¥»¥Ã¥È¤ËÂФ·¡¢¤½¤Î ¸ÇÄê¼ÂÁõ¤òÄ󶡤¹¤ë¥Ñ¥Ã¥±¡¼¥¸¤Þ¤¿¤Ï¥Ñ¥Ã¥±¡¼¥¸¤Î½¸¹ç¤Î¤³¤È¤Ç¤¹¡£¤·¤¿¤¬¤Ã¤Æ¡¢ ¥­¡¼¥¹¥È¥¢¤Î¼ÂÁõ¤òÄ󶡤¹¤ë¤Ë¤Ï¡¢¡ÖJava °Å¹æ²½¥¢¡¼¥­¥Æ¥¯¥Á¥ãÍÑ¥×¥í¥Ð¥¤¥À¤Î ¼ÂÁõÊýË¡¡×¤ÇÀâÌÀ¤·¤Æ¤¤¤ë¤è¤¦¤Ë¡¢¥¯¥é¥¤¥¢¥ó¥È¤¬¡Ö¥×¥í¥Ð¥¤¥À¡×¤ò¼ÂÁõ¤·¡¢ KeystoreSpi ¥µ¥Ö¥¯¥é¥¹¤Î¼ÂÁõ¤òÄ󶡤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£

¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ç¤Ï¡¢ KeyStore ¥¯¥é¥¹¤¬Ä󶡤¹¤ë getInstance ¥Õ¥¡¥¯¥È¥ê¥á¥½¥Ã¥É¤ò»È¤¦¤³¤È¤Ç¡¢¤µ¤Þ¤¶¤Þ¤Ê¥×¥í¥Ð¥¤¥À ¤«¤é°Û¤Ê¤ë¡Ö¥¿¥¤¥×¡×¤Î¥­¡¼¥¹¥È¥¢¤Î¼ÂÁõ¤òÁªÂò¤Ç¤­¤Þ¤¹¡£¥­¡¼¥¹¥È¥¢¤Î¥¿¥¤¥×¤Ï¡¢ ¥­¡¼¥¹¥È¥¢¾ðÊó¤Î³ÊǼ·Á¼°¤È¥Ç¡¼¥¿·Á¼°¡¢¤ª¤è¤Ó¥­¡¼¥¹¥È¥¢Æâ¤ÎÈó¸ø³«¸°¤È ¥­¡¼¥¹¥È¥¢¼«ÂΤδ°Á´À­¤òÊݸ¤ë¤¿¤á¤Ë»È¤ï¤ì¤ë¥¢¥ë¥´¥ê¥º¥à¤òÄêµÁ¤·¤Þ¤¹¡£ °Û¤Ê¤ë¥¿¥¤¥×¤Î¥­¡¼¥¹¥È¥¢¤Î¼ÂÁõ¤Ë¤Ï¡¢¸ß¤¤¤Ë¸ß´¹À­¤Ï¤¢¤ê¤Þ¤»¤ó¡£

keytool ¤Ï¡¢Ç¤°Õ¤Î¥Õ¥¡¥¤¥ë¥Ù¡¼¥¹¤Î¥­¡¼¥¹¥È¥¢¼ÂÁõ¤ÇÆ°ºî¤·¤Þ¤¹¡£ keytool ¤Ï¡¢¥³¥Þ¥ó¥É¹Ô¤«¤éÅϤµ¤ì¤¿¥­¡¼¥¹¥È¥¢¤Î¾ì½ê¤ò¥Õ¥¡¥¤¥ë̾¤È¤·¤Æ°·¤¤¡¢¤³¤ì¤ò FileInputStream ¤ËÊÑ´¹¤·¤Æ¡¢FileInputStream ¤«¤é¥­¡¼¥¹¥È¥¢¤Î¾ðÊó¤ò¥í¡¼¥É ¤·¤Þ¤¹¡£°ìÊý¡¢ jarsigner(1) ¥Ä¡¼¥ë¤È policytool ¥Ä¡¼¥ë¤Ï¡¢URL ¤Ç»ØÄê²Äǽ¤ÊǤ°Õ¤Î¾ì½ê¤«¤é¥­¡¼¥¹¥È¥¢¤ò Æɤ߹þ¤à¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

keytool ¤È jarsigner(1) ¤Î¾ì¹ç¡¢ -storetype ¥ª¥×¥·¥ç¥ó¤ò»È¤Ã¤Æ¥³¥Þ¥ó¥É¹Ô¤Ç¥­¡¼¥¹¥È¥¢¤Î¥¿¥¤¥×¤ò»ØÄê¤Ç¤­¤Þ¤¹¡£ Policy Tool ¤Î¾ì¹ç¤Ï¡¢[Edit] ¥á¥Ë¥å¡¼¤Î [Change Keystore] ¥³¥Þ¥ó¥É¤ò»È¤Ã¤Æ ¥­¡¼¥¹¥È¥¢¤Î¥¿¥¤¥×¤ò»ØÄê¤Ç¤­¤Þ¤¹¡£

¥­¡¼¥¹¥È¥¢¤Î¥¿¥¤¥×¤òÌÀ¼¨Åª¤Ë»ØÄꤷ¤Ê¤¤¾ì¹ç¡¢keytool¡¢jarsigner¡¢¤ª¤è¤Ó policytool ¤Î³Æ¥Ä¡¼¥ë¤Ï¡¢¥»¥­¥å¥ê¥Æ¥£¥×¥í¥Ñ¥Æ¥£¥Õ¥¡¥¤¥ëÆâ¤Ç»ØÄꤵ¤ì¤¿ keystore.type ¥×¥í¥Ñ¥Æ¥£¤ÎÃͤ˴ð¤Å¤¤¤Æ¥­¡¼¥¹¥È¥¢¤Î¼ÂÁõ¤òÁªÂò¤·¤Þ¤¹¡£ ¥»¥­¥å¥ê¥Æ¥£¥×¥í¥Ñ¥Æ¥£¥Õ¥¡¥¤¥ë¤Ï¡¢ java.security ¤È¤¤¤¦Ì¾Á°¤Ç JDK ¥»¥­¥å¥ê¥Æ¥£¥×¥í¥Ñ¥Æ¥£¥Ç¥£¥ì¥¯¥È¥ê java.home/lib/security ¤ËÃÖ¤«¤ì¤Æ¤¤¤Þ¤¹¡£java.home ¤Ï¡¢JDK ¤Î¥¤¥ó¥¹¥È¡¼¥ëÀè¥Ç¥£¥ì¥¯¥È¥ê¤Ç¤¹¡£

³Æ¥Ä¡¼¥ë¤Ï¡¢keystore.type ¤ÎÃͤò¼èÆÀ¤·¡¢¤³¤ÎÃͤǻØÄꤵ¤ì¤¿¥¿¥¤¥×¤Î¥­¡¼¥¹¥È ¥¢¤ò¼ÂÁõ¤·¤Æ¤¤¤ë¥×¥í¥Ð¥¤¥À¤¬¸«¤Ä¤«¤ë¤Þ¤Ç¡¢¸½ºß¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Æ¤¤¤ë¤¹¤Ù¤Æ ¤Î¥×¥í¥Ð¥¤¥À¤òÄ´¤Ù¤Þ¤¹¡£ÌÜŪ¤Î¥×¥í¥Ð¥¤¥À¤¬¸«¤Ä¤«¤ë¤È¡¢¤½¤Î¥×¥í¥Ð¥¤¥À¤«¤é¤Î ¥­¡¼¥¹¥È¥¢¤Î¼ÂÁõ¤ò»È¤¤¤Þ¤¹¡£

KeyStore ¥¯¥é¥¹¤Ç¤Ï getDefaultType ¤È¤¤¤¦Ì¾Á°¤Î static ¥á¥½¥Ã¥É¤¬ÄêµÁ¤µ¤ì¤Æ¤ª¤ê¡¢ ¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤È¥¢¥×¥ì¥Ã¥È¤Ï¤³¤Î¥á¥½¥Ã¥É¤ò»È¤¦¤³¤È¤Ç keystore.type ¥×¥í¥Ñ¥Æ¥£¤ÎÃͤò¼èÆÀ¤Ç¤­¤Þ¤¹¡£¼¡¤Î¥³¡¼¥É¤Ï¡¢¥Ç¥Õ¥©¥ë¥È¤Î¥­¡¼¥¹¥È¥¢¥¿¥¤¥× ( keystore.type ¥×¥í¥Ñ¥Æ¥£¤Ç»ØÄꤵ¤ì¤¿¥¿¥¤¥×) ¤Î¥¤¥ó¥¹¥¿¥ó¥¹¤òÀ¸À®¤·¤Þ¤¹¡£ 

KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());

¥Ç¥Õ¥©¥ë¥È¤Î¥­¡¼¥¹¥È¥¢¥¿¥¤¥×¤Ï jks (Sun ¤¬Ä󶡤¹¤ëÆȼ«¤Î¥¿¥¤¥×¤Î¥­¡¼¥¹¥È¥¢ ¤Î¼ÂÁõ) ¤Ç¤¹¡£¤³¤ì¤Ï¡¢¥»¥­¥å¥ê¥Æ¥£¥×¥í¥Ñ¥Æ¥£¥Õ¥¡¥¤¥ëÆâ¤Î¼¡¤Î¹Ô¤Ë¤è¤Ã¤Æ»ØÄê ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£ 

keystore.type=jks

³Æ¥Ä¡¼¥ë¤Ç¥Ç¥Õ¥©¥ë¥È°Ê³°¤Î¥­¡¼¥¹¥È¥¢¤Î¼ÂÁõ¤ò»ÈÍѤ¹¤ë¤Ë¤Ï¡¢¾å¤Î¹Ô¤ò Êѹ¹¤·¤ÆÊ̤Υ­¡¼¥¹¥È¥¢¤Î¥¿¥¤¥×¤ò»ØÄꤷ¤Þ¤¹¡£

¤¿¤È¤¨¤Ð¡¢pkcs12 ¤È¸Æ¤Ð¤ì¤ë¥¿¥¤¥×¤Î¥­¡¼¥¹¥È¥¢¤Î¼ÂÁõ¤òÄ󶡤·¤Æ¤¤¤ë ¥×¥í¥Ð¥¤¥À¥Ñ¥Ã¥±¡¼¥¸¤ò»ÈÍѤ¹¤ë¤Ë¤Ï¡¢¾å¤Î¹Ô¤ò¼¡¤Î¤è¤¦¤ËÊѹ¹¤·¤Þ¤¹¡£ 

keystore.type=pkcs12

Ãí: ¥­¡¼¥¹¥È¥¢¤Î¥¿¥¤¥×¤Î»ØÄê¤Ç¤Ï¡¢Âçʸ»ú¤È¾®Ê¸»ú¤Ï¶èÊ̤µ¤ì¤Þ¤»¤ó¡£ ¤¿¤È¤¨¤Ð¡¢JKS ¤È jks ¤ÏƱ¤¸¤â¤Î¤È¤·¤Æ°·¤ï¤ì¤Þ¤¹¡£

 

¥µ¥Ý¡¼¥È¤µ¤ì¤ë¥¢¥ë¥´¥ê¥º¥à¤È¸°¤Î¥µ¥¤¥º

keytool ¤Ç¤Ï¡¢ÅÐÏ¿¤µ¤ì¤Æ¤¤¤ë°Å¹æ²½¥µ¡¼¥Ó¥¹¥×¥í¥Ð¥¤¥À¤¬Ä󶡤¹¤ë¸°¤Î¥Ú¥¢À¸À®¤ª¤è ¤Ó½ð̾¥¢¥ë¥´¥ê¥º¥à¤Î¤¦¤Á¡¢Ç¤°Õ¤Î¥¢¥ë¥´¥ê¥º¥à¤ò»ØÄê¤Ç¤­¤Þ¤¹¡£¤Ä¤Þ¤ê¡¢¤µ¤Þ¤¶¤Þ ¤Ê¥³¥Þ¥ó¥É¤Ç»ØÄꤹ¤ë -keyalg ¥ª¥×¥·¥ç¥ó¤È -sigalg ¥ª¥×¥·¥ç¥ó¤Ï¡¢¥×¥í¥Ð¥¤¥À¼ÂÁõ¤Ë¤è¤Ã¤Æ¥µ¥Ý¡¼¥È¤µ¤ì¤Æ¤¤¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£ ¥Ç¥Õ¥©¥ë¥È¤Î¸°¤Î¥Ú¥¢À¸À®¥¢¥ë¥´¥ê¥º¥à¤Ï DSA ¤Ç¤¹¡£½ð̾¥¢¥ë¥´¥ê¥º¥à¤Ï¡¢´ð¤Ë ¤Ê¤ëÈó¸ø³«¸°¤Î¥¢¥ë¥´¥ê¥º¥à¤«¤éÇÉÀ¸¤·¤Þ¤¹¡£´ð¤Ë¤Ê¤ëÈó¸ø³«¸°¤¬ DSA ¥¿¥¤¥× ¤Ç¤¢¤ë¾ì¹ç¡¢¥Ç¥Õ¥©¥ë¥È¤Î½ð̾¥¢¥ë¥´¥ê¥º¥à¤Ï SHA1withDSA ¤Ë¤Ê¤ê¡¢´ð¤Ë¤Ê¤ë Èó¸ø³«¸°¤¬ RSA ¥¿¥¤¥×¤Ç¤¢¤ë¾ì¹ç¤Ï¡¢¥Ç¥Õ¥©¥ë¥È¤Î½ð̾¥¢¥ë¥´¥ê¥º¥à¤Ï MD5withRSA ¤Ë¤Ê¤ê¤Þ¤¹

DSA ¸°¤Î¥Ú¥¢¤òÀ¸À®¤¹¤ë¾ì¹ç¡¢¸°¤Î¥µ¥¤¥º¤Ï 512 ¡Á 1024 ¥Ó¥Ã¥È¤Ç¤¢¤ëɬÍפ¬ ¤¢¤ê¤Þ¤¹¡£¤Þ¤¿¡¢¸°¤Î¥µ¥¤¥º¤Ï¡¢64 ¤ÎÇÜ¿ô¤Ç¤¢¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¥Ç¥Õ¥©¥ë¥È¤Î¸° ¤Î¥µ¥¤¥º¤Ï¡¢¤É¤Î¥¢¥ë¥´¥ê¥º¥à¤Î¾ì¹ç¤Ç¤â 1024 ¥Ó¥Ã¥È¤Ç¤¹¡£

 

¾ÚÌÀ½ñ

¾ÚÌÀ½ñ (¸ø³«¸°¾ÚÌÀ½ñ¤È¤â¸Æ¤Ö) ¤È¤Ï¡¢¤¢¤ë¥¨¥ó¥Æ¥£¥Æ¥£ (¡Öȯ¹Ô¼Ô¡×) ¤«¤é¤Î ¥Ç¥¸¥¿¥ë½ð̾ÉÕ¤­¤Îʸ½ñ¤Î¤³¤È¤Ç¤¹¡£¾ÚÌÀ½ñ¤Ë¤Ï¡¢¤Û¤«¤Î¤¢¤ë¥¨¥ó¥Æ¥£¥Æ¥£ ( ¡Ö½ð̾¼Ô¡×) ¤Î¸ø³«¸° (¤ª¤è¤Ó¤½¤Î¾¤Î¾ðÊó) ¤¬ÆÃÊ̤ÊÃͤò»ý¤Ã¤Æ¤¤¤ë¤³¤È¤¬ ½ñ¤«¤ì¤Æ¤¤¤Þ¤¹¡£

°Ê²¼¤Ç¤Ï¡¢¤¤¤¯¤Ä¤«¤Î½ÅÍפÊÍѸì¤Ë¤Ä¤¤¤ÆÀâÌÀ¤·¤Þ¤¹¡£

¸ø³«¸°
¸ø³«¸°¤Ï¡¢ÆÃÄê¤Î¥¨¥ó¥Æ¥£¥Æ¥£¤Ë´ØÏ¢ÉÕ¤±¤é¤ì¤¿¿ô¤Ç¤¹¡£¸ø³«¸°¤Ï¡¢ ³ºÅö¤¹¤ë¥¨¥ó¥Æ¥£¥Æ¥£¤È¤Î´Ö¤Ë¿®Íê¤Ç¤­¤ë´Ø·¸¤ò»ý¤ÄɬÍפ¬¤¢¤ë¤¹¤Ù¤Æ ¤Î¿Í¤ËÂФ·¤Æ¸ø³«¤¹¤ë¤³¤È¤ò°Õ¿Þ¤·¤¿¤â¤Î¤Ç¤¹¡£¸ø³«¸°¤Ï¡¢½ð̾¤ò¸¡¾Ú ¤¹¤ë¤Î¤Ë»È¤ï¤ì¤Þ¤¹¡£
¥Ç¥¸¥¿¥ë½ð̾
¥Ç¡¼¥¿¤¬¡Ö¥Ç¥¸¥¿¥ë½ð̾¡×¤µ¤ì¤ë¤È¡¢¤½¤Î¥Ç¡¼¥¿¤Ï¡¢¥¨¥ó¥Æ¥£¥Æ¥£¤Î ¡Ö¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¡×¤È¡¢¤½¤Î¥¨¥ó¥Æ¥£¥Æ¥£¤¬¥Ç¡¼¥¿¤ÎÆâÍƤˤĤ¤¤ÆÃΤäƤ¤¤ë ¤³¤È¤ò¾ÚÌÀ¤¹¤ë½ð̾¤È¤È¤â¤Ë³ÊǼ¤µ¤ì¤Þ¤¹¡£¥¨¥ó¥Æ¥£¥Æ¥£¤ÎÈó¸ø³«¸°¤ò»È¤Ã¤Æ ¥Ç¡¼¥¿¤Ë½ð̾¤òÉÕ¤±¤ë¤È¡¢¥Ç¡¼¥¿¤Îµ¶Â¤¤ÏÉÔ²Äǽ¤Ë¤Ê¤ê¤Þ¤¹¡£
¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£
¥¨¥ó¥Æ¥£¥Æ¥£¤òÆÃÄꤹ¤ë¤¿¤á¤Î´ûÃΤÎÊýË¡¤Ç¤¹¡£¥·¥¹¥Æ¥à¤Ë¤è¤Ã¤Æ¤Ï¡¢ ¸ø³«¸°¤ò¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¤Ë¤¹¤ë¤â¤Î¤¬¤¢¤ê¤Þ¤¹¡£¸ø³«¸°¤Î¤Û¤«¤Ë¤â¡¢Unix UID ¤äÅŻҥ᡼¥ë¥¢¥É¥ì¥¹¡¢X.509 ¼±ÊÌ̾¤Ê¤É¡¢¤µ¤Þ¤¶¤Þ¤Ê¤â¤Î¤ò¥¢¥¤¥Ç¥ó¥Æ¥£ ¥Æ¥£¤È¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£
½ð̾
½ð̾¤Ï¡¢¤Ê¤ó¤é¤«¤Î¥Ç¡¼¥¿¤ò´ð¤Ë¥¨¥ó¥Æ¥£¥Æ¥£ (½ð̾¼Ô¡£¾ÚÌÀ½ñ¤Ë´Ø¤·¤Æ¤Ï ȯ¹Ô¼Ô¤È¤â¸Æ¤Ð¤ì¤ë) ¤ÎÈó¸ø³«¸°¤ò»È¤Ã¤Æ·×»»¤µ¤ì¤Þ¤¹¡£
Èó¸ø³«¸°
Èó¸ø³«¸°¤ÏÆÃÄê¤Î¥¨¥ó¥Æ¥£¥Æ¥£¤À¤±¤¬ÃΤäƤ¤¤ë¿ô¤Î¤³¤È¤Ç¡¢¤³¤Î¿ô¤Î¤³¤È¤ò¡¢ ¤½¤Î¥¨¥ó¥Æ¥£¥Æ¥£¤ÎÈó¸ø³«¸°¤È¤¤¤¤¤Þ¤¹¡£Èó¸ø³«¸°¤Ï¡¢¤Û¤«¤ËÃΤé¤ì¤Ê¤¤¤è¤¦¤Ë ÈëÌ©¤Ë¤·¤Æ¤ª¤¯¤³¤È¤¬Á°Äó¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£¤É¤Î¤è¤¦¤Ê¡Ö¸ø³«¸°°Å¹æ²½¥·¥¹¥Æ¥à¡× ¤Ç¤â¡¢Èó¸ø³«¸°¤È¸ø³«¸°¤¬ÂÐ (¥Ú¥¢) ¤Ç¸ºß¤·¤Þ¤¹¡£DSA ¤Ê¤É¤Îŵ·¿Åª¤Ê¸ø ³«¸°°Å¹æ²½¥·¥¹¥Æ¥à¤Î¾ì¹ç¡¢1 ¤Ä¤ÎÈó¸ø³«¸°¤ÏÀµ³Î¤Ë 1 ¤Ä¤Î¸ø³«¸°¤ËÂбþ ¤·¤Þ¤¹¡£Èó¸ø³«¸°¤Ï¡¢½ð̾¤ò·×»»¤¹¤ë¤Î¤Ë»È¤ï¤ì¤Þ¤¹¡£
¥¨¥ó¥Æ¥£¥Æ¥£
¥¨¥ó¥Æ¥ó¥Æ¥£¤Ï¡¢¿Í¡¢ÁÈ¿¥¡¢¥×¥í¥°¥é¥à¡¢¥³¥ó¥Ô¥å¡¼¥¿¡¢´ë¶È¡¢¶ä¹Ô¤Ê¤É¡¢ °ìÄê¤ÎÅٹ礤¤Ç¿®Íê¤ÎÂоݤȤʤ뤵¤Þ¤¶¤Þ¤Ê¤â¤Î¤ò»Ø¤·¤Þ¤¹¡£

¸ø³«¸°°Å¹æ²½¤Ç¤Ï¡¢¤½¤ÎÀ­¼Á¾å¡¢¥æ¡¼¥¶¤Î¸ø³«¸°¤Ë¥¢¥¯¥»¥¹¤¹¤ëɬÍפ¬ ¤¢¤ê¤Þ¤¹¡£Â絬ÌϤʥͥåȥ¥¯´Ä¶­¤Ç¤Ï¡¢¸ß¤¤¤ËÄÌ¿®¤·¤Æ¤¤¤ë¥¨¥ó¥Æ¥£¥Æ¥£ ´Ö¤Ç°ÊÁ°¤Î´Ø·¸¤¬°ú¤­Â³¤­³ÎΩ¤µ¤ì¤Æ¤¤¤ë¤È²¾Äꤷ¤¿¤ê¡¢»È¤ï¤ì¤Æ¤¤¤ë¤¹ ¤Ù¤Æ¤Î¸ø³«¸°¤ò¼ý¤á¤¿¿®Íê¤Ç¤­¤ë¥ê¥Ý¥¸¥È¥ê¤¬Â¸ºß¤¹¤ë¤È²¾Äꤷ¤¿¤ê¤¹¤ë¤³ ¤È¤ÏÉÔ²Äǽ¤Ç¤¹¡£¾ÚÌÀ½ñ¤Ï¡¢¤³¤Î¤è¤¦¤Ê¸ø³«¸°ÇÛÉÛ¤ÎÌäÂê¤ËÂФ¹¤ë²ò·è ºö¤È¤·¤Æ¹Í°Æ¤µ¤ì¤Þ¤·¤¿¡£¡Ö¾ÚÌÀ½ñȯ¹Ô¶É¡×(CA) ¤Ï¡¢¿®Íê¤Ç¤­¤ëÂè»°¼Ô¤È¤· ¤Æµ¡Ç½¤·¤Þ¤¹¡£CA ¤Ï¡¢¤Û¤«¤Î¥¨¥ó¥Æ¥£¥Æ¥£¤Î¾ÚÌÀ½ñ¤Ë½ð̾¤¹¤ë (ȯ¹Ô¤¹¤ë) ¹Ô°Ù¤ò¡¢¿®Íꤷ¤ÆǤ¤µ¤ì¤Æ¤¤¤ë¥¨¥ó¥Æ¥£¥Æ¥£ (´ë¶È¤Ê¤É) ¤Ç¤¹¡£CA ¤ÏˡΧ¾å ¤Î·ÀÌó¤Ë¹´Â«¤µ¤ì¤ë¤Î¤Ç¡¢Í­¸ú¤«¤Ä¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¤À¤±¤òºîÀ®¤¹¤ë¤â¤Î ¤È¤·¤Æ°·¤ï¤ì¤Þ¤¹¡£VeriSign¡¢Thawte¡¢Entrust ¤ò¤Ï¤¸¤á¡¢Â¿¤¯¤Î CA ¤¬Â¸ºß ¤·¤Þ¤¹¡£Netscapetm ¤ä Microsoft ¤Îǧ¾Ú¥µ¡¼¥Ð¡¢Entrust ¤Î CA À½ÉÊ¤Ê¤É ¤ò½ê°ÁÈ¿¥Æâ¤ÇÍøÍѤ¹¤ì¤Ð¡¢Æȼ«¤Î¾ÚÌÀ½ñȯ¹Ô¶É¤ò±¿±Ä¤¹¤ë¤³¤È¤â²Äǽ¤Ç¤¹¡£

keytool ¤ò»È¤¦¤È¡¢¾ÚÌÀ½ñ¤Îɽ¼¨¡¢¥¤¥ó¥Ý¡¼¥È¡¢¤ª¤è¤Ó¥¨¥¯¥¹¥Ý¡¼¥È¤ò¹Ô¤¦¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£ ¤Þ¤¿¡¢¼«¸Ê½ð̾¾ÚÌÀ½ñ¤òÀ¸À®¤¹¤ë¤³¤È¤â¤Ç¤­¤Þ¤¹¡£

¸½ºß¡¢ keytool ¤Ï X.509 ¾ÚÌÀ½ñ¤òÂоݤˤ·¤Æ¤¤¤Þ¤¹¡£

 

X.509 ¾ÚÌÀ½ñ

X.509 µ¬³Ê¤Ç¤Ï¡¢¾ÚÌÀ½ñ¤Ë´Þ¤á¤ë¾ðÊó¤¬ÄêµÁ¤µ¤ì¤Æ¤ª¤ê¡¢¤³¤Î¾ðÊó¤ò¾ÚÌÀ½ñ¤Ë ½ñ¤­¹þ¤àÊýË¡ (¥Ç¡¼¥¿·Á¼°) ¤Ë¤Ä¤¤¤Æ¤âµ­½Ò¤µ¤ì¤Æ¤¤¤Þ¤¹¡£¤¹¤Ù¤Æ¤Î X.509 ¾ÚÌÀ½ñ¤Ï¡¢½ð̾¤Î¤Û¤«¤Ë¼¡¤Î¥Ç¡¼¥¿¤ò´Þ¤ó¤Ç¤¤¤Þ¤¹¡£

¥Ð¡¼¥¸¥ç¥ó - ¾ÚÌÀ½ñ¤ËŬÍѤµ¤ì¤ë X.509 µ¬³Ê¤Î¥Ð¡¼¥¸¥ç¥ó¤òÆÃÄꤷ¤Þ¤¹¡£¾ÚÌÀ½ñ¤Ë»ØÄê¤Ç ¤­¤ë¾ðÊó¤Ï¡¢¥Ð¡¼¥¸¥ç¥ó¤Ë¤è¤Ã¤Æ°Û¤Ê¤ê¤Þ¤¹¡£¤³¤ì¤Þ¤Ç¤Ë¡¢3 ¤Ä¤Î¥Ð¡¼¥¸¥ç¥ó¤¬ÄêµÁ ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£ keytool ¤Ç¤Ï¡¢v1¡¢v2¡¢¤ª¤è¤Ó v3 ¤Î¾ÚÌÀ½ñ¤Î¥¤¥ó¥Ý¡¼¥È¤È¥¨¥¯¥¹¥Ý¡¼¥È¤¬²Äǽ¤Ç¤¹¡£ keytool ¤¬À¸À®¤¹¤ë¤Î¤Ï¡¢v1 ¤Î¾ÚÌÀ½ñ¤Ç¤¹¡£ ¥·¥ê¥¢¥ëÈÖ¹æ - ¾ÚÌÀ½ñ¤òºîÀ®¤·¤¿¥¨¥ó¥Æ¥£¥Æ¥£¤Ï¡¢¤½¤Î¥¨¥ó¥Æ¥£¥Æ¥£¤¬ ȯ¹Ô¤¹¤ë¤Û¤«¤Î¾ÚÌÀ½ñ¤È ¶èÊ̤¹¤ë¤¿¤á¤Ë¡¢¾ÚÌÀ½ñ¤Ë¥·¥ê¥¢¥ëÈÖ¹æ¤ò³ä¤êÅö¤Æ¤Þ¤¹¡£¤³¤Î¾ðÊó¤Ï¡¢¤µ¤Þ¤¶¤Þ ¤ÊÊýË¡¤Ç»È¤ï¤ì¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢¾ÚÌÀ½ñ¤¬¼è¤ê¾Ã¤µ¤ì¤ë¤È¡¢¥·¥ê¥¢¥ëÈֹ椬¾ÚÌÀ ½ñ¤Î¼è¤ê¾Ã¤·¥ê¥¹¥È (CRL) ¤Ë³ÊǼ¤µ¤ì¤Þ¤¹¡£ ½ð̾¥¢¥ë¥´¥ê¥º¥à¼±ÊÌ»Ò - ¾ÚÌÀ½ñ¤Ë½ð̾¤òÉÕ¤±¤ë¤È¤­¤Ë CA ¤¬»È¤Ã ¤¿¥¢¥ë¥´¥ê¥º¥à¤òÆÃÄꤷ¤Þ¤¹¡£ ȯ¹Ô¼Ô̾ - ¾ÚÌÀ½ñ¤Ë½ð̾¤òÉÕ¤±¤¿¥¨¥ó¥Æ¥£¥Æ¥£¤Î X.500 ¼±ÊÌ̾ ¤Ç¤¹¡£¥¨¥ó¥Æ¥£¥Æ¥£¤Ï¡¢ Ä̾ï¤Ï CA ¤Ç¤¹¡£¤³¤Î¾ÚÌÀ½ñ¤ò»È¤¦¤³¤È¤Ï¡¢¾ÚÌÀ½ñ¤Ë½ð̾¤òÉÕ¤±¤¿¥¨¥ó¥Æ¥£¥Æ¥£ ¤ò¿®Íꤹ¤ë¤³¤È¤ò°ÕÌ£¤·¤Þ¤¹¡£¡Ö¥ë¡¼¥È¡×¤Ä¤Þ¤ê¥È¥Ã¥×¥ì¥Ù¥ë¤Î CA ¤Î¾ÚÌÀ½ñ¤Ê¤É¡¢ ¾ì¹ç¤Ë¤è¤Ã¤Æ¤Ïȯ¹Ô¼Ô¤¬¼«¿È¤Î¾ÚÌÀ½ñ¤Ë½ð̾¤òÉÕ¤±¤ë¤³¤È¤¬¤¢¤ëÅÀ¤ËÃí°Õ¤·¤Æ ¤¯¤À¤µ¤¤¡£ Í­¸ú´ü´Ö - ³Æ¾ÚÌÀ½ñ¤Ï¡¢¸Â¤é¤ì¤¿´ü´Ö¤À¤±Í­¸ú¤Ë¤Ê¤ê¤Þ¤¹¡£ ¤³¤Î´ü´Ö¤Ï³«»Ï¤ÎÆü»þ¤È½ªÎ» ¤ÎÆü»þ¤Ë¤è¤Ã¤Æ»ØÄꤵ¤ì¡¢¿ôÉäÎû¤¤´ü´Ö¤«¤é 100 ǯ¤È¤¤¤¦Ä¹´ü¤Ë¤ï¤¿¤ë¤³¤È¤â ¤¢¤ê¤Þ¤¹¡£Í­¸ú´ü´Ö¤Ï¡¢¾ÚÌÀ½ñ¤Î½ð̾¤Ë»È¤ï¤ì¤¿Èó¸ø³«¸°¤Î¶¯ÅÙ¤ä¾ÚÌÀ½ñ¤Ë ÂФ·¤Æ»Ùʧ¤ï¤ì¤ë¶â³Û¤Ê¤É¡¢¤µ¤Þ¤¶¤Þ¤ÊÍ×°ø¤ò¹Íθ¤·¤ÆÁªÂò¤µ¤ì¤Þ¤¹¡£´ØÏ¢ÉÕ¤± ¤é¤ì¤Æ¤¤¤ëÈó¸ø³«¸°¤¬Â¾¿Í¤ËÃΤé¤ì¤Ê¤¤¸Â¤ê¡¢¥¨¥ó¥Æ¥£¥Æ¥£¤¬¾ÚÌÀ½ñ¤ò¿®Íê¤Ç¤­ ¤ë´ü´Ö¤¬Í­¸ú´ü´Ö¤Ç¤¹¡£ ¼çÂÎ̾ - ¾ÚÌÀ½ñ¤Ë´ØÏ¢ÉÕ¤±¤é¤ì¤¿¸ø³«¸°¤ò½êÍ­¤·¤Æ¤¤¤ë¥¨¥ó¥Æ¥£¥Æ¥£ ¤Î̾Á°¤Ç¤¹¡£ ¥¤¥ó¥¿¡¼¥Í¥Ã¥È¾å¤Ç°ì°Õ¤Î̾Á°¤Ë¤¹¤ë¤¿¤á¡¢¤³¤Î̾Á°¤Ë¤Ï X.500 µ¬³Ê¤¬»È¤ï¤ì ¤Þ¤¹¡£¤³¤ì¤Ï¡¢¥¨¥ó¥Æ¥£¥Æ¥£¤Î X.500 ¼±ÊÌ̾ (DN) ¤Ç¤¹¡£¤¿¤È¤¨¤Ð¡¢¼¡¤Î¤è¤¦¤Ë¤Ê ¤ê¤Þ¤¹¡£ 

CN=Java Duke, OU=Java Software Division, O=Sun Microsystems Inc, C=US

¤³¤ì¤é¤Ï¤½¤ì¤¾¤ì¼çÂΤÎÄ̾Ρ¢ÁÈ¿¥Ã±°Ì¡¢ÁÈ¿¥¡¢¹ñ¤òɽ¤·¤Þ¤¹¡£ ¼çÂΤθø³«¸°¾ðÊó - ̾Á°¤òÉÕ¤±¤é¤ì¤¿¥¨¥ó¥Æ¥£¥Æ¥£¤Î¸ø³«¸°¤È ¥¢¥ë¥´¥ê¥º¥à¼±Ê̻ҤǤ¹¡£ ¥¢¥ë¥´¥ê¥º¥à¼±Ê̻ҤǤϡ¢¸ø³«¸°¤ËÂФ·¤Æ»È¤ï¤ì¤Æ¤¤¤ë¸ø³«¸°°Å¹æ²½¥·¥¹¥Æ¥à ¤ª¤è¤Ó´ØÏ¢¤¹¤ë¸°¥Ñ¥é¥á¡¼¥¿¤¬»ØÄꤵ¤ì¤Æ¤¤¤Þ¤¹¡£

X.509 Version 1 ¤Ï¡¢1988 ǯ¤«¤éÍøÍѤµ¤ì¤Æ¹­¤¯ÉáµÚ¤·¤Æ¤ª¤ê¡¢¤â¤Ã¤È¤â°ìÈÌŪ¤Ç¤¹¡£

X.509 Version 2 ¤Ç¤Ï¡¢¼çÂΤäȯ¹Ô¼Ô¤Î̾Á°¤ò¤¢¤È¤ÇºÆÍøÍѤǤ­¤ë¤è¤¦¤Ë¤¹¤ë¤¿¤á¤Ë¡¢¼çÂÎ¤È È¯¹Ô¼Ô¤È¤Ë°ì°Õ¼±Ê̻ҤγµÇ°¤¬Æ³Æþ¤µ¤ì¤Þ¤·¤¿¡£¤¿¤À¤·¡¢¤Û¤È¤ó¤É¤Î¾ÚÌÀ½ñ ¥×¥í¥Õ¥¡¥¤¥ëʸ½ñ¤Ç¤Ï¡¢Ì¾Á°¤ÎºÆÍøÍѤª¤è¤Ó¾ÚÌÀ½ñ¤Ç¤Î°ì°Õ¼±Ê̻ҤÎÍøÍÑ ¤ò¿ä¾©¤·¤Æ¤¤¤Þ¤»¤ó¡£Version 2 ¤Î¾ÚÌÀ½ñ¤Ï¡¢¹­¤¯ÉáµÚ¤·¤Æ¤¤¤ë¤È¤Ï¤¤¤¨¤Þ¤»¤ó¡£

X.509 Version 3 ¤Ï¤â¤Ã¤È¤â¿·¤·¤¤ (1996 ǯ) µ¬³Ê¤Ç¡¢¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤Î³µÇ°¤ò¥µ¥Ý¡¼¥È¤·¤Æ ¤¤¤Þ¤¹¡£¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤Ïï¤Ç¤âÄêµÁ¤¹¤ë¤³¤È¤¬¤Ç¤­¡¢¾ÚÌÀ½ñ¤Ë´Þ¤á¤ë¤³¤È ¤¬¤Ç¤­¤Þ¤¹¡£¸½ºß»È¤ï¤ì¤Æ¤¤¤ë°ìÈÌŪ¤Ê¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤È¤·¤Æ¤Ï¡¢KeyUsage (¡Ö½ð̾ÀìÍѡפʤɡ¢¸°¤Î»ÈÍѤòÆÃÄê¤ÎÌÜŪ¤ËÀ©¸Â¤¹¤ë)¡¢AlternativeNames (¤¿¤È¤¨¤Ð¡¢DNS ̾¡¢ÅŻҥ᡼¥ë¥¢¥É¥ì¥¹¡¢IP ¥¢¥É¥ì¥¹¤Ê¤É¡¢¤Û¤«¤Î¥¢¥¤¥Ç¥ó¥Æ¥£ ¥Æ¥£¤ò¸ø³« ¸°¤Ë´ØÏ¢ÉÕ¤±¤ë¤³¤È¤¬¤Ç¤­¤ë) ¤Ê¤É¤¬¤¢¤ê¤Þ¤¹¡£¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤Ë¤Ï¡¢critical ¤È¤¤¤¦¥Þ¡¼¥¯¤òÉÕ¤±¤Æ¡¢¤½¤Î¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤Î¥Á¥§¥Ã¥¯¤È»ÈÍѤòµÁ̳¤Å¤±¤ë¤³¤È ¤¬¤Ç¤­¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢critical ¤È¥Þ¡¼¥¯¤µ¤ì¡¢KeyCertSign ¤¬ÀßÄꤵ¤ì¤¿ KeyUsage ¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤¬¾ÚÌÀ½ñ¤Ë´Þ¤Þ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢¤³¤Î¾ÚÌÀ½ñ¤ò SSL ÄÌ¿®Ãæ¤ËÄ󼨤¹¤ë¤È¡¢¾ÚÌÀ½ñ¤¬µñÈݤµ¤ì¤Þ¤¹¡£¤³¤ì¤Ï¡¢¾ÚÌÀ½ñ¤Î¥¨¥¯¥¹¥Æ¥ó¥· ¥ç¥ó¤Ë¤è¤Ã¤Æ¡¢´ØÏ¢¤¹¤ëÈó¸ø³«¸°¤¬¾ÚÌÀ½ñ¤Î½ð̾ÀìÍѤȤ·¤Æ»ØÄꤵ¤ì¤Æ¤ª¤ê¡¢SSL ¤Ç¤Ï»ÈÍѤǤ­¤Ê¤¤¤¿¤á¤Ç¤¹¡£

¾ÚÌÀ½ñ¤Î¤¹¤Ù¤Æ¤Î¥Ç¡¼¥¿¤Ï¡¢ASN.1/DER ¤È¸Æ¤Ð¤ì¤ë 2 ¤Ä¤Î´ØÏ¢µ¬³Ê¤ò »È¤Ã¤ÆÉä¹æ²½¤µ¤ì¤Þ¤¹¡£¡Ö Abstract Syntax Notation 1 ¡×¤Ï¥Ç¡¼¥¿¤Ë¤Ä¤¤¤Æµ­½Ò¤·¤Æ¤¤¤Þ¤¹¡£¡ÖDefinite Encoding Rules¡×¤Ï¡¢¥Ç¡¼¥¿¤Î Êݸ¤ª¤è¤ÓžÁ÷¤ÎÊýË¡¤Ë¤Ä¤¤¤Æµ­½Ò¤·¤Æ¤¤¤Þ¤¹¡£

 

X.500 ¼±ÊÌ̾

X.500 ¼±ÊÌ̾¤Ï¡¢¥¨¥ó¥Æ¥£¥Æ¥£¤òÆÃÄꤹ¤ë¤¿¤á¤Ë»È¤ï¤ì¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢X.509 ¾ÚÌÀ½ñ¤Î subject ¥Õ¥£¡¼¥ë¥É¤È issuer (½ð̾¼Ô) ¥Õ¥£¡¼¥ë¥É¤Ç»ØÄꤵ¤ì¤ë̾Á°¤Ï¡¢ X.500 ¼±ÊÌ̾¤Ç¤¹¡£ keytool ¤Ï¡¢¼¡¤Î¥µ¥Ö¥Ñ¡¼¥È¤ò¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Þ¤¹¡£

*
commonName-¿Í¤ÎÄ̾Ρ£¡ÖSusan Jones¡×¤Ê¤É
*
organizationUnit-¾®¤µ¤ÊÁÈ¿¥ (Éô¡¢²Ý¤Ê¤É) ¤Î̾¾Î¡£¡Ö»ÅÆþÉô¡×¤Ê¤É
*
organizationName-Â礭¤ÊÁÈ¿¥¤Î̾¾Î¡£¡ÖABCSystems, Inc.¡×¤Ê¤É
*
localityName-ÃÏ°è (ÅÔ»Ô) ̾¡£¡ÖPalo Alto¡×¤Ê¤É
*
stateName-½£Ì¾¤Þ¤¿¤ÏÃÏÊý̾¡£¡ÖCalifornia¡×¤Ê¤É
*
country-2 ʸ»ú¤Î¹ñÈֹ档¡ÖCH¡×¤Ê¤É

-genkey ¥µ¥Ö¥³¥Þ¥ó¥É¤Þ¤¿¤Ï -selfcert ¥µ¥Ö¥³¥Þ¥ó¥É¤Î -dname ¥ª¥×¥·¥ç¥ó¤ÎÃͤȤ·¤Æ¼±ÊÌ̾ʸ»úÎó¤ò»ØÄꤹ¤ë¾ì¹ç¤Ï¡¢¼¡¤Î·Á¼°¤Ç»ØÄê ¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£ 

CN=cName, OU=orgUnit, O=org, L=city, S=state, C=countryCode

¥¤¥¿¥ê¥Ã¥¯ÂΤιàÌܤϡ¢¼ÂºÝ¤Ë»ØÄꤹ¤ëÃͤòɽ¤·¤Þ¤¹¡£Ã»½Ì·Á¤Î¥­¡¼¥ï¡¼¥É¤Î °ÕÌ£¤Ï¡¢¼¡¤Î¤È¤ª¤ê¤Ç¤¹¡£ 

CN=commonName
OU=organizationUnit
O=organizationName
L=localityName
S=stateName
C=country

¼¡¤Ë¼¨¤¹¤Î¤Ï¡¢¼±ÊÌ̾ʸ»úÎó¤ÎÎã¤Ç¤¹¡£ 

CN=Mark Smith, OU=Java, O=Sun, L=Cupertino, S=California, C=US

¼¡¤Ï¡¢¤³¤Îʸ»úÎó¤ò»È¤Ã¤¿¥³¥Þ¥ó¥É¤ÎÎã¤Ç¤¹¡£ 

example% keytool -genkey -dname "CN=Mark Smith, OU=Java, 
O=Sun, L=Cupertino, S=California, C=US" -alias mark

¥­¡¼¥ï¡¼¥É¤Îû½Ì·Á¤Ç¤Ï¡¢Âçʸ»ú¤È¾®Ê¸»ú¤Ï¶èÊ̤µ¤ì¤Þ¤»¤ó¡£¤¿¤È¤¨¤Ð¡¢ CN ¡¢ cn ¡¢¤ª¤è¤Ó Cn ¤Ï¡¢¤É¤ì¤âƱ¤¸¤â¤Î¤È¤·¤Æ°·¤ï¤ì¤Þ¤¹¡£

°ìÊý¡¢¥­¡¼¥ï¡¼¥É¤Î»ØÄê½ç½ø¤Ë¤Ï°ÕÌ£¤¬¤¢¤ê¡¢³Æ¥µ¥Ö¥³¥ó¥Ý¡¼¥Í¥ó¥È¤Ï¾å¤Ë ¼¨¤·¤¿½ç½ø¤Ç»ØÄꤹ¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¤¿¤À¤·¡¢¥µ¥Ö¥³¥ó¥Ý¡¼¥Í¥ó¥È¤ò¤¹¤Ù¤Æ »ØÄꤹ¤ëɬÍפϤ¢¤ê¤Þ¤»¤ó¡£¤¿¤È¤¨¤Ð¡¢¼¡¤Î¤è¤¦¤Ë°ìÉô¤Î¥µ¥Ö¥³¥ó¥Ý¡¼¥Í¥ó¥È ¤À¤±¤ò»ØÄê¤Ç¤­¤Þ¤¹¡£ 

CN=Steve Meier, OU=SunSoft, O=Sun, C=US

¼±ÊÌ̾ʸ»úÎó¤ÎÃͤ˥³¥ó¥Þ¤¬´Þ¤Þ¤ì¤ë¾ì¹ç¤Ë¥³¥Þ¥ó¥É¹Ô¤Îʸ»úÎó¤ò»ØÄꤹ¤ë ¤È¤­¤Ë¤Ï¡¢¼¡¤Î¤è¤¦¤Ë¡¢¥³¥ó¥Þ¤ò \ ʸ»ú¤Ç¥¨¥¹¥±¡¼¥×¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£ 

cn=peter schuster, o=Sun Microsystems\, Inc., o=sun, c=us

¼±ÊÌ̾ʸ»úÎó¤ò¥³¥Þ¥ó¥É¹Ô¤Ç»ØÄꤹ¤ëɬÍפϤ¢¤ê¤Þ¤»¤ó¡£¼±ÊÌ̾¤òɬÍפȤ¹¤ë ¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¤È¤­¤Ë¡¢¥³¥Þ¥ó¥É¹Ô¤Ç¼±ÊÌ̾¤ò»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï¡¢³Æ ¥µ¥Ö¥³¥ó¥Ý¡¼¥Í¥ó¥È¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£¤³¤Î¾ì¹ç¤Ï¡¢¥³¥ó¥Þ¤ò \ ʸ»ú¤Ç ¥¨¥¹¥±¡¼¥×¤¹¤ëɬÍפϤ¢¤ê¤Þ¤»¤ó¡£

 

¥¤¥ó¥¿¡¼¥Í¥Ã¥È RFC 1421 ¾ÚÌÀ½ñ¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°

¿¤¯¤Î¾ì¹ç¡¢¾ÚÌÀ½ñ¤Ï¡¢¥Ð¥¤¥Ê¥ê¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°¤Ç¤Ï¤Ê¤¯¡¢¥¤¥ó¥¿¡¼¥Í¥Ã¥È RFC 1421 µ¬³Ê¤ÇÄêµÁ¤µ¤ì¤Æ¤¤¤ë¥×¥ê¥ó¥È²Äǽ¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°Êý¼°¤ò»È¤Ã¤Æ ³ÊǼ¤µ¤ì¤Þ¤¹¡£¡ÖBase 64 ¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°¡×¤È¤â¸Æ¤Ð¤ì¤ë¤³¤Î¾ÚÌÀ½ñ·Á¼°¤Ç¤Ï¡¢ ÅŻҥ᡼¥ë¤ä¤½¤Î¾¤Îµ¡¹½¤òÄ̤¸¤Æ¡¢¤Û¤«¤Î¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ë¾ÚÌÀ½ñ¤òÍÆ°× ¤Ë¥¨¥¯¥¹¥Ý¡¼¥È¤Ç¤­¤Þ¤¹¡£

-import ¥µ¥Ö¥³¥Þ¥ó¥É¤È -printcert ¥µ¥Ö¥³¥Þ¥ó¥É¤Ç¤Ï¡¢¤³¤Î·Á¼°¤Î¾ÚÌÀ½ñ¤È¥Ð¥¤¥Ê¥ê¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°¤Î¾ÚÌÀ½ñ¤ò Æɤ߹þ¤à¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

-export ¥µ¥Ö¥³¥Þ¥ó¥É¤Ç¤Ï¡¢¥Ç¥Õ¥©¥ë¥È¤Ç¥Ð¥¤¥Ê¥ê¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°¤Î¾ÚÌÀ½ñ¤¬½ÐÎϤµ¤ì¤Þ¤¹¡£ ¤¿¤À¤·¡¢ -rfc ¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤¿¾ì¹ç¤Ï¡¢¥×¥ê¥ó¥È²Äǽ¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°Êý¼°¤Î¾ÚÌÀ½ñ¤¬ ½ÐÎϤµ¤ì¤Þ¤¹¡£

-list ¥µ¥Ö¥³¥Þ¥ó¥É¤Ç¤Ï¡¢¥Ç¥Õ¥©¥ë¥È¤Ç¾ÚÌÀ½ñ¤Î MD5 ¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤¬½ÐÎϤµ¤ì¤Þ¤¹¡£ -v ¥ª¥×¥·¥ç¥ó¤ò»ØÄꤹ¤ë¤È¡¢¿Í´Ö¤¬Æɤळ¤È¤Î¤Ç¤­¤ë·Á¼°¤Ç¾ÚÌÀ½ñ¤¬½ÐÎϤµ¤ì¤Þ¤¹¡£ °ìÊý¡¢ -rfc ¥ª¥×¥·¥ç¥ó¤ò»ØÄꤹ¤ë¤È¡¢¥×¥ê¥ó¥È²Äǽ¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°Êý¼°¤Ç¾ÚÌÀ½ñ¤¬½ÐÎϤµ¤ì ¤Þ¤¹¡£

¥×¥ê¥ó¥È²Äǽ¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°Êý¼°¤ÇÉä¹æ²½¤µ¤ì¤¿¾ÚÌÀ½ñ¤Ï¡¢¼¡¤Î¹Ô¤Ç»Ï¤Þ¤ê¤Þ¤¹¡£ 

-----BEGIN CERTIFICATE-----

ºÇ¸å¤Ï¡¢¼¡¤Î¹Ô¤Ç½ª¤ï¤ê¤Þ¤¹¡£ 

-----END CERTIFICATE-----

 

¾ÚÌÀÏ¢º¿

keytool ¤Ç¤Ï¡¢Èó¸ø³«¸°¤ª¤è¤Ó´ØÏ¢¤¹¤ë¾ÚÌÀ¡ÖÏ¢º¿¡×¤ò´Þ¤à¥­¡¼¥¹¥È¥¢¤Î¡Ö¸°¡×¥¨¥ó¥È¥ê¤ò ºîÀ®¤·¡¢´ÉÍý¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£¤³¤Î¤è¤¦¤Ê¥¨¥ó¥È¥ê¤Ç¤Ï¡¢Èó¸ø³«¸°¤ËÂбþ¤¹¤ë ¸ø³«¸°¤Ï¡¢Ï¢º¿¤ÎºÇ½é¤Î¾ÚÌÀ½ñ¤Ë´Þ¤Þ¤ì¤Æ¤¤¤Þ¤¹¡£

¸°¤ò½é¤á¤ÆºîÀ®¤¹¤ë¤È ( -genkey ¥µ¥Ö¥³¥Þ¥ó¥É¤ò»²¾È)¡¢¡Ö¼«¸Ê½ð̾¾ÚÌÀ½ñ¡×¤È¤¤¤¦ 1 ¤Ä¤ÎÍ×ÁǤÀ¤±¤ò´Þ¤àÏ¢º¿¤¬³«»Ï ¤µ¤ì¤Þ¤¹¡£¼«¸Ê½ð̾¾ÚÌÀ½ñ¤È¤Ï¡¢È¯¹Ô¼Ô (½ð̾¼Ô) ¤È¼çÂÎ (¾ÚÌÀ½ñ¤Ë¤è¤Ã¤Æǧ¾Ú ¤µ¤ì¤ë¸ø³«¸°¤ò½êÍ­¤·¤Æ¤¤¤ë¥¨¥ó¥Æ¥£¥Æ¥£) ¤È¤¬Æ±°ì¤Î¾ÚÌÀ½ñ¤Î¤³¤È¤Ç¤¹¡£ -genkey ¥µ¥Ö¥³¥Þ¥ó¥É¤ò¸Æ¤Ó½Ð¤·¤Æ¿·¤·¤¤¸ø³«¸°¤ÈÈó¸ø³«¸°¤Î¥Ú¥¢¤òºîÀ®¤¹¤ë¤È¡¢¸ø³«¸°¤Ï ¾ï¤Ë¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Ç¥é¥Ã¥×¤µ¤ì¤Þ¤¹¡£

¤³¤Î¤¢¤È¡¢¾ÚÌÀ½ñ½ð̾Í×µá (CSR) ¤¬À¸À®¤µ¤ì¤Æ ( -certreq ¥µ¥Ö¥³¥Þ¥ó¥É¤ò»²¾È)¡¢CSR ¤¬¾ÚÌÀ½ñȯ¹Ô¶É (CA) ¤ËÁ÷¿®¤µ¤ì¤ë¤È¡¢CA ¤«¤é¤Î ±þÅú¤¬¥¤¥ó¥Ý¡¼¥È¤µ¤ì ( -import ¥³¥Þ¥ó¥É¤ò»²¾È)¡¢¸µ¤Î¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Ï¾ÚÌÀÏ¢º¿¤Ë¤è¤Ã¤ÆÃÖ¤­´¹¤¨¤é¤ì¤Þ¤¹¡£ Ï¢º¿¤ÎºÇ¸å¤Ë¤¢¤ë¤Î¤Ï¡¢¼çÂΤθø³«¸°¤òǧ¾Ú¤·¤¿ CA ¤¬È¯¹Ô¤·¤¿¾ÚÌÀ½ñ (±þÅú) ¤Ç¤¹¡£Ï¢º¿Æâ¤Î¤½¤ÎÁ°¤Î¾ÚÌÀ½ñ¤Ï¡¢¡ÖCA¡×¤Î¸ø³«¸°¤òǧ¾Ú¤¹¤ë¾ÚÌÀ½ñ¤Ç¤¹¡£

CA ¤Î¸ø³«¸°¤òǧ¾Ú¤¹¤ë¾ÚÌÀ½ñ¤Ï¡¢Â¿¤¯¤Î¾ì¹ç¡¢¼«¸Ê½ð̾¾ÚÌÀ½ñ (¤Ä¤Þ¤ê CA ¤¬¼«¿È¤Î¸ø³«¸°¤òǧ¾Ú¤·¤¿¾ÚÌÀ½ñ) ¤Ç¤¢¤ê¡¢¤³¤ì¤ÏÏ¢º¿¤ÎºÇ½é¤Î¾ÚÌÀ½ñ¤Ë¤Ê¤ê ¤Þ¤¹¡£¾ì¹ç¤Ë¤è¤Ã¤Æ¤Ï¡¢CA ¤¬¾ÚÌÀ¤ÎÏ¢º¿¤òÊÖ¤¹¤³¤È¤â¤¢¤ê¤Þ¤¹¡£¤³¤Î¾ì¹ç¡¢Ï¢º¿ Æâ¤ÎºÇ¸å¤Î¾ÚÌÀ½ñ (CA ¤Ë¤è¤Ã¤Æ½ð̾¤µ¤ì¡¢¸°¥¨¥ó¥È¥ê¤Î¸ø³«¸°¤òǧ¾Ú¤¹¤ë¾Ú ÌÀ½ñ) ¤ËÊѤï¤ê¤Ï¤¢¤ê¤Þ¤»¤ó¤¬¡¢Ï¢º¿Æâ¤Î¤½¤ÎÁ°¤Î¾ÚÌÀ½ñ¤Ï¡¢CSR ¤ÎÁ÷¿®Àè ¤Î CA ¤È¤Ï¡ÖÊ̤Ρ×CA ¤Ë¤è¤Ã¤Æ½ð̾¤µ¤ì¡¢CSR ¤ÎÁ÷¿®Àè¤Î CA ¤Î¸ø³«¸°¤òǧ ¾Ú¤¹¤ë¾ÚÌÀ½ñ¤Ë¤Ê¤ê¤Þ¤¹¡£¤µ¤é¤Ë¡¢Ï¢º¿Æâ¤Î¤½¤ÎÁ°¤Î¾ÚÌÀ½ñ¤Ï¡¢¼¡¤Î CA ¤Î¸° ¤òǧ¾Ú¤¹¤ë¾ÚÌÀ½ñ¤Ë¤Ê¤ê¤Þ¤¹¡£°Ê²¼Æ±Íͤˡ¢¼«¸Ê½ð̾¤µ¤ì¤¿¡Ö¥ë¡¼¥È¡×¾ÚÌÀ½ñ¤Ë 㤹¤ë¤Þ¤ÇÏ¢º¿¤¬Â³¤­¤Þ¤¹¡£¤·¤¿¤¬¤Ã¤Æ¡¢Ï¢º¿Æâ¤Î (ºÇ½é¤Î¾ÚÌÀ½ñ°Ê¸å¤Î) ³Æ¾ÚÌÀ½ñ¤Ç¤Ï¡¢Ï¢º¿Æâ¤Î¼¡¤Î¾ÚÌÀ½ñ¤Î½ð̾¼Ô¤Î¸ø³«¸°¤¬Ç§¾Ú¤µ¤ì¤Æ¤¤¤ë¤³ ¤È¤Ë¤Ê¤ê¤Þ¤¹¡£

¿¤¯¤Î CA ¤Ï¡¢Ï¢º¿¤ò¥µ¥Ý¡¼¥È¤»¤º¤Ëȯ¹ÔºÑ¤ß¤Î¾ÚÌÀ½ñ¤À¤±¤òÊÖ¤·¤Þ¤¹¡£ Æäˡ¢Ãæ´Ö¤Î CA ¤¬Â¸ºß¤·¤Ê¤¤¥Õ¥é¥Ã¥È¤Ê³¬Áع½Â¤¤Î¾ì¹ç¤Ï¡¢¤½¤Î·¹¸þ¤¬ ¸²Ãø¤Ç¤¹¡£¤³¤Î¤è¤¦¤Ê¾ì¹ç¤Ï¡¢¥­¡¼¥¹¥È¥¢¤Ë¤¹¤Ç¤Ë³ÊǼ¤µ¤ì¤Æ¤¤¤ë¿®Íê¤Ç¤­ ¤ë¾ÚÌÀ½ñ¾ðÊ󤫤顢¾ÚÌÀÏ¢º¿¤ò³ÎΩ¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£

Ê̤αþÅú·Á¼° (PKCS#7 ¤ÇÄêµÁ¤µ¤ì¤Æ¤¤¤ë·Á¼°) ¤Ç¤â¡¢È¯¹ÔºÑ¤ß¾ÚÌÀ½ñ¤Ë ²Ã¤¨¡¢¾ÚÌÀ½ñÏ¢º¿¤Î¥µ¥Ý¡¼¥È¤¬´Þ¤Þ¤ì¤Æ¤¤¤Þ¤¹¡£ keytool ¤Ç¤Ï¡¢¤É¤Á¤é¤Î±þÅú·Á¼°¤â°·¤¦¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

¥È¥Ã¥×¥ì¥Ù¥ë (¥ë¡¼¥È) CA ¤Î¾ÚÌÀ½ñ¤Ï¡¢¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Ç¤¹¡£¤¿¤À¤·¡¢¥ë¡¼¥È¤Î ¸ø³«¸°¤ËÂФ¹¤ë¿®Íê¤Ï¡¢¥ë¡¼¥È¤Î¾ÚÌÀ½ñ¼«ÂΤ«¤éƳ¤­½Ð¤µ¤ì¤ë¤â¤Î¤Ç¤Ï¤Ê¤¯ (¤¿¤È¤¨¤Ð¡¢VeriSign ¥ë¡¼¥È CA ¤Î¤è¤¦¤Êͭ̾¤Ê¼±ÊÌ̾¤ò»È¤Ã¤¿¼«¸Ê½ð̾¾ÚÌÀ½ñ ¤òºîÀ®¤¹¤ë¤³¤È¼«ÂΤÏï¤Ç¤â²Äǽ)¡¢¿·Ê¹¤Ê¤É¤Î¤Û¤«¤Î¾ðÊ󸻤ËͳÍ褹¤ë¤â¤Î¤Ç ¤¹¡£¥ë¡¼¥È CA ¤Î¸ø³«¸°¤Ï¹­¤¯ÃΤé¤ì¤Æ¤¤¤Þ¤¹¡£¥ë¡¼¥È CA ¤Î¸ø³«¸°¤ò¾ÚÌÀ½ñ ¤Ë³ÊǼ¤¹¤ëÍýͳ¤Ï¡¢¾ÚÌÀ½ñ¤È¤¤¤¦·Á¼°¤Ë¤¹¤ë¤³¤È¤Ç¿¤¯¤Î¥Ä¡¼¥ë¤«¤éÍøÍѤǤ­¤ë ¤è¤¦¤Ë¤Ê¤ë¤«¤é¤Ë¤¹¤®¤Þ¤»¤ó¡£¤Ä¤Þ¤ê¡¢¾ÚÌÀ½ñ¤Ï¡¢¥ë¡¼¥È CA ¤Î¸ø³«¸°¤ò±¿¤Ö ¡ÖÇÞÂΡפȤ·¤ÆÍøÍѤµ¤ì¤ë¤À¤±¤Ç¤¹¡£¥ë¡¼¥È CA ¤Î¾ÚÌÀ½ñ¤ò¥­¡¼¥¹¥È¥¢¤ËÄɲä¹ ¤ë¤È¤­¤Ï¡¢¤½¤ÎÁ°¤Ë¾ÚÌÀ½ñ¤ÎÆâÍƤòɽ¼¨¤· (-printcert ¥ª¥×¥·¥ç¥ó¤ò»ÈÍÑ)¡¢É½¼¨ ¤µ¤ì¤¿¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤È¡¢¿·Ê¹¤ä¥ë¡¼¥È CA ¤Î Web ¥Ú¡¼¥¸¤Ê¤É¤«¤éÆþ¼ê¤·¤¿ ´ûÃΤΥե£¥ó¥¬¡¼¥×¥ê¥ó¥È¤È¤òÈæ³Ó¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£

 

¾ÚÌÀ½ñ¤Î¥¤¥ó¥Ý¡¼¥È

¾ÚÌÀ½ñ¤ò¥Õ¥¡¥¤¥ë¤«¤é¥¤¥ó¥Ý¡¼¥È¤¹¤ë¤Ë¤Ï¡¢ -import ¥µ¥Ö¥³¥Þ¥ó¥É¤ò»È¤¤¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢¼¡¤Î¤è¤¦¤Ë¤·¤Þ¤¹¡£ 

example% keytool -import -alias joe -file jcertfile.cer

¤³¤ÎÎã¤Ï¡¢¥Õ¥¡¥¤¥ë jcertfile.cer ¤Î¾ÚÌÀ½ñ¤ò¥¤¥ó¥Ý¡¼¥È¤·¡¢ÊÌ̾ joe ¤Ë¤è¤Ã¤ÆÆÃÄꤵ¤ì¤ë¥­¡¼¥¹¥È¥¢¥¨¥ó¥È¥ê¤Ë¾ÚÌÀ½ñ¤ò³ÊǼ¤·¤Þ¤¹¡£

¾ÚÌÀ½ñ¤Î¥¤¥ó¥Ý¡¼¥È¤Ë¤Ï¡¢¼¡¤Î 2 ¤Ä¤ÎÌÜŪ¤¬¤¢¤ê¤Þ¤¹¡£

1.
¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¤Î¥ê¥¹¥È¤Ë¾ÚÌÀ½ñ¤òÄɲ乤ë
2.
CA ¤Ë¾ÚÌÀ½ñ½ð̾Í×µá ( -certreq ¥µ¥Ö¥³¥Þ¥ó¥É¤ò»²¾È) ¤òÁ÷¿®¤·¤¿·ë²Ì¤È¤·¤Æ¡¢CA ¤«¤é¼õ¤±¼è¤Ã¤¿¾ÚÌÀ½ñ±þÅú¤ò ¥¤¥ó¥Ý¡¼¥È¤¹¤ë

¤É¤Á¤é¤Î¼ïÎà¤Î¥¤¥ó¥Ý¡¼¥È¤ò¹Ô¤¦¤«¤Ï¡¢ -alias ¥ª¥×¥·¥ç¥ó¤ÎÃͤˤè¤Ã¤Æ»ØÄꤷ¤Þ¤¹¡£»ØÄꤷ¤¿ÊÌ̾¤¬¥Ç¡¼¥¿¥Ù¡¼¥¹Æâ¤Ë¸ºß¤·¡¢ ¤½¤ÎÊÌ̾¤Ë¤è¤Ã¤ÆÈó¸ø³«¸°¤ò»ý¤Ä¥¨¥ó¥È¥ê¤¬ÆÃÄꤵ¤ì¤ë¾ì¹ç¤Ï¡¢¾ÚÌÀ½ñ±þÅú ¤Î¥¤¥ó¥Ý¡¼¥È¤¬»ØÄꤵ¤ì¤¿¤â¤Î¤È¤ß¤Ê¤µ¤ì¤Þ¤¹¡£ keytool ¤Ï¡¢¾ÚÌÀ½ñ±þÅúÆâ¤Î¸ø³«¸°¤¬¡¢»ØÄꤵ¤ì¤¿ÊÌ̾¤Ç³ÊǼ¤µ¤ì¤¿¸ø³«¸°¤È°ìÃפ¹ ¤ë¤«¤É¤¦¤«¤òÄ´¤Ù¡¢°ìÃפ·¤Ê¤¤¾ì¹ç¤Ï½èÍý¤ò¹Ô¤¤¤Þ¤»¤ó¡£»ØÄꤵ¤ì¤¿ÊÌ̾¤Ç ÆÃÄꤵ¤ì¤ë¥­¡¼¥¹¥È¥¢¥¨¥ó¥È¥ê¤¬¡¢¾åµ­°Ê³°¤Î¼ïÎà¤Î¥¨¥ó¥È¥ê¤Ç¤¢¤ë¾ì¹ç¡¢¾ÚÌÀ½ñ ¤Ï¥¤¥ó¥Ý¡¼¥È¤µ¤ì¤Þ¤»¤ó¡£»ØÄꤵ¤ì¤¿ÊÌ̾¤¬Â¸ºß¤·¤Ê¤¤¾ì¹ç¤Ï¡¢ÊÌ̾¤¬ºîÀ®¤µ¤ì¡¢ ºîÀ®¤µ¤ì¤¿ÊÌ̾¤Ï¡¢¥¤¥ó¥Ý¡¼¥È¤µ¤ì¤¿¾ÚÌÀ½ñ¤Ë´ØÏ¢ÉÕ¤±¤é¤ì¤Þ¤¹¡£

¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¤Î¥¤¥ó¥Ý¡¼¥È¤Ë´Ø¤¹¤ëÃí°Õ»ö¹à

½ÅÍ×: ¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¤È¤·¤Æ¾ÚÌÀ½ñ¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ëÁ°¤Ë¡¢¾ÚÌÀ½ñ¤Î ÆâÍƤò¿µ½Å¤ËÄ´¤Ù¤Æ¤¯¤À¤µ¤¤¡£

¤Þ¤º¡¢¾ÚÌÀ½ñ¤ÎÆâÍƤòɽ¼¨¤· ( -printcert ¥µ¥Ö¥³¥Þ¥ó¥É¤ò»ÈÍѤ¹¤ë¤«¡¢¤Þ¤¿¤Ï -noprompt ¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤Ê¤¤¤Ç -import ¥µ¥Ö¥³¥Þ¥ó¥É¤ò»ÈÍÑ)¡¢É½¼¨¤µ¤ì¤¿¾ÚÌÀ½ñ¤Î¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤¬¡¢´üÂÔ¤µ¤ì¤ë¥Õ¥£¥ó ¥¬¡¼¥×¥ê¥ó¥È¤È°ìÃפ¹¤ë¤«¤É¤¦¤«¤ò³Îǧ¤·¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢¤¢¤ë¥æ¡¼¥¶¤«¤é¾ÚÌÀ½ñ ¤¬Á÷¤é¤ì¤Æ¤­¤Æ¡¢¤³¤Î¾ÚÌÀ½ñ¤ò /tmp/cert ¤È¤¤¤¦Ì¾Á°¤Ç¥Õ¥¡¥¤¥ë¤Ë³ÊǼ¤·¤Æ¤¤¤ë¤È¤·¤Þ¤¹¡£¤³¤Î¾ì¹ç¤Ï¡¢¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¤Î ¥ê¥¹¥È¤Ë¤³¤Î¾ÚÌÀ½ñ¤òÄɲ乤ëÁ°¤Ë¡¢ -printcert ¥µ¥Ö¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Æ¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤òɽ¼¨¤Ç¤­¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢¼¡¤Î¤è¤¦¤Ë¤· ¤Þ¤¹¡£ 

example% keytool -printcert -file /tmp/cert
Owner: CN=ll, OU=ll, O=ll, L=ll, S=ll, C=ll
Issuer: CN=ll, OU=ll, O=ll, L=ll, S=ll, C=ll
Serial Number: 59092b34
Valid from: Thu Sep 25 18:01:13 PDT 1997 until: Wed Dec 24 17:01:13 PST 1997
Certificate Fingerprints:
MD5:  11:81:AD:92:C8:E5:0E:A2:01:2E:D4:7A:D7:5F:07:6F
SHA1: 20:B6:17:FA:EF:E5:55:8A:D0:71:1F:E8:D6:9D:C0:37:13:0E:5E:FE

¼¡¤Ë¡¢¾ÚÌÀ½ñ¤òÁ÷¿®¤·¤¿¿Íʪ¤ËÏ¢Íí¤·¡¢¤³¤Î¿Íʪ¤¬Ä󼨤·¤¿¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È ¤È¡¢¾å¤Î¥³¥Þ¥ó¥É¤Çɽ¼¨¤µ¤ì¤¿¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤È¤òÈæ³Ó¤·¤Þ¤¹¡£¥Õ¥£¥ó¥¬¡¼¥× ¥ê¥ó¥È¤¬°ìÃפ¹¤ì¤Ð¡¢Á÷¿®ÅÓÃæ¤Ç¤Û¤«¤Î²¿¼Ô¤« (¹¶·â¼Ô¤Ê¤É) ¤Ë¤è¤ë¾ÚÌÀ½ñ¤Î ¤¹¤êÂؤ¨¤¬¹Ô¤ï¤ì¤Æ¤¤¤Ê¤¤¤³¤È¤ò³Îǧ¤Ç¤­¤Þ¤¹¡£Á÷¿®ÅÓÃæ¤Ç¤³¤Î¼ï¤Î¹¶·â¤¬¹Ô ¤ï¤ì¤Æ¤¤¤¿¾ì¹ç¡¢¥Á¥§¥Ã¥¯¤ò¹Ô¤ï¤º¤Ë¾ÚÌÀ½ñ¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ë¤È¡¢¹¶·â¼Ô¤Ë¤è¤Ã ¤Æ½ð̾¤µ¤ì¤¿¤¹¤Ù¤Æ¤Î¤â¤Î (¹¶·âŪ°Õ¿Þ¤ò»ý¤Ä¥¯¥é¥¹¥Õ¥¡¥¤¥ë¤ò´Þ¤ó¤À JAR ¥Õ ¥¡¥¤¥ë¤Ê¤É) ¤ò¿®Íꤹ¤ë¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£

Ãí: ¾ÚÌÀ½ñ¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ëÁ°¤Ëɬ¤º -printcert ¥µ¥Ö¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¤ï¤±¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£ -import ¥µ¥Ö¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¤È¡¢¥­¡¼¥¹¥È¥¢Æâ¤Î¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¤Î¥ê¥¹¥È¤Ë¾ÚÌÀ½ñ¤ò Äɲ乤ëÁ°¤Ë¡¢¾ÚÌÀ½ñ¤Î¾ðÊó¤¬É½¼¨¤µ¤ì¡¢³Îǧ¤òµá¤á¤ë¥á¥Ã¥»¡¼¥¸¤¬É½¼¨¤µ¤ì ¤Þ¤¹¡£¥¤¥ó¥Ý¡¼¥ÈÁàºî¤Ï¡¢¤³¤Î»þÅÀ¤ÇÃæ»ß¤Ç¤­¤Þ¤¹¡£¤¿¤À¤·¡¢³Îǧ¥á¥Ã¥»¡¼¥¸¤¬É½ ¼¨¤µ¤ì¤ë¤Î¤Ï¡¢ -import ¥µ¥Ö¥³¥Þ¥ó¥É¤ò -noprompt ¥ª¥×¥·¥ç¥ó¤ò»ØÄꤻ¤º¤Ë¼Â¹Ô¤·¤¿¾ì¹ç¤À¤±¤Ç¤¹¡£ -noprompt ¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢¥æ¡¼¥¶¤È¤ÎÂÐÏäϹԤï¤ì¤Þ¤»¤ó¡£

 

¾ÚÌÀ½ñ¤Î¥¨¥¯¥¹¥Ý¡¼¥È

¾ÚÌÀ½ñ¤ò¥Õ¥¡¥¤¥ë¤Ë¥¨¥¯¥¹¥Ý¡¼¥È¤¹¤ë¤Ë¤Ï¡¢ -export ¥µ¥Ö¥³¥Þ¥ó¥É¤ò»È¤¤¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢¼¡¤Î¤è¤¦¤Ë¤·¤Þ¤¹¡£ 

example% keytool -export -alias jane -file janecertfile.cer

¤³¤ÎÎã¤Ï¡¢ jane ¤Î¾ÚÌÀ½ñ¤ò¥Õ¥¡¥¤¥ë janecertfile.cer ¤Ë¥¨¥¯¥¹¥Ý¡¼¥È¤·¤Þ¤¹¡£ jane ¤¬¸°¥¨¥ó¥È¥ê¤ÎÊÌ̾¤Ç¤¢¤ë¾ì¹ç¤Ï¡¢»ØÄꤵ¤ì¤¿¥­¡¼¥¹¥È¥¢¥¨¥ó¥È¥ê¤Î¾ÚÌÀÏ¢º¿¤Î ºÇ¸å¤Î¾ÚÌÀ½ñ¤ò¥¨¥¯¥¹¥Ý¡¼¥È¤·¤Þ¤¹¡£¤³¤Î¾ÚÌÀ½ñ¤Ï¡¢ jane ¤Î¸ø³«¸°¤òǧ¾Ú¤¹¤ë¾ÚÌÀ½ñ¤Ç¤¹¡£

°ìÊý¡¢ jane ¤¬¡¢¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¤Î¥¨¥ó¥È¥ê¤ÎÊÌ̾¤Ç¤¢¤ë¾ì¹ç¤Ï¡¢³ºÅö¤¹¤ë¿®Íê¤Ç¤­¤ë ¾ÚÌÀ½ñ¤¬¥¨¥¯¥¹¥Ý¡¼¥È¤µ¤ì¤Þ¤¹¡£

 

¾ÚÌÀ½ñ¤Îɽ¼¨

¥­¡¼¥¹¥È¥¢¥¨¥ó¥È¥ê¤ÎÆâÍƤòɽ¼¨¤¹¤ë¤Ë¤Ï¡¢ -list ¥µ¥Ö¥³¥Þ¥ó¥É¤ò»È¤¤¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢¼¡¤Î¤è¤¦¤Ë¤·¤Þ¤¹¡£ 

example% keytool -list -alias joe

¼¡¤Ï¡¢ÊÌ̾¤ò»ØÄꤷ¤Ê¤¤Îã¤Ç¤¹¡£ 

example% keytool -list

ÊÌ̾¤ò»ØÄꤷ¤Ê¤¤¾ì¹ç¤Ï¡¢¥­¡¼¥¹¥È¥¢Á´ÂΤÎÆâÍƤ¬É½¼¨¤µ¤ì¤Þ¤¹¡£

¥Õ¥¡¥¤¥ë¤Ë³ÊǼ¤µ¤ì¤Æ¤¤¤ë¾ÚÌÀ½ñ¤ÎÆâÍƤòɽ¼¨¤¹¤ë¤Ë¤Ï¡¢ -printcert ¥µ¥Ö¥³¥Þ¥ó¥É¤ò»È¤¤¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢¼¡¤Î¤è¤¦¤Ë¤·¤Þ¤¹¡£ 

example% keytool -printcert -file certfile.cer

¤³¤ÎÎã¤Ç¤Ï¡¢¥Õ¥¡¥¤¥ë certfile.cer ¤Ë³ÊǼ¤µ¤ì¤Æ¤¤¤ë¾ÚÌÀ½ñ¤Î¾ðÊó¤¬É½¼¨¤µ¤ì¤Þ¤¹¡£

Ãí: ¤³¤Î¥³¥Þ¥ó¥É¤Ï¡¢¥­¡¼¥¹¥È¥¢¤È¤Ï´Ø·¸¤Ê¤¯Æ°ºî¤·¤Þ¤¹¡£¤Ä¤Þ¤ê¡¢¥­¡¼¥¹¥È¥¢¤¬ ¤Ê¤¤¾ì¹ç¤Ç¤â¡¢¥Õ¥¡¥¤¥ë¤Ë³ÊǼ¤µ¤ì¤¿¾ÚÌÀ½ñ¤òɽ¼¨¤Ç¤­¤Þ¤¹¡£

 

¼«¸Ê½ð̾¾ÚÌÀ½ñ¤ÎÀ¸À®

¡Ö¼«¸Ê½ð̾¾ÚÌÀ½ñ¡×¤È¤Ï¡¢È¯¹Ô¼Ô (½ð̾¼Ô) ¤È¼çÂÎ (¾ÚÌÀ½ñ¤Ë¤è¤Ã¤Æǧ¾Ú¤µ¤ì¤ë ¸ø³«¸°¤ò½êÍ­¤·¤Æ¤¤¤ë¥¨¥ó¥Æ¥£¥Æ¥£) ¤È¤¬Æ±°ì¤Î¾ÚÌÀ½ñ¤Î¤³¤È¤Ç¤¹¡£ -genkey ¥µ¥Ö¥³¥Þ¥ó¥É¤ò¸Æ¤Ó½Ð¤·¤Æ¿·¤·¤¤¸ø³«¸°¤ÈÈó¸ø³«¸°¤Î¥Ú¥¢¤òºîÀ®¤¹¤ë¤È¡¢¸ø³«¸°¤Ï ¾ï¤Ë¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Ç¥é¥Ã¥×¤µ¤ì¤Þ¤¹¡£

¾ì¹ç¤Ë¤è¤Ã¤Æ¤Ï¡¢¿·¤·¤¤¼«¸Ê½ð̾¾ÚÌÀ½ñ¤òºîÀ®¤·¤¿¤¤¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£ ¤¿¤È¤¨¤Ð¡¢Æ±¤¸¸°¤Î¥Ú¥¢¤òÊ̤Υ¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£ (¼±ÊÌ̾) ¤Ç»È¤¤¤¿¤¤¾ì¹ç¤Ê¤É ¤Ç¤¹¡£Îã¤È¤·¤Æ¡¢½ê°Éô²Ý¤¬Êѹ¹¤Ë¤Ê¤Ã¤¿¤È¤·¤Þ¤¹¡£¤³¤Î¾ì¹ç¤Ï¡¢¼¡¤Î¤è¤¦¤Ë¤· ¤Þ¤¹¡£

1.
¸µ¤Î¸°¥¨¥ó¥È¥ê¤ò¥³¥Ô¡¼ (Ê£À½) ¤¹¤ë ( -keyclone ¤ò»²¾È)
2.
¿·¤·¤¤¼±ÊÌ̾¤ò»È¤Ã¤Æ¡¢Ê£À½¤·¤¿¥¨¥ó¥È¥ê¤Î¿·¤·¤¤¼«¸Ê½ð̾¾ÚÌÀ½ñ¤ò À¸À®¤¹¤ë (°Ê²¼¤ò»²¾È)
3.
Ê£À½¤·¤¿¥¨¥ó¥È¥ê¤Î¾ÚÌÀ½ñ½ð̾Í×µá¤òÀ¸À®¤·¡¢±þÅú¤È¤·¤ÆÁ÷¤é¤ì¤Æ¤­¤¿¾ÚÌÀ½ñ ¤Þ¤¿¤Ï¾ÚÌÀÏ¢º¿¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ë ( -certreq ¥µ¥Ö¥³¥Þ¥ó¥É¤È -import ¥µ¥Ö¥³¥Þ¥ó¥É¤ò»²¾È)
4.
¸µ¤Î (ÉÔÍפˤʤä¿) ¥¨¥ó¥È¥ê¤òºï½ü¤¹¤ë ( -delete ¥³¥Þ¥ó¥É¤ò»²¾È)

¼«¸Ê½ð̾¾ÚÌÀ½ñ¤òÀ¸À®¤¹¤ë¤Ë¤Ï¡¢ -selfcert ¥µ¥Ö¥³¥Þ¥ó¥É¤ò»È¤¤¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢¼¡¤Î¤è¤¦¤Ë¤·¤Þ¤¹¡£ 

example% keytool -selfcert -alias dukeNew -keypass b92kqmp
-dname "cn=Duke Smith, ou=Purchasing, o=BlueSoft, c=US"

À¸À®¤µ¤ì¤¿¾ÚÌÀ½ñ¤Ï¡¢»ØÄꤷ¤¿ÊÌ̾ (¤³¤ÎÎã¤Ç¤Ï dukeNew) ¤Ë¤è¤Ã¤Æ ÆÃÄꤵ¤ì¤ë¥­¡¼¥¹¥È¥¢¥¨¥ó¥È¥ê¤Ë¡¢Í×ÁǤò 1 ¤Ä¤À¤±»ý¤Ä¾ÚÌÀÏ¢º¿¤È¤·¤Æ³ÊǼ¤µ¤ì ¤Þ¤¹¡£³ºÅö¤¹¤ë¥­¡¼¥¹¥È¥¢¥¨¥ó¥È¥ê¤Î´û¸¤Î¾ÚÌÀÏ¢º¿¤Ï¡¢¿·¤·¤¤¾ÚÌÀÏ¢º¿¤Ë¤è¤Ã¤Æ ÃÖ¤­´¹¤¨¤é¤ì¤Þ¤¹¡£

 

»ÈÍÑÊýË¡

°Ê²¼¤Ç¤Ï¡¢¥µ¥Ö¥³¥Þ¥ó¥É¤È¤½¤Î¥ª¥×¥·¥ç¥ó¤Ë¤Ä¤¤¤ÆÀâÌÀ¤·¤Þ¤¹¡£¥³¥Þ¥ó¥É¤È¥ª¥×¥·¥ç¥ó¤ò»ØÄꤹ¤ë¤È¤­¤Ï¡¢¼¡¤ÎÅÀ¤ËÃí°Õ¤·¤Æ¤¯¤À¤µ¤¤¡£

*
¤É¤Î¥³¥Þ¥ó¥É̾¤ª¤è¤Ó¥ª¥×¥·¥ç¥ó̾¤Ë¤âÀèƬ¤Ë¥Þ¥¤¥Ê¥¹µ­¹æ (-) ¤¬ÉÕ¤¯
*
³Æ¥³¥Þ¥ó¥É¤Î¥ª¥×¥·¥ç¥ó¤ÏǤ°Õ¤Î½ç½ø¤Ç»ØÄê¤Ç¤­¤ë

*
¥¤¥¿¥ê¥Ã¥¯ÂΤˤʤäƤ¤¤Ê¤¤¤¹¤Ù¤Æ¤Î¹àÌÜ¡¢¤Þ¤¿¤ÏÃæ³ç¸Ì¤«³Ñ³ç¸Ì¤Ç °Ï¤Þ¤ì¤Æ¤¤¤ë¤¹¤Ù¤Æ¤Î¹àÌܤϡ¢¤½¤Î¤È¤ª¤ê¤Ë»ØÄꤹ¤ëɬÍפ¬¤¢¤ë
*
¥ª¥×¥·¥ç¥ó¤ò°Ï¤àÃæ³ç¸Ì¤Ï¡¢°ìÈ̤ˡ¢¤½¤Î¥ª¥×¥·¥ç¥ó¤ò¥³¥Þ¥ó¥É¹Ô¤Ç»ØÄê ¤·¤Ê¤«¤Ã¤¿¾ì¹ç¤Ë¡¢´ûÄêÃͤ¬»È¤ï¤ì¤ë¤³¤È¤ò°ÕÌ£¤¹¤ë¡£Ãæ³ç¸Ì¤Ï¡¢ -v ¡¢ -rfc ¡¢¤ª¤è¤Ó -J ¥ª¥×¥·¥ç¥ó¤ò°Ï¤à¤Î¤Ë¤â»È¤ï¤ì¤ë¤¬¡¢¤³¤ì¤é¤Î¥ª¥×¥·¥ç¥ó¤Ï¥³¥Þ¥ó¥É¹Ô¤Ç»ØÄê ¤µ¤ì¤¿¾ì¹ç¤Ë¤Î¤ß°ÕÌ£¤ò»ý¤Ä (¤Ä¤Þ¤ê¡¢¤³¤ì¤é¤Î¥ª¥×¥·¥ç¥ó¤Ë¤Ï¡¢¥ª¥×¥·¥ç¥ó ¼«ÂΤò»ØÄꤷ¤Ê¤¤¤³¤È°Ê³°¤Ë¡Ö´ûÄêÃ͡פϸºß¤·¤Ê¤¤)
*
¥ª¥×¥·¥ç¥ó¤ò°Ï¤à³Ñ³ç¸Ì¤Ï¡¢¤½¤Î¥ª¥×¥·¥ç¥ó¤ò¥³¥Þ¥ó¥É¹Ô¤Ç»ØÄꤷ¤Ê¤«¤Ã¤¿ ¾ì¹ç¤Ë¡¢ÃͤÎÆþÎϤòµá¤á¤é¤ì¤ë¤³¤È¤ò°ÕÌ£¤¹¤ë¡£¤¿¤À¤·¡¢ -keypass ¥ª¥×¥·¥ç¥ó¤ò¥³¥Þ¥ó¥É¹Ô¤Ç»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï¡¢ keytool ¤¬¥­¡¼¥¹¥È¥¢¤Î¥Ñ¥¹¥ï¡¼¥É¤«¤éÈó¸ø³«¸°¤ÎÉü¸µ¤ò»î¤ß¤ë¡£¥æ¡¼¥¶¤Ï¡¢¤³¤Î»î¤ß¤¬ ¼ºÇÔ¤·¤¿¾ì¹ç¤ËÈó¸ø³«¸°¤ÎÆþÎϤòµá¤á¤é¤ì¤ë
*
¥¤¥¿¥ê¥Ã¥¯ÂΤιàÌܤμºݤÎÃÍ (¥ª¥×¥·¥ç¥ó¤ÎÃÍ) ¤Ï¡¢¥æ¡¼¥¶¤¬»ØÄꤹ¤ëɬÍ× ¤¬¤¢¤ë¡£¤¿¤È¤¨¤Ð¡¢ -printcert ¥µ¥Ö¥³¥Þ¥ó¥É¤Î·Á¼°¤Ï¼¡¤Î¤È¤ª¤ê¤Ç¤¢¤ë 

example% keytool -printcert {-file cert_file} {-v}

-printcert ¥µ¥Ö¥³¥Þ¥ó¥É¤ò»ØÄꤹ¤ë¤È¤­¤Ï¡¢ cert_file ¤ÎÂå¤ï¤ê¤Ë¼ÂºÝ¤Î¥Õ¥¡¥¤¥ë̾¤ò»ØÄꤹ¤ë¡£¼¡¤ËÎã¤ò¼¨¤¹ 

example% keytool -printcert -file VScert.cer

*
¥ª¥×¥·¥ç¥ó¤ÎÃͤ˶õÇò (¥¹¥Ú¡¼¥¹) ¤¬´Þ¤Þ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ï¡¢Ãͤò°úÍÑÉä¤Ç °Ï¤àɬÍפ¬¤¢¤ë

*
-help ¥µ¥Ö¥³¥Þ¥ó¥É¤Ï¥Ç¥Õ¥©¥ë¥È¤Î¥³¥Þ¥ó¥É¤Ç¤¢¤ë¡£¤¿¤È¤¨¤Ð¡¢¼¡¤Î¤è¤¦¤Ë¥³¥Þ¥ó¥É¹Ô¤ò »ØÄꤷ¤¿¤È¤¹¤ë 

example% keytool

¤³¤ì¤Ï¡¢¼¡¤Î¤è¤¦¤Ë»ØÄꤹ¤ë¤³¤È¤ÈƱ¤¸¤Ç¤¢¤ë 

example% keytool -help

 

¥ª¥×¥·¥ç¥ó¤Î´ûÄêÃÍ

¥ª¥×¥·¥ç¥ó¤Î´ûÄêÃͤϡ¢¼¡¤Î¤È¤ª¤ê¤Ç¤¹¡£ 

-alias "mykey"
-keyalg "DSA"
-keysize 1024
-validity 90
-keystore ¥æ¡¼¥¶¤Î¥Û¡¼¥à¥Ç¥£¥ì¥¯¥È¥ê¤Î .keystore ¤È¤¤¤¦¥Õ¥¡¥¤¥ë
-file Æɤ߹þ¤ß¤Î¾ì¹ç¤Ïɸ½àÆþÎÏ¡¢½ñ¤­¹þ¤ß¤Î¾ì¹ç¤Ïɸ½à½ÐÎÏ

½ð̾¥¢¥ë¥´¥ê¥º¥à ( -sigalg ¥ª¥×¥·¥ç¥ó) ¤Ï¡¢´ð¤Ë¤Ê¤ëÈó¸ø³«¸°¤Î¥¢¥ë¥´¥ê¥º¥à¤«¤éÇÉÀ¸¤·¤Þ¤¹¡£´ð¤Ë¤Ê¤ë Èó¸ø³«¸°¤Î¥¿¥¤¥×¤¬ DSA ¤Ç¤¢¤ê¡¢ -sigalg Èó¸ø³«¸°¤Î¥¿¥¤¥×¤¬ RSA ¤Ç¤¢¤ë¾ì¹ç¡¢ -sigalg ¤Ï´ûÄêÃÍ¤Ç MD5withRSA ¤Ë¤Ê¤ê¤Þ¤¹¡£

 

¤Û¤È¤ó¤É¤Î¥µ¥Ö¥³¥Þ¥ó¥É¤Ç»È¤ï¤ì¤ë¥ª¥×¥·¥ç¥ó

-v ¥ª¥×¥·¥ç¥ó¤Ï¡¢ -help ¤ò½ü¤¯¤¹¤Ù¤Æ¤Î¥µ¥Ö¥³¥Þ¥ó¥É¤Ç»ÈÍѤǤ­¤Þ¤¹¡£¤³¤Î¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤¿¾ì¹ç¡¢¥³¥Þ¥ó¥É¤Ï¡Ö¾éĹ¡×¥â¡¼¥É¤Ç¼Â¹Ô¤µ¤ì¡¢¾ÜºÙ¤Ê¾ÚÌÀ½ñ¾ðÊ󤬽ÐÎϤµ¤ì¤Þ¤¹¡£

¤Þ¤¿¡¢ -Jjavaoption ¥ª¥×¥·¥ç¥ó¤â¡¢Ç¤°Õ¤Î¥µ¥Ö¥³¥Þ¥ó¥É¤Ç»ÈÍѤǤ­¤Þ¤¹¡£¤³¤Î¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤¿¾ì¹ç¡¢»ØÄꤵ¤ì¤¿ -javaoption ʸ»úÎó¤¬ Java ¥¤¥ó¥¿¥×¥ê¥¿¤ËľÀÜÅϤµ¤ì¤Þ¤¹¡£ keytool ¤Ï¡¢¼ÂºÝ¤Ë¤Ï Java ¥¤¥ó¥¿¥×¥ê¥¿¤ËÂФ¹¤ë¡Ö¥é¥Ã¥Ñ¡¼¡×¤Ç¤¹¡£¤³¤Î¥ª¥×¥·¥ç¥ó¤Ë¤Ï¡¢¶õÇò¤ò´Þ¤á¤ë¤³¤È¤Ï¤Ç¤­¤Þ¤»¤ó¡£¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¡¢¼Â¹Ô´Ä¶­¤Þ¤¿¤Ï¥á¥â¥ê»ÈÍѤòÄ´À°¤¹¤ë¾ì¹ç¤ËÊØÍø¤Ç¤¹¡£»ØÄê¤Ç¤­¤ë¥¤¥ó¥¿¥×¥ê¥¿¥ª¥×¥·¥ç¥ó¤ò°ìÍ÷ɽ¼¨¤¹¤ë¤Ë¤Ï¡¢¥³¥Þ¥ó¥É¹Ô¤Ç java -h ¤Þ¤¿¤Ï java -X ¤ÈÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£

¼¡¤Î 3 ¤Ä¤Î¥ª¥×¥·¥ç¥ó¤Ï¡¢¥­¡¼¥¹¥È¥¢¤ËÂФ¹¤ëÁàºî¤ò¹Ô¤¦¤¹¤Ù¤Æ¤Î¥³¥Þ¥ó¥É¤Ç»Ø Äê¤Ç¤­¤Þ¤¹¡£

-storetype storetype
¤³¤Î½¤¾þ»Ò¤Ï¡¢¥¤¥ó¥¹¥¿¥ó¥¹¤òÀ¸À®¤¹¤ë¥­¡¼¥¹¥È¥¢¤Î¥¿¥¤¥×¤ò»ØÄꤷ¤Þ¤¹¡£¥Ç¥Õ¥© ¥ë¥È¤Î¥­¡¼¥¹¥È¥¢¥¿¥¤¥×¤Ï¡¢¥»¥­¥å¥ê¥Æ¥£¥×¥í¥Ñ¥Æ¥£¥Õ¥¡¥¤¥ëÆâ¤Î keystore.type ¥× ¥í¥Ñ¥Æ¥£¤ÎÃͤǻØÄꤵ¤ì¤¿¥¿¥¤¥×¤Ç¤¹¡£¤³¤ÎÃͤϡ¢ java.security.KeyStore ¤Î static getDefaultType ¥á¥½¥Ã¥É¤Ç¼èÆÀ¤Ç¤­¤Þ¤¹¡£
-keystore keystore
¥­¡¼¥¹¥È¥¢ (¥Ç¡¼¥¿¥Ù¡¼¥¹¥Õ¥¡¥¤¥ë) ¤Î¾ì½ê¤ò»ØÄꤷ¤Þ¤¹¡£¥Ç¥Õ¥©¥ë¥È¤Ï¡¢¥æ¡¼¥¶ ¤Î¥Û¡¼¥à¥Ç¥£¥ì¥¯¥È¥êÆâ¤Î¥Õ¥¡¥¤¥ë .keystore ¤Ç¤¹¡£¥æ¡¼¥¶¤Î¥Û¡¼¥à¥Ç¥£¥ì¥¯¥È¥ê¤Ï¡¢ user.home ¥·¥¹¥Æ¥à¥×¥í¥Ñ¥Æ¥£¤Ë¤è¤Ã¤Æ·è¤Þ¤ê¤Þ¤¹¡£
-storepass storepass
¥­¡¼¥¹¥È¥¢¤Î´°Á´À­¤òÊݸ¤ë¤¿¤á¤Ë»È¤¦¥Ñ¥¹¥ï¡¼¥É¤ò»ØÄꤷ¤Þ¤¹¡£ storepass ¤Ï¡¢6 ʸ»ú°Ê¾å¤Ç¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£»ØÄꤷ¤¿¥Ñ¥¹¥ï¡¼¥É¤Ï¡¢¥­¡¼¥¹¥È¥¢¤ÎÆâ ÍƤ˥¢¥¯¥»¥¹¤¹¤ë¤¹¤Ù¤Æ¤Î¥µ¥Ö¥³¥Þ¥ó¥É¤Ç»È¤ï¤ì¤Þ¤¹¡£¤³¤Î¼ï¤Î¥µ¥Ö¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë ¤È¤­¤Ë¡¢¥³¥Þ¥ó¥É¹Ô¤Ç -storepass ¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï¡¢¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£
-provider provider_class_name
¥µ¡¼¥Ó¥¹¥×¥í¥Ð¥¤¥À¤¬¥»¥­¥å¥ê¥Æ¥£¥×¥í¥Ñ¥Æ¥£¥Õ¥¡¥¤¥ë¤Î¥ê¥¹¥È¤ËÆþ¤Ã¤Æ¤¤¤Ê¤¤¤È¤­¤Ë¡¢ °Å¹æ²½¥µ¡¼¥Ó¥¹¥×¥í¥Ð¥¤¥À¤Î¥Þ¥¹¥¿¡¼¥¯¥é¥¹¥Õ¥¡¥¤¥ë¤Î̾Á°¤ò»ØÄꤷ¤Þ¤¹¡£

¥­¡¼¥¹¥È¥¢¤«¤é¾ðÊó¤ò¼è¤ê½Ð¤¹¾ì¹ç¤Ï¡¢¥Ñ¥¹¥ï¡¼¥É¤ò¾Êά¤Ç¤­¤Þ¤¹¡£ ¥Ñ¥¹¥ï¡¼¥É¤ò¾Êά¤¹¤ë¤È¡¢¼è¤ê½Ð¤¹¾ðÊó¤Î´°Á´À­¤ò¥Á¥§¥Ã¥¯¤Ç¤­¤Ê¤¤¤Î ¤Ç¡¢·Ù¹ð¤¬É½¼¨¤µ¤ì¤Þ¤¹¡£

¥Ñ¥¹¥ï¡¼¥É¤Î°·¤¤¤Ë¤Ï½½Ê¬Ãí°Õ¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¡Ö ¥Ñ¥¹¥ï¡¼¥É¤Ë´Ø¤¹¤ëÃí°Õ»ö¹à ¡×¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£

 

¥Ñ¥¹¥ï¡¼¥É¤Ë´Ø¤¹¤ëÃí°Õ»ö¹à

¥­¡¼¥¹¥È¥¢¤ËÂФ¹¤ëÁàºî¤ò¹Ô¤¦¤Û¤È¤ó¤É¤Î¥µ¥Ö¥³¥Þ¥ó¥É¤Ç¤Ï¡¢¥¹¥È¥¢¤Î¥Ñ¥¹¥ï¡¼¥É¤¬ ɬÍפǤ¹¡£¤Þ¤¿¡¢°ìÉô¤Î¥µ¥Ö¥³¥Þ¥ó¥É¤Ç¤Ï¡¢Èó¸ø³«¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤¬É¬Í×¤Ë¤Ê¤ë ¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£

¥Ñ¥¹¥ï¡¼¥É¤Ï¥³¥Þ¥ó¥É¹Ô¤Ç»ØÄê¤Ç¤­¤Þ¤¹ (¥¹¥È¥¢¤Î¥Ñ¥¹¥ï¡¼¥É¤Ë¤Ï -storepass ¥ª¥×¥·¥ç¥ó¡¢Èó¸ø³«¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤Ë¤Ï -keypass ¥ª¥×¥·¥ç¥ó¤ò»ÈÍÑ)¡£¤¿¤À¤·¡¢¥Æ¥¹¥È¤òÌÜŪ¤È¤¹¤ë¾ì¹ç¡¢¤Þ¤¿¤Ï°ÂÁ´¤Ç¤¢¤ë¤³¤È¤¬ ¤ï¤«¤Ã¤Æ¤¤¤ë¥·¥¹¥Æ¥à¤Ç¼Â¹Ô¤¹¤ë¾ì¹ç°Ê³°¤Ï¡¢¥³¥Þ¥ó¥É¹Ô¤ä¥¹¥¯¥ê¥×¥È¤Ç¥Ñ¥¹¥ï ¡¼¥É¤ò»ØÄꤷ¤Ê¤¤¤Ç¤¯¤À¤µ¤¤¡£

ɬÍפʥѥ¹¥ï¡¼¥É¤Î¥ª¥×¥·¥ç¥ó¤ò¥³¥Þ¥ó¥É¹Ô¤Ç»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï¡¢ ¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£password ¥×¥í¥ó¥×¥È¤Ç¥Ñ¥¹¥ï¡¼¥É¤òÆþÎÏ ¤¹¤ë¤È¡¢ÆþÎϤ·¤¿¥Ñ¥¹¥ï¡¼¥É¤¬¥¨¥³¡¼¤µ¤ì¡¢¤½¤Î¤Þ¤Þ²èÌ̤Ëɽ¼¨¤µ¤ì¤Þ¤¹¡£¤³ ¤Î¤¿¤á¡¢¼þ°Ï¤Ë¤Û¤«¤Î¥æ¡¼¥¶¤¬¤¤¤ë¾ì¹ç¤Ï¡¢¥Ñ¥¹¥ï¡¼¥É¤ò¸«¤é¤ì¤Ê¤¤¤è¤¦¤Ë Ãí°Õ¤·¤Æ¤¯¤À¤µ¤¤¡£

 

¥µ¥Ö¥³¥Þ¥ó¥É

»ÈÍÑÊýË¡¤â»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£

 

¥­¡¼¥¹¥È¥¢¤Ø¤Î¥Ç¡¼¥¿¤ÎÄɲÃ

-genkey {-alias alias} {-keyalg keyalg} {-keysize keysize}

      {-sigalg sigalg} [-dname dname] [-keypass keypass]
      {-validity valDays} {-storetype storetype}
      {-keystore keystore} [-storepass storepass]
      [-provider provider_class_name] {-v}
      {-Jjavaoption}

¸°¤Î¥Ú¥¢ (¸ø³«¸°¤ª¤è¤Ó´ØÏ¢¤¹¤ëÈó¸ø³«¸°) ¤òÀ¸À®¤·¤Þ¤¹¡£¸ø³«¸°¤Ï X.509 v1 ¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Ç¥é¥Ã¥×¤µ¤ì¤Þ¤¹¡£¾ÚÌÀ½ñ¤Ï¡¢Ã±°ì¤ÎÍ×ÁǤò»ý¤Ä ¾ÚÌÀÏ¢º¿¤È¤·¤Æ³ÊǼ¤µ¤ì¤Þ¤¹¡£¤³¤Î¾ÚÌÀÏ¢º¿¤ÈÈó¸ø³«¸°¤Ï¡¢ alias ¤ÇÆÃÄꤵ¤ì¤ë¿·¤·¤¤¥­¡¼¥¹¥È¥¢¥¨¥ó¥È¥ê¤Ë³ÊǼ¤µ¤ì¤Þ¤¹¡£

keyalg ¤Ë¤Ï¡¢¸°¤Î¥Ú¥¢¤òÀ¸À®¤¹¤ë¤Î¤Ë»È¤¦¥¢¥ë¥´¥ê¥º¥à¤ò»ØÄꤷ¡¢ keysize ¤Ë¤Ï¡¢À¸À®¤¹¤ë³Æ¸°¤Î¥µ¥¤¥º¤ò»ØÄꤷ¤Þ¤¹¡£ sigalg ¤Ë¤Ï¡¢¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Ë½ð̾¤òÉÕ¤±¤ë¤È¤­¤Ë»È¤¦¥¢¥ë¥´¥ê¥º¥à¤ò»ØÄꤷ¤Þ¤¹¡£ ¤³¤Î¥¢¥ë¥´¥ê¥º¥à¤Ï¡¢keyalg ¤È¸ß´¹À­¤Î¤¢¤ë¤â¤Î¤Ç¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£¡Ö¥µ¥Ý¡¼ ¥È¤µ¤ì¤ë¥¢¥ë¥´¥ê¥º¥à¤È¸°¤Î¥µ¥¤¥º¡×¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£

dname ¤Ë¤Ï¡¢ alias ¤Ë´ØÏ¢ÉÕ¤±¡¢¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Î issuer ¥Õ¥£¡¼¥ë¥É¤È subject ¥Õ¥£¡¼¥ë¥É¤È¤·¤Æ »È¤¦ X.500 ¼±ÊÌ̾¤ò»ØÄꤷ¤Þ¤¹¡£¥³¥Þ¥ó¥É¹Ô¤Ç¼±ÊÌ̾¤ò»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï ¡¢¼±ÊÌ̾¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£

keypass ¤Ë¤Ï¡¢À¸À®¤µ¤ì¤ë¸°¤Î¥Ú¥¢¤Î¤¦¤Á¡¢Èó¸ø³«¸°¤òÊݸ¤ë¤Î¤Ë»È¤¦¥Ñ¥¹¥ï¡¼¥É¤ò »ØÄꤷ¤Þ¤¹¡£¥Ñ¥¹¥ï¡¼¥É¤ò»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï¡¢¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì ¤Þ¤¹¡£¤³¤Î¤È¤­¡¢Enter ¥­¡¼¤ò²¡¤¹¤È¡¢¥­¡¼¥¹¥È¥¢¤Î¥Ñ¥¹¥ï¡¼¥É¤ÈƱ¤¸¥Ñ¥¹¥ï¡¼¥É¤¬ ¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤ËÀßÄꤵ¤ì¤Þ¤¹¡£ keypass ¤Ï¡¢6 ʸ»ú°Ê¾å¤Ç¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£¥Ñ¥¹¥ï¡¼¥É¤Î°·¤¤¤Ë¤Ï½½Ê¬Ãí°Õ¤¹¤ë ɬÍפ¬¤¢¤ê¤Þ¤¹¡£¡Ö ¥Ñ¥¹¥ï¡¼¥É¤Ë´Ø¤¹¤ëÃí°Õ»ö¹à ¡×¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£

valDays ¤Ë¤Ï¡¢¾ÚÌÀ½ñ¤ÎÍ­¸úÆü¿ô¤ò»ØÄꤷ¤Þ¤¹¡£

-import {-alias alias} {-file cert_file} [-keypass keypass]

      {-noprompt} {-trustcacerts} {-storetype storetype}
      {-keystore keystore} [-storepass storepass]
      [-provider provider_class_name]
      {-v} {-Jjavaoption}

¥Õ¥¡¥¤¥ë cert_file ¤«¤é¾ÚÌÀ½ñ¤Þ¤¿¤Ï¾ÚÌÀÏ¢º¿ (¾ÚÌÀÏ¢º¿¤Î¾ì¹ç¤Ï¡¢PKCS#7 ·Á¼°¤Î±þÅú¤ÇÄ󶡤µ¤ì¤ë¤â¤Î) ¤òÆɤ߹þ¤ß¡¢ alias ¤Ë¤è¤Ã¤ÆÆÃÄꤵ¤ì¤ë¥­¡¼¥¹¥È¥¢¥¨¥ó¥È¥ê¤Ë³ÊǼ¤·¤Þ¤¹¡£¾ÚÌÀ½ñ¤Þ¤¿¤Ï PKCS#7 ±þÅú¤òɸ½àÆþÎϤ«¤é Æɤ߹þ¤ß¤Þ¤¹¡£ keytool ¤Ç¤Ï¡¢X.509 v1¡¢v2¡¢v3 ¤Î¾ÚÌÀ½ñ¡¢¤ª¤è¤Ó¡¢PKCS#7 ·Á¼°¤Î¾ÚÌÀ½ñ¤«¤é¹½À® ¤µ¤ì¤Æ¤¤¤ë PKCS#7 ·Á¼°¤Î¾ÚÌÀÏ¢º¿¤ò¥¤¥ó¥Ý¡¼¥È¤Ç¤­¤Þ¤¹¡£¥¤¥ó¥Ý¡¼¥È¤¹¤ë¥Ç¡¼ ¥¿¤Ï¡¢¥Ð¥¤¥Ê¥ê¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°Êý¼°¡¢¤Þ¤¿¤Ï¥×¥ê¥ó¥È²Äǽ¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°Êý¼° (Base64 ¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°¤È¤â¸Æ¤Ð¤ì¤ë) ¤Î¤É¤Á¤é¤«¤ÇÄ󶡤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£ ¥×¥ê¥ó¥È²Äǽ¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°Êý¼°¤Ï¡¢¥¤¥ó¥¿¡¼¥Í¥Ã¥È RFC 1421 ¾ÚÌÀ½ñ¥¨¥ó¥³¡¼ ¥Ç¥£¥ó¥°µ¬³Ê¤ÇÄêµÁ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£¤³¤Î¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°Êý¼°¤Î¾ì¹ç¡¢¾ÚÌÀ½ñ¤Ï ¡Ö-----BEGIN¡×¤Ç»Ï¤Þ¤ëʸ»úÎó¤Ç³«»Ï¤µ¤ì¡¢¡Ö-----END¡×¤Ç»Ï¤Þ¤ëʸ»úÎó¤Ç½ªÎ»¤·¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£

¿·¤·¤¯¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ë¾ì¹ç¡¢¥­¡¼¥¹¥È¥¢¤Ë alias ¤¬Â¸ºß¤·¤Æ¤¤¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¡£ keytool ¤Ï¡¢¥­¡¼¥¹¥È¥¢¤Ë¾ÚÌÀ½ñ¤òÄɲ乤ëÁ°¤Ë¡¢¥­¡¼¥¹¥È¥¢Æâ¤Ë¤¹¤Ç¤Ë¸ºß¤¹¤ë¿®Íê ¤Ç¤­¤ë¾ÚÌÀ½ñ¤ò»È¤Ã¤Æ¡¢¥¤¥ó¥Ý¡¼¥È¤¹¤ë¾ÚÌÀ½ñ¤«¤é (¥ë¡¼¥È CA ¤Î) ¼«¸Ê½ð̾¾Ú ÌÀ½ñ¤Ë»ê¤ë¤Þ¤Ç¤Î¿®Íê¤ÎÏ¢º¿¤Î¹½ÃÛ¤ò»î¤ß¤Þ¤¹¡£

-trustcacerts ¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ï¡¢¿®Íê¤ÎÏ¢º¿¤ò¹½ÃÛ¤¹¤ë¤È¤­¤Ë¡¢¤Û¤«¤Î ¾ÚÌÀ½ñ¤â¹Í褵¤ì¤Þ¤¹¡£¹Íθ¤ÎÂоݤȤʤë¾ÚÌÀ½ñ¤Ï¡¢ cacerts ¤È¤¤¤¦Ì¾Á°¤Î¥Õ¥¡¥¤¥ë¤Ë´Þ¤Þ¤ì¤ë¾ÚÌÀ½ñ¤Ç¤¹¡£¤³¤Î¥Õ¥¡¥¤¥ë¤Ï¡¢JDK ¥»¥­¥å¥ê¥Æ¥£¥×¥í¥Ñ¥Æ¥£¥Ç¥£¥ì¥¯¥È¥ê java.home/lib/security ¤Ë¤¢¤ê¤Þ¤¹¡£java.home ¤Ï¡¢JDK ¤Î¥¤¥ó¥¹¥È¡¼¥ëÀè¥Ç¥£¥ì¥¯¥È¥ê¤Ç¤¹¡£ cacerts ¥Õ¥¡¥¤¥ë¤Ï¡¢CA ¤Î¾ÚÌÀ½ñ¤ò´Þ¤à¡¢¥·¥¹¥Æ¥àÁ´ÂΤΥ­¡¼¥¹¥È¥¢¤Ç¤¹¡£¥·¥¹¥Æ¥à ´ÉÍý¼Ô¤Ï¡¢¥­¡¼¥¹¥È¥¢¥¿¥¤¥×¤Ë jks ¤ò»ØÄꤹ¤ë¤³¤È¤Ç¡¢ keytool ¤ò»È¤Ã¤Æ¤³¤Î¥Õ¥¡¥¤¥ë¤Î¹½À®¤È´ÉÍý¤ò¹Ô¤¦¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£ cacerts ¥­¡¼¥¹¥È¥¢¥Õ¥¡¥¤¥ë¤Ï¡¢¼¡¤Ë¼¨¤¹ X.500 ¼±ÊÌ̾¤ò»ý¤Ä 5 ¤Ä¤Î VeriSign ¥ë¡¼¥È CA ¾ÚÌÀ½ñ¤ò´Þ¤ó¤À¾õÂ֤ǽв٤µ¤ì¤Æ¤¤¤Þ¤¹¡£

1.
OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
2.
OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
3.
OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
4.
OU=Class 4 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
5.
OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US

cacerts ¥­¡¼¥¹¥È¥¢¥Õ¥¡¥¤¥ë¤Î½é´ü¥Ñ¥¹¥ï¡¼¥É¤Ï¡¢changeit ¤Ç¤¹¡£¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ï¡¢ JDK ¤Î¥¤¥ó¥¹¥È¡¼¥ë¸å¡¢¤³¤Î¥Õ¥¡¥¤¥ë¤Î¥Ñ¥¹¥ï¡¼¥É¤È¥Ç¥Õ¥©¥ë¥È¥¢¥¯¥»¥¹¸¢¤òÊѹ¹ ¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£

keytool ¤¬¡¢¥¤¥ó¥Ý¡¼¥È¤¹¤ë¾ÚÌÀ½ñ¤«¤é¼«¸Ê½ð̾¾ÚÌÀ½ñ (¥­¡¼¥¹¥È¥¢¤Þ¤¿¤Ï cacerts ¥Õ¥¡¥¤¥ë¤Ë´Þ¤Þ¤ì¤Æ¤¤¤ë¼«¸Ê½ð̾¾ÚÌÀ½ñ) ¤Ë»ê¤ë¤Þ¤Ç¤Î¿®Íê¤Î¥Ñ¥¹¤Î¹½ÃÛ¤Ë ¼ºÇÔ¤·¤¿¾ì¹ç¤Ï¡¢¥¤¥ó¥Ý¡¼¥È¤¹¤ë¾ÚÌÀ½ñ¤Î¾ðÊó¤òɽ¼¨¤·¡¢¥æ¡¼¥¶¤Ë³Îǧ¤òµá¤á¤Þ ¤¹¡£¤³¤Î¾ì¹ç¤Ï¡¢É½¼¨¤µ¤ì¤¿¾ÚÌÀ½ñ¤Î¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤È¡¢¤Û¤«¤Î¤Ê¤ó¤é¤«¤Î (¿®Íê¤Ç¤­¤ë) ¾ðÊó¸» (¾ÚÌÀ½ñ¤Î½êÍ­¼ÔËܿͤʤÉ) ¤«¤éÆþ¼ê¤·¤¿¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È ¤È¤òÈæ³Ó¤·¤Þ¤¹¡£¡Ö¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¡×¤È¤·¤Æ¾ÚÌÀ½ñ¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ë¤È¤­¤Ï¡¢ ¾ÚÌÀ½ñ¤¬Í­¸ú¤Ç¤¢¤ë¤³¤È¤ò¿µ½Å¤Ë³Îǧ¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¾ÜºÙ¤Ï¡¢¡Ö¿®Íê¤Ç¤­¤ë ¾ÚÌÀ½ñ¤Î¥¤¥ó¥Ý¡¼¥È¤Ë´Ø¤¹¤ëÃí°Õ»ö¹à¡×¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£¥¤¥ó¥Ý¡¼¥ÈÁàºî¤Ï¡¢ ¾ÚÌÀ½ñ¤ò³Îǧ¤¹¤ë»þÅÀ¤ÇÃæ»ß¤Ç¤­¤Þ¤¹¡£¤¿¤À¤·¡¢ -noprompt ¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢¥æ¡¼¥¶¤È¤ÎÂÐÏäϹԤï¤ì¤Þ¤»¤ó¡£

¾ÚÌÀ½ñ±þÅú¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ë¤È¤­¤Ï¡¢¥­¡¼¥¹¥È¥¢Æâ¤Î¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¡¢ ¤ª¤è¤Ó ( -trustcacerts ¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ï) cacerts ¥­¡¼¥¹¥È¥¢¥Õ¥¡¥¤¥ë¤Ç¹½À®¤µ¤ì¤¿¾ÚÌÀ½ñ¤ò»È¤Ã¤Æ¾ÚÌÀ½ñ±þÅú¤¬¸¡ºº¤µ¤ì¤Þ¤¹¡£

¾ÚÌÀ½ñ±þÅú¤¬Ã±°ì¤Î X.509 ¾ÚÌÀ½ñ¤Ç¤¢¤ë¾ì¹ç¡¢ keytool ¤Ï¡¢¾ÚÌÀ½ñ±þÅú¤«¤é (¥ë¡¼¥È CA ¤Î) ¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Ë»ê¤ë¤Þ¤Ç¤Î¿®ÍêÏ¢º¿¤Î ³ÎΩ¤ò»î¤ß¤Þ¤¹¡£¾ÚÌÀ½ñ±þÅú¤È¡¢¾ÚÌÀ½ñ±þÅú¤Îǧ¾Ú¤Ë»È¤ï¤ì¤ë¾ÚÌÀ½ñ¤Î³¬ÁØ ¹½Â¤¤Ï¡¢ alias ¤Î¿·¤·¤¤¾ÚÌÀ½ñÏ¢º¿¤ò·ÁÀ®¤·¤Þ¤¹¡£

¾ÚÌÀ½ñ±þÅú¤¬ PKCS#7 ·Á¼°¤Î¾ÚÌÀÏ¢º¿¤Ç¤¢¤ë¾ì¹ç¡¢ keytool ¤Ï¡¢¤Þ¤ºÏ¢º¿¤òʤÙÂؤ¨¤Æ¡¢¥æ¡¼¥¶¤Î¾ÚÌÀ½ñ¤¬ºÇ½é¤Ë¡¢¥ë¡¼¥È CA ¤Î¼«¸Ê½ð̾¾ÚÌÀ½ñ¤¬ºÇ¸å¤Ë¤¯¤ë¤è¤¦¤Ë¤·¤¿¤¢¤È¡¢¾ÚÌÀ½ñ±þÅú¤Ë´Þ¤Þ¤ì¤ë¥ë¡¼¥È CA ¤Î¾ÚÌÀ½ñ¤È¡¢¥­¡¼¥¹¥È¥¢Æâ¤Þ¤¿¤Ï ( -trustcacerts ¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ï) cacerts ¥­¡¼¥¹¥È¥¢¥Õ¥¡¥¤¥ëÆâ¤Î¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¤È¤ò¤¹¤Ù¤ÆÈæ³Ó¤·¡¢°ìÃפ¹¤ë¤â¤Î¤¬ ¤¢¤ë¤«¤É¤¦¤«¤òÄ´¤Ù¤Þ¤¹¡£°ìÃפ¹¤ë¤â¤Î¤¬¸«¤Ä¤«¤é¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï¡¢¥ë¡¼¥È CA ¤Î¾ÚÌÀ½ñ¤Î¾ðÊó¤òɽ¼¨¤·¡¢¥æ¡¼¥¶¤Ë³Îǧ¤òµá¤á¤Þ¤¹¡£¤³¤Î¾ì¹ç¤Ï¡¢É½¼¨¤µ¤ì¤¿ ¾ÚÌÀ½ñ¤Î¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤È¡¢¤Û¤«¤Î¤Ê¤ó¤é¤«¤Î (¿®Íê¤Ç¤­¤ë) ¾ðÊó¸» (¥ë¡¼¥È CA ¼«¿È¤Ê¤É) ¤«¤éÆþ¼ê¤·¤¿¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤È¤òÈæ³Ó¤·¤Þ¤¹¡£¥¤¥ó¥Ý¡¼¥ÈÁàºî¤Ï¡¢ ¾ÚÌÀ½ñ¤ò³Îǧ¤¹¤ë»þÅÀ¤ÇÃæ»ß¤Ç¤­¤Þ¤¹¡£¤¿¤À¤·¡¢-noprompt ¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢¥æ¡¼¥¶¤È¤ÎÂÐÏäϹԤï¤ì¤Þ¤»¤ó¡£

alias ¤Ë´ØÏ¢ÉÕ¤±¤é¤ì¤¿°ÊÁ°¤Î¾ÚÌÀÏ¢º¿¤Ï¡¢¿·¤·¤¤¾ÚÌÀÏ¢º¿¤Ë¤è¤Ã¤ÆÃÖ¤­´¹¤¨¤é¤ì ¤Þ¤¹¡£°ÊÁ°¤Î¾ÚÌÀÏ¢º¿¤ò¿·¤·¤¤¾ÚÌÀÏ¢º¿¤ÇÃÖ¤­´¹¤¨¤ë¤³¤È¤¬¤Ç¤­¤ë¤Î¤Ï¡¢Í­¸ú ¤Ê keypass¡¢¤Ä¤Þ¤ê³ºÅö¤¹¤ë¥¨¥ó¥È¥ê¤ÎÈó¸ø³«¸°¤òÊݸ¤ë¤¿¤á¤Î¥Ñ¥¹¥ï¡¼¥É¤ò »ØÄꤷ¤¿¾ì¹ç¤À¤±¤Ç¤¹¡£¥Ñ¥¹¥ï¡¼¥É¤ò»ØÄꤷ¤Æ¤ª¤é¤º¡¢Èó¸ø³«¸°¤Î¥Ñ¥¹¥ï¡¼¥É ¤¬¥­¡¼¥¹¥È¥¢¤Î¥Ñ¥¹¥ï¡¼¥É¤È°Û¤Ê¤ë¾ì¹ç¤Ï¡¢Èó¸ø³«¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á ¤é¤ì¤Þ¤¹¡£¥Ñ¥¹¥ï¡¼¥É¤Î°·¤¤¤Ë¤Ï½½Ê¬Ãí°Õ¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¡Ö ¥Ñ¥¹¥ï¡¼¥É¤Ë´Ø¤¹¤ëÃí°Õ»ö¹à ¡×¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£

-selfcert {-alias alias} {-sigalg sigalg} {-dname dname}

      {-validity valDays} [-keypass keypass]
      {-storetype storetype} {-keystore keystore}
      [-storepass storepass]
      [-provider provider_class_name]
      {-v} {-Jjavaoption}

alias ¤Ë´ØÏ¢ÉÕ¤±¤é¤ì¤¿Èó¸ø³«¸°¤È¸ø³«¸°¤ò´Þ¤à¥­¡¼¥¹¥È¥¢¤Î¾ðÊó¤ò»È¤Ã¤Æ¡¢ X.509 v1 ¼«¸Ê½ð̾¾ÚÌÀ½ñ¤òÀ¸À®¤·¤Þ¤¹¡£¥³¥Þ¥ó¥É¹Ô¤Ç dname ¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ï¡¢¾ÚÌÀ½ñ¤Î issuer ¥Õ¥£¡¼¥ë¥É¤È subject ¥Õ¥£¡¼¥ë¥É¤Î ξÊý¤ËÂФ·¤Æ¡¢ dname ¤¬ X.500 ¼±ÊÌ̾¤È¤·¤Æ»È¤ï¤ì¤Þ¤¹¡£ dname ¤¬»ØÄꤵ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¡¢(´û¸¤Î¾ÚÌÀÏ¢º¿¤ÎºÇ¸å¤Î) alias ¤Ë´ØÏ¢ÉÕ¤±¤é¤ì¤¿ X.500 ¼±ÊÌ̾¤¬»È¤ï¤ì¤Þ¤¹¡£

À¸À®¤µ¤ì¤¿¾ÚÌÀ½ñ¤Ï¡¢Ã±°ì¤ÎÍ×ÁǤò»ý¤Ä¾ÚÌÀÏ¢º¿¤È¤·¤Æ¡¢ alias ¤ÇÆÃÄꤵ¤ì¤ë¥­¡¼¥¹¥È¥¢¥¨¥ó¥È¥ê¤Ë³ÊǼ¤µ¤ì¤Þ¤¹¡£³ºÅö¤¹¤ë¥¨¥ó¥È¥ê¤Î´û¸¤Î ¾ÚÌÀÏ¢º¿¤Ï¡¢¿·¤·¤¤¾ÚÌÀÏ¢º¿¤Ë¤è¤Ã¤ÆÃÖ¤­´¹¤¨¤é¤ì¤Þ¤¹¡£

sigalg ¤Ë¤Ï¡¢¾ÚÌÀ½ñ¤Ë½ð̾¤òÉÕ¤±¤ë¤È¤­¤Ë»È¤¦¥¢¥ë¥´¥ê¥º¥à¤ò»ØÄꤷ¤Þ¤¹¡£¡Ö¥µ¥Ý¡¼¥È¤µ¤ì¤ë¥¢¥ë¥´¥ê¥º¥à¤È¸°¤Î¥µ¥¤¥º¡×¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£

Èó¸ø³«¸°¤Ï¥­¡¼¥¹¥È¥¢Æâ¤Ç¤Ï¥Ñ¥¹¥ï¡¼¥É¤Ë¤è¤Ã¤ÆÊݸ¤ì¤Æ¤¤¤ë¤Î¤Ç¡¢Èó¸ø³« ¸°¤Ë¥¢¥¯¥»¥¹¤¹¤ë¤Ë¤Ï¡¢Å¬Àڤʥѥ¹¥ï¡¼¥É¤òÄ󶡤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¥³¥Þ¥ó¥É¹Ô¤Ç keypass ¤ò»ØÄꤷ¤Æ¤ª¤é¤º¡¢Èó¸ø³«¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤¬¥­¡¼¥¹¥È¥¢¤Î¥Ñ¥¹¥ï¡¼¥É¤È°Û¤Ê¤ë¾ì ¹ç¤Ï¡¢Èó¸ø³«¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£¥Ñ¥¹¥ï¡¼¥É¤Î°·¤¤¤Ë¤Ï½½ ʬÃí°Õ¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¡Ö ¥Ñ¥¹¥ï¡¼¥É¤Ë´Ø¤¹¤ëÃí°Õ»ö¹à ¡×¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£

valDays ¤Ë¤Ï¡¢¾ÚÌÀ½ñ¤ÎÍ­¸úÆü¿ô¤ò»ØÄꤷ¤Þ¤¹¡£

-identitydb {-file idb_file} {-storetype storetype}
      {-keystore keystore} [-storepass storepass]
      [-provider provider_class_name]
      {-v} {-Jjavaoption}

¥Õ¥¡¥¤¥ë idb_file ¤«¤é JDK 1.1.x ·Á¼°¤Î¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¥Ç¡¼¥¿¥Ù¡¼¥¹¤òÆɤ߹þ¤ß¡¢ ¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¥Ç¡¼¥¿¥Ù¡¼¥¹¤Î¥¨¥ó¥È¥ê¤ò¥­¡¼¥¹¥È¥¢¤ËÄɲä·¤Þ¤¹¡£¥Õ¥¡¥¤¥ë¤¬ »ØÄꤵ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¡¢É¸½àÆþÎϤ«¤é¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¥Ç¡¼¥¿¥Ù¡¼¥¹¤òÆÉ¤ß ¹þ¤ß¤Þ¤¹¡£¥­¡¼¥¹¥È¥¢¤¬Â¸ºß¤·¤Ê¤¤¾ì¹ç¤Ï¡¢ºîÀ®¤µ¤ì¤Þ¤¹¡£

¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¥Ç¡¼¥¿¥Ù¡¼¥¹¤Î¥¨¥ó¥È¥ê (¡Ö¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¡×) ¤Î¤¦¤Á¡¢¥­¡¼¥¹¥È¥¢ ¤Ë¥¤¥ó¥Ý¡¼¥È¤µ¤ì¤ë¤Î¤Ï¡¢¿®Íê¤Ç¤­¤ë¤â¤Î¤È¤·¤Æ¥Þ¡¼¥¯¤µ¤ì¤¿¥¨¥ó¥È¥ê¤À¤±¤Ç¤¹¡£¤½ ¤Î¾¤Î¤¹¤Ù¤Æ¤Î¥¨¥ó¥È¥ê¤Ï̵»ë¤µ¤ì¤Þ¤¹¡£¿®Íê¤Ç¤­¤ë¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¤´¤È¤Ë¡¢¥­ ¡¼¥¹¥È¥¢¥¨¥ó¥È¥ê¤¬ 1 ¤ÄºîÀ®¤µ¤ì¤Þ¤¹¡£¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¤Î̾Á°¤Ï¡¢¥­¡¼¥¹¥È¥¢¥¨¥ó ¥È¥ê¤Î¡ÖÊÌ̾¡×¤È¤·¤Æ»È¤ï¤ì¤Þ¤¹¡£

¿®Íê¤Ç¤­¤ë¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¤«¤é¤Î¤¹¤Ù¤Æ¤ÎÈó¸ø³«¸°¤Ï¡¢¤É¤ì¤âƱ¤¸¥Ñ¥¹¥ï¡¼¥É storepass ¤Ç°Å¹æ²½¤µ¤ì¤Þ¤¹¡£¤³¤Î¥Ñ¥¹¥ï¡¼¥É¤Ï¡¢¥­¡¼¥¹¥È¥¢¤Î´°Á´À­¤òÊݸ¤ë ¤¿¤á¤Ë»È¤ï¤ì¤ë¥Ñ¥¹¥ï¡¼¥É¤ÈƱ¤¸¤Ç¤¹¡£ keytool ¤Î -keypasswd ¥³¥Þ¥ó¥É¤Î¥ª¥×¥· ¥ç¥ó¤ò»È¤¨¤Ð¡¢¤¢¤È¤Ç¸ÄÊ̤ËÈó¸ø³«¸°¤Ë¥Ñ¥¹¥ï¡¼¥É¤ò³ä¤êÅö¤Æ¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¥Ç¡¼¥¿¥Ù¡¼¥¹Æâ¤Î¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¤Ï¡¢¤½¤ì¤¾¤ì¤¬Æ±¤¸¸ø³«¸° ¤òǧ¾Ú¤¹¤ëÊ£¿ô¤Î¾ÚÌÀ½ñ¤ò´Þ¤ó¤Ç¤¤¤ë¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£°ìÊý¡¢Èó¸ø³«¸°¤ò³ÊǼ ¤¹¤ë¥­¡¼¥¹¥È¥¢¤Î¸°¥¨¥ó¥È¥ê¤Ë´Þ¤Þ¤ì¤ë¤Î¤Ï¡¢¤½¤ÎÈó¸ø³«¸°¤È¡¢Ã±°ì¤Î¡Ö¾ÚÌÀÏ¢º¿ ¡×(ºÇ½é¤Ïñ°ì¤Î¾ÚÌÀ½ñ¤À¤±) ¤Ç¤¢¤ê¡¢Èó¸ø³«¸°¤ËÂбþ¤¹¤ë¸ø³«¸°¤ÏÏ¢º¿Æâ¤ÎºÇ ½é¤Î¾ÚÌÀ½ñ¤Ë´Þ¤Þ¤ì¤Æ¤¤¤Þ¤¹¡£¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¤«¤é¾ðÊó¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ë¾ì¹ç¤Ï ¡¢¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¤ÎºÇ½é¤Î¾ÚÌÀ½ñ¤À¤±¤¬¥­¡¼¥¹¥È¥¢¤Ë³ÊǼ¤µ¤ì¤Þ¤¹¡£¤³¤ì¤Ï¡¢¥¢ ¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¥Ç¡¼¥¿¥Ù¡¼¥¹Æâ¤Î¥¢¥¤¥Ç¥ó¥Æ¥£¥Æ¥£¤Î̾Á°¤¬¡¢Âбþ¤¹¤ë¥­¡¼¥¹¥È¥¢ ¥¨¥ó¥È¥ê¤ÎÊÌ̾¤È¤·¤Æ»È¤ï¤ì¡¢ÊÌ̾¤Ï¥­¡¼¥¹¥È¥¢Æâ¤Ç°ì°Õ¤Ç¤¢¤ë¤¿¤á¤Ç¤¹¡£

 

¥Ç¡¼¥¿¤Î¥¨¥¯¥¹¥Ý¡¼¥È

-certreq {-alias alias} {-sigalg sigalg} {-file certreq_file}
      [-keypass keypass]
      {-storetype storetype} {-keystore keystore}
      [-storepass storepass]
      [-provider provider_class_name]
      {-v} {-Jjavaoption}

PKCS#10 ·Á¼°¤ò»È¤Ã¤Æ¾ÚÌÀ½ñ½ð̾Í×µá (CSR) ¤òÀ¸À®¤·¤Þ¤¹¡£

CSR ¤Ï¡¢¾ÚÌÀ½ñȯ¹Ô¶É (CA) ¤ËÁ÷¿®¤¹¤ë¤³¤È¤òÌÜŪ¤È¤·¤¿¤â¤Î¤Ç¤¹¡£CA ¤Ï¡¢¾ÚÌÀ½ñÍ×µá¼Ô¤ò (Ä̾ï¤Ï¥ª¥Õ¥é¥¤¥ó¤Ç) ǧ¾Ú¤·¡¢¾ÚÌÀ½ñ¤Þ¤¿¤Ï¾ÚÌÀÏ¢ º¿¤òÁ÷¤êÊÖ¤·¤Þ¤¹¡£¤³¤Î¾ÚÌÀ½ñ¤Þ¤¿¤Ï¾ÚÌÀÏ¢º¿¤Ï¡¢¥­¡¼¥¹¥È¥¢Æâ¤Î´û¸¤Î¾Ú ÌÀÏ¢º¿ (ºÇ½é¤Ï 1 ¤Ä¤Î¼«¸Ê½ð̾¾ÚÌÀ½ñ¤«¤é¹½À®¤µ¤ì¤ë) ¤ËÃÖ¤­´¹¤¨¤Æ»È¤¤ ¤Þ¤¹¡£

alias ¤Ë´ØÏ¢ÉÕ¤±¤é¤ì¤¿Èó¸ø³«¸°¤È X.500 ¼±ÊÌ̾¤Ï¡¢PKCS#10 ¾ÚÌÀ½ñÍ×µá¤òºîÀ® ¤¹¤ë¤Î¤Ë»È¤ï¤ì¤Þ¤¹¡£Èó¸ø³«¸°¤Ï¥­¡¼¥¹¥È¥¢Æâ¤Ç¤Ï¥Ñ¥¹¥ï¡¼¥É¤Ë¤è¤Ã¤ÆÊݸ¤ì ¤Æ¤¤¤ë¤Î¤Ç¡¢Èó¸ø³«¸°¤Ë¥¢¥¯¥»¥¹¤¹¤ë¤Ë¤Ï¡¢Å¬Àڤʥѥ¹¥ï¡¼¥É¤òÄ󶡤¹¤ëɬÍפ¬ ¤¢¤ê¤Þ¤¹¡£¥³¥Þ¥ó¥É¹Ô¤Ç alias ¤ò»ØÄꤷ¤Æ¤ª¤é¤º¡¢Èó¸ø³«¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤¬¥­¡¼¥¹¥È¥¢¤Î¥Ñ¥¹¥ï¡¼¥É¤È°Û¤Ê¤ë¾ì¹ç ¤Ï¡¢Èó¸ø³«¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£

¥Ñ¥¹¥ï¡¼¥É¤Î°·¤¤¤Ë¤Ï½½Ê¬Ãí°Õ¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¡Ö ¥Ñ¥¹¥ï¡¼¥É¤Ë´Ø¤¹¤ëÃí°Õ»ö¹à ¡×¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£

sigalg ¤Ë¤Ï¡¢CSR ¤Ë½ð̾¤òÉÕ¤±¤ë¤È¤­¤Ë»È¤¦¥¢¥ë¥´¥ê¥º¥à¤ò»ØÄꤷ¤Þ¤¹¡£¡Ö¥µ¥Ý¡¼¥È¤µ ¤ì¤ë¥¢¥ë¥´¥ê¥º¥à¤È¸°¤Î¥µ¥¤¥º¡×¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£

CSR ¤Ï¡¢¥Õ¥¡¥¤¥ë certreq_file ¤Ë³ÊǼ¤µ¤ì¤Þ¤¹¡£¥Õ¥¡¥¤¥ë¤¬»ØÄꤵ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¡¢É¸½à½ÐÎÏ¤Ë CSR ¤¬½ÐÎϤµ¤ì¤Þ¤¹¡£

CA ¤«¤é¤Î±þÅú¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ë¤Ë¤Ï¡¢import ¥³¥Þ¥ó¥É¤ò»È¤¤¤Þ¤¹¡£

-export {-alias alias} {-file cert_file} {-storetype storetype}
      {-keystore keystore} [-storepass storepass]
      [-provider provider_class_name]
      {-rfc} {-v} {-Jjavaoption}

alias ¤Ë´ØÏ¢ÉÕ¤±¤é¤ì¤¿¾ÚÌÀ½ñ¤ò (¥­¡¼¥¹¥È¥¢¤«¤é) Æɤ߹þ¤ß¡¢¥Õ¥¡¥¤¥ë cert_file ¤Ë³ÊǼ¤·¤Þ¤¹¡£

¥Õ¥¡¥¤¥ë¤¬»ØÄꤵ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¡¢ ɸ½à½ÐÎÏ ¤Ë¾ÚÌÀ½ñ¤¬½ÐÎϤµ¤ì¤Þ¤¹¡£

¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢¥Ð¥¤¥Ê¥ê¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°¤Î¾ÚÌÀ½ñ¤¬½ÐÎϤµ¤ì¤Þ¤¹¡£¤¿¤À¤·¡¢ -rfc ¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤¿¾ì¹ç¤Ï¡¢¥×¥ê¥ó¥È²Äǽ¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°Êý¼°¤Î¾ÚÌÀ½ñ¤¬ ½ÐÎϤµ¤ì¤Þ¤¹¡£¥×¥ê¥ó¥È²Äǽ¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°Êý¼°¤Ï¡¢¥¤¥ó¥¿¡¼¥Í¥Ã¥È RFC 1421 ¾ÚÌÀ½ñ¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°µ¬³Ê¤ÇÄêµÁ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£

alias ¤¬¡¢¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¤ò»²¾È¤·¤Æ¤¤¤ë¾ì¹ç¤Ï¡¢³ºÅö¤¹¤ë¾ÚÌÀ½ñ¤¬½ÐÎϤµ¤ì¤Þ¤¹¡£ ¤½¤ì°Ê³°¤Î¾ì¹ç¡¢ alias ¤Ï¡¢´ØÏ¢ÉÕ¤±¤é¤ì¤¿¾ÚÌÀÏ¢º¿¤ò»ý¤Ä¸°¥¨¥ó¥È¥ê¤ò»²¾È¤·¤Þ¤¹¡£¤³¤Î¾ì¹ç¤Ï¡¢Ï¢º¿ Æâ¤ÎºÇ½é¤Î¾ÚÌÀ½ñ¤¬ÊÖ¤µ¤ì¤Þ¤¹¡£¤³¤Î¾ÚÌÀ½ñ¤Ï¡¢ alias ¤Ë¤è¤Ã¤Æɽ¤µ¤ì¤ë¥¨¥ó¥Æ¥£¥Æ¥£¤Î¸ø³«¸°¤òǧ¾Ú¤¹¤ë¾ÚÌÀ½ñ¤Ç¤¹¡£

 

¥Ç¡¼¥¿¤Îɽ¼¨

-list {-alias alias} {-storetype storetype} {-keystore keystore}
      [-storepass storepass]
      [-provider provider_class_name]
      {-v | -rfc} {-Jjavaoption}

alias ¤ÇÆÃÄꤵ¤ì¤ë¥­¡¼¥¹¥È¥¢¥¨¥ó¥È¥ê¤ÎÆâÍƤò (ɸ½à½ÐÎϤË) ½ÐÎϤ·¤Þ¤¹¡£ÊÌ̾¤¬»ØÄꤵ ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¡¢¥­¡¼¥¹¥È¥¢Á´ÂΤÎÆâÍƤ¬É½¼¨¤µ¤ì¤Þ¤¹¡£

¤³¤Î¥µ¥Ö¥³¥Þ¥ó¥É¤Ï¡¢¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¾ÚÌÀ½ñ¤Î MD5 ¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤òɽ¼¨¤·¤Þ ¤¹¡£ -v ¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ï¡¢½êÍ­¼Ô¡¢È¯¹Ô¼Ô¡¢¥·¥ê¥¢¥ëÈÖ¹æ¤Ê¤É¤ÎÉղà Ū¤Ê¾ðÊó¤È¤È¤â¤Ë¡¢¿Í´Ö¤¬Æɤळ¤È¤Î¤Ç¤­¤ë·Á¼°¤Ç¾ÚÌÀ½ñ¤¬É½¼¨¤µ¤ì¤Þ¤¹¡£ -rfc ¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ï¡¢¥×¥ê¥ó¥È²Äǽ¤Ê¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°Êý¼°¤Ç¾ÚÌÀ ½ñ¤ÎÆâÍƤ¬É½¼¨¤µ¤ì¤Þ¤¹¡£¥×¥ê¥ó¥È²Äǽ¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°Êý¼°¤Ï¡¢¥¤¥ó¥¿¡¼¥Í¥Ã¥È RFC 1421 ¾ÚÌÀ½ñ¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°µ¬³Ê¤ÇÄêµÁ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£

-v ¥ª¥×¥·¥ç¥ó¤È -rfc ¥ª¥×¥·¥ç¥ó¤È¤òƱ»þ¤Ë»ØÄꤹ¤ë¤³¤È¤Ï¤Ç¤­¤Þ¤»¤ó¡£

-printcert {-file cert_file} {-v} {-Jjavaoption}

¥Õ¥¡¥¤¥ë cert_file ¤«¤é¾ÚÌÀ½ñ¤òÆɤ߹þ¤ß¡¢¿Í´Ö¤¬Æɤळ¤È¤Î¤Ç¤­¤ë·Á¼°¤Ç¾ÚÌÀ½ñ¤ÎÆâÍƤò ɽ¼¨¤·¤Þ¤¹¡£¥Õ¥¡¥¤¥ë¤¬»ØÄꤵ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¡¢É¸½àÆþÎϤ«¤é¾ÚÌÀ½ñ¤ò Æɤ߹þ¤ß¤Þ¤¹¡£

¾ÚÌÀ½ñ¤Ï¡¢¥Ð¥¤¥Ê¥ê¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°¤Þ¤¿¤Ï¥×¥ê¥ó¥È²Äǽ¥¨¥ó¥³¡¼¥Ç¥£¥ó¥° Êý¼°¤Çɽ¼¨¤Ç¤­¤Þ¤¹¡£¥×¥ê¥ó¥È²Äǽ¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°Êý¼°¤Ï¡¢¥¤¥ó¥¿¡¼¥Í¥Ã¥È RFC 1421 ¾ÚÌÀ½ñ¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°µ¬³Ê¤ÇÄêµÁ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£

Ãí: ¤³¤Î¥³¥Þ¥ó¥É¤Ï¥­¡¼¥¹¥È¥¢¤È¤Ï´Ø·¸¤Ê¤¯Æ°ºî¤·¤Þ¤¹¡£

 

¥­¡¼¥¹¥È¥¢¤Î´ÉÍý

-keyclone {-alias alias} [-dest dest_alias] [-keypass keypass]
      {-new new_keypass} {-storetype storetype}
      {-keystore keystore} [-storepass storepass]
      [-provider provider_class_name]
      {-v} {-Jjavaoption}

¸µ¤Î¥¨¥ó¥È¥ê¤ÈƱ¤¸Èó¸ø³«¸°¤Èǧ¾ÚÏ¢º¿¤ò»ý¤Ä¡¢¿·¤·¤¤¥­¡¼¥¹¥È¥¢¥¨¥ó¥È¥ê¤ò ºîÀ®¤·¤Þ¤¹¡£

alias ¤Ë¤Ï¡¢¸µ¤Î¥¨¥ó¥È¥ê¤ò»ØÄꤷ¤Þ¤¹¡£alias ¤ò»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï¡¢´ûÄêÃͤΠmykey ¤¬»È¤ï¤ì¤Þ¤¹¡£ dest_alias ¤Ë¤Ï¡¢¿·¤·¤¤ (Ê£À½Àè¤Î) ¥¨¥ó¥È¥ê¤ò»ØÄꤷ¤Þ¤¹¡£¥³¥Þ¥ó¥É¹Ô¤ÇÊ£À½Àè¤ÎÊÌ̾¤ò »ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï¡¢ÊÌ̾¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£

Èó¸ø³«¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤¬¥­¡¼¥¹¥È¥¢¤Î¥Ñ¥¹¥ï¡¼¥É¤È°Û¤Ê¤ë¾ì¹ç¤Ï¡¢Í­¸ú¤Ê keypass ¤¬»ØÄꤵ¤ì¤¿¾ì¹ç¤Ë¤Î¤ß¡¢¥¨¥ó¥È¥ê¤¬Ê£À½¤µ¤ì¤Þ¤¹¡£¤³¤Î¤È¤­»ØÄꤹ¤ë¤Î¤Ï¡¢ alias ¤Ë´ØÏ¢ÉÕ¤±¤é¤ì¤¿Èó¸ø³«¸°¤òÊݸ¤ë¤¿¤á¤Î¥Ñ¥¹¥ï¡¼¥É¤Ç¤¹¡£ ¥³¥Þ¥ó¥É¹Ô¤Ç¤³¤Î¥Ñ¥¹¥ï¡¼¥É¤¬»ØÄꤵ¤ì¤º¡¢Èó¸ø³«¸°¤Î ¥Ñ¥¹¥ï¡¼¥É¤¬¥­¡¼¥¹¥È¥¢¤Î¥Ñ¥¹¥ï¡¼¥É¤È°Û¤Ê¤ë¾ì¹ç¤Ï¡¢¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á ¤é¤ì¤Þ¤¹¡£ Ê£À½¤µ¤ì¤¿¥¨¥ó¥È¥ê¤ÎÈó¸ø³«¸°¤Ï¡¢É¬Íפ˱þ¤¸¤ÆÊ̤Υѥ¹¥ï¡¼¥É¤Ç Êݸî¤Ç¤­¤Þ¤¹¡£¥³¥Þ¥ó¥É¹Ô¤Ç -new ¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï¡¢¿·¤·¤¤¥¨¥ó¥È¥ê¤Î¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á ¤é¤ì¤Þ¤¹¡£¤³¤Î¤È¤­¡¢Ê£À½¤µ¤ì¤¿Èó¸ø³«¸°¤ËÂФ·¤ÆƱ¤¸¥Ñ¥¹¥ï¡¼¥É¤ò»ØÄê¤Ç¤­¤Þ¤¹¡£

¥Ñ¥¹¥ï¡¼¥É¤Î°·¤¤¤Ë¤Ï½½Ê¬Ãí°Õ¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¡Ö ¥Ñ¥¹¥ï¡¼¥É¤Ë´Ø¤¹¤ëÃí°Õ»ö¹à ¡×¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£

¤³¤Î¥µ¥Ö¥³¥Þ¥ó¥É¤Ï¡¢¤¢¤ëÍ¿¤¨¤é¤ì¤¿¸°¤Î¥Ú¥¢¤ËÂбþ¤¹¤ëÊ£¿ô¤Îǧ¾ÚÏ¢º¿¤ò³ÎΩ ¤¹¤ë¤¿¤á¤Ë»ÈÍѤǤ­¤Þ¤¹¡£¤Þ¤¿¡¢¥Ð¥Ã¥¯¥¢¥Ã¥×¤òÌÜŪ¤È¤·¤Æ»ÈÍѤ¹¤ë¤³¤È¤â¤Ç¤­¤Þ¤¹¡£

-storepasswd {-new new_storepass} {-storetype storetype}

      {-keystore keystore} [-storepass storepass]
      [-provider provider_class_name]
      {-v} {-Jjavaoption}

¥­¡¼¥¹¥È¥¢¤ÎÆâÍƤδ°Á´À­¤òÊݸ¤ë¤¿¤á¤Ë»È¤¦¥Ñ¥¹¥ï¡¼¥É¤òÊѹ¹¤·¤Þ¤¹¡£ new_storepass ¤Ë¤Ï¡¢¿·¤·¤¤¥Ñ¥¹¥ï¡¼¥É¤ò»ØÄꤷ¤Þ¤¹¡£ new_storepass ¤Ï¡¢6 ʸ»ú°Ê¾å¤Ç¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£

¥Ñ¥¹¥ï¡¼¥É¤Î°·¤¤¤Ë¤Ï½½Ê¬Ãí°Õ¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£ ¡Ö ¥Ñ¥¹¥ï¡¼¥É¤Ë´Ø¤¹¤ëÃí°Õ»ö¹à ¡×¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£

-keypasswd {-alias alias} [-keypass old_keypass]

      [-new new_keypass] {-storetype storetype}
      {-keystore keystore} [-storepass storepass]
      [-provider provider_class_name]
      {-v} {-Jjavaoption}

alias ¤Ë¤è¤Ã¤ÆÆÃÄꤵ¤ì¤ëÈó¸ø³«¸°¤òÊݸ¤ë¤¿¤á¤Î¥Ñ¥¹¥ï¡¼¥É¤ò¡¢ old_keypass ¤«¤é new_keypass ¤ËÊѹ¹¤·¤Þ¤¹¡£

¥³¥Þ¥ó¥É¹Ô¤Ç -keypass ¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤Æ¤ª¤é¤º¡¢Èó¸ø³«¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤¬¥­¡¼¥¹¥È¥¢¤Î¥Ñ¥¹¥ï¡¼¥É¤È °Û¤Ê¤ë¾ì¹ç¤Ï¡¢Èó¸ø³«¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£

¥³¥Þ¥ó¥É¹Ô¤Ç -new ¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï¡¢¿·¤·¤¤¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£

¥Ñ¥¹¥ï¡¼¥É¤Î°·¤¤¤Ë¤Ï½½Ê¬Ãí°Õ¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¡Ö ¥Ñ¥¹¥ï¡¼¥É¤Ë´Ø¤¹¤ëÃí°Õ»ö¹à ¡×¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£

-delete [-alias alias] {-storetype storetype}

      {-keystore keystore} [-storepass storepass]
      [-provider provider_class_name]
      {-v} {-Jjavaoption}

alias ¤Ë¤è¤Ã¤ÆÆÃÄꤵ¤ì¤ë¥¨¥ó¥È¥ê¤ò¥­¡¼¥¹¥È¥¢¤«¤éºï½ü¤·¤Þ¤¹¡£¥³¥Þ¥ó¥É¹Ô¤ÇÊÌ̾¤ò»ØÄꤷ¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï¡¢ÊÌ̾¤ÎÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£

 

¥Ø¥ë¥×¤Îɽ¼¨

-help

 

Îã

¤³¤³¤Ç¤Ï¡¢¼«Ê¬¤Î¸°¤Î¥Ú¥¢¤ª¤è¤Ó¿®Íê¤Ç¤­¤ë¥¨¥ó¥Æ¥£¥Æ¥£¤«¤é¤Î¾ÚÌÀ½ñ¤ò´ÉÍý ¤¹¤ë¤¿¤á¤Î¥­¡¼¥¹¥È¥¢¤òºîÀ®¤¹¤ë¾ì¹ç¤òÎã¤È¤·¤Æ¼¨¤·¤Þ¤¹¡£

 

¸°¤Î¥Ú¥¢¤ÎÀ¸À®

¤Þ¤º¡¢¥­¡¼¥¹¥È¥¢¤òºîÀ®¤·¤Æ¸°¤Î¥Ú¥¢¤òÀ¸À®¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¼¡¤Ë¼¨¤¹¤Î¤Ï¡¢ ¼Â¹Ô¤¹¤ë¥³¥Þ¥ó¥É¤ÎÎã¤Ç¤¹¡£ 

example% keytool -genkey -dname "cn=Mark Jones, ou=Java, o=Sun, c=US"
-alias business -keypass kpi135 -keystore /working/mykeystore
-storepass ab987c -validity 180

Ãí: ¾å¤Î¥³¥Þ¥ó¥ÉÎã¤Ï¡¢Æɤߤ䤹¤¯¤¹¤ë¤¿¤á¤ËÊ£¿ô¤Î¹Ô¤Ëʬ¤±¤Æ¤¢¤ê¤Þ¤¹¤¬¡¢ ¼ÂºÝ¤Ë¤Ï 1 ¹Ô¤Ç»ØÄꤹ¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£

¤³¤ÎÎã¤Ç¤Ï¡¢ working ¥Ç¥£¥ì¥¯¥È¥ê¤Ë mykeystore ¤È¤¤¤¦Ì¾Á°¤Î¥­¡¼¥¹¥È¥¢¤òºîÀ®¤· (¥­¡¼¥¹¥È¥¢¤Ï¤Þ¤À¸ºß¤·¤Æ¤¤¤Ê¤¤¤È²¾Äꤹ¤ë)¡¢ ºîÀ®¤·¤¿¥­¡¼¥¹¥È¥¢¤Ë¥Ñ¥¹¥ï¡¼¥É ab987c ¤ò³ä¤êÅö¤Æ¤Þ¤¹¡£À¸À®¤¹¤ë¸ø³«¸°¤ÈÈó¸ø³«¸°¤Î¥Ú¥¢¤ËÂбþ¤¹¤ë¥¨¥ó¥Æ¥£¥Æ¥£¤Î ¡Ö¼±ÊÌ̾¡×¤Ï¡¢Ä̾Τ¬ MarkJones ¡¢ÁÈ¿¥Ã±°Ì¤¬ Java ¡¢ÁÈ¿¥¤¬ Sun ¡¢2 ʸ»ú¤Î¹ñÈֹ椬 US ¤Ç¤¹¡£¸ø³«¸°¤ÈÈó¸ø³«¸°¤Î¥µ¥¤¥º¤Ï¤É¤Á¤é¤â 1024 ¥Ó¥Ã¥È¤Ç¡¢¸°¤ÎºîÀ®¤Ë¤Ï¥Ç ¥Õ¥©¥ë¥È¤Î DSA ¸°À¸À®¥¢¥ë¥´¥ê¥º¥à¤ò»ÈÍѤ·¤Þ¤¹¡£

¤³¤Î¥³¥Þ¥ó¥É¤Ï¡¢¸ø³«¸°¤È¼±ÊÌ̾¾ðÊó¤ò´Þ¤à¼«¸Ê½ð̾¾ÚÌÀ½ñ (¥Ç¥Õ¥©¥ë¥È¤Î SHA1withDSA ½ð̾¥¢¥ë¥´¥ê¥º¥à¤ò»ÈÍÑ) ¤òºîÀ®¤·¤Þ¤¹¡£¾ÚÌÀ½ñ¤ÎÍ­¸ú´ü´Ö¤Ï 180 Æü¤Ç¤¹¡£¾ÚÌÀ½ñ¤Ï¡¢ÊÌ̾ business ¤ÇÆÃÄꤵ¤ì¤ë¥­¡¼¥¹¥È¥¢¥¨¥ó¥È¥êÆâ¤ÎÈó¸ø³«¸°¤Ë´ØÏ¢ÉÕ¤±¤é¤ì¤Þ¤¹¡£Èó¸ø³«¸° ¤Ë¤Ï¥Ñ¥¹¥ï¡¼¥É kpi135 ¤¬³ä¤êÅö¤Æ¤é¤ì¤Þ¤¹¡£

¥ª¥×¥·¥ç¥ó¤Î´ûÄêÃͤò»È¤¦¾ì¹ç¤Ï¡¢¾å¤Ë¼¨¤·¤¿¥³¥Þ¥ó¥É¤òÂçÉý¤Ëû¤¯¤¹¤ë¤³¤È¤¬ ¤Ç¤­¤Þ¤¹¡£¼ÂºÝ¤Ë¤Ï¡¢¥ª¥×¥·¥ç¥ó¤ò 1 ¤Ä¤â»ØÄꤻ¤º¤Ë¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¤³¤È¤â ²Äǽ¤Ç¤¹¡£´ûÄêÃͤò»ý¤Ä¥ª¥×¥·¥ç¥ó¤Ç¤Ï¡¢¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤Ê¤±¤ì¤Ð´ûÄêÃÍ ¤¬»È¤ï¤ì¡¢É¬ÍפÊÃͤˤĤ¤¤Æ¤ÏÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢Ã±¤Ë¼¡¤Î¤è¤¦ ¤ËÆþÎϤ¹¤ë¤³¤È¤â¤Ç¤­¤Þ¤¹¡£ 

example% keytool -genkey

¤³¤Î¾ì¹ç¤Ï¡¢ mykey ¤È¤¤¤¦ÊÌ̾¤Ç¥­¡¼¥¹¥È¥¢¥¨¥ó¥È¥ê¤¬ºîÀ®¤µ¤ì¡¢¿·¤·¤¯À¸À®¤µ¤ì¤¿¸°¤Î¥Ú¥¢¡¢¤ª¤è¤Ó 90 Æü´ÖÍ­¸ú¤Ê¾ÚÌÀ½ñ¤¬¤³¤Î¥¨¥ó¥È¥ê¤Ë³ÊǼ¤µ¤ì¤Þ¤¹¡£¤³¤Î¥¨¥ó¥È¥ê¤Ï¡¢¥Û¡¼¥à¥Ç¥£ ¥ì¥¯¥È¥êÆâ¤Î .keystore ¤È¤¤¤¦Ì¾Á°¤Î¥­¡¼¥¹¥È¥¢¤ËÃÖ¤«¤ì¤Þ¤¹¡£¤³¤Î¥­¡¼¥¹¥È¥¢¤¬¤Þ¤À¸ºß¤·¤Æ¤¤¤Ê¤¤¾ì¹ç ¤Ï¡¢ºîÀ®¤µ¤ì¤Þ¤¹¡£¼±ÊÌ̾¾ðÊó¡¢¥­¡¼¥¹¥È¥¢¤Î¥Ñ¥¹¥ï¡¼¥É¡¢¤ª¤è¤ÓÈó¸ø³«¸°¤Î¥Ñ ¥¹¥ï¡¼¥É¤Ë¤Ä¤¤¤Æ¤Ï¡¢ÆþÎϤòµá¤á¤é¤ì¤Þ¤¹¡£

°Ê²¼¤Ç¤Ï¡¢¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤Ê¤¤¤Ç -genkey ¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤¿¤â¤Î¤È¤·¤ÆÎã¤ò¼¨¤·¤Þ¤¹¡£¾ðÊó¤ÎÆþÎϤòµá¤á¤é¤ì¤¿¾ì¹ç¤Ï¡¢ ºÇ½é¤Ë¼¨¤·¤¿ -genkey ¥³¥Þ¥ó¥É¤ÎÃͤòÆþÎϤ·¤¿¤â¤Î¤È¤·¤Þ¤¹ (¤¿¤È¤¨¤Ð¡¢Èó¸ø³«¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤Ë¤Ï kpi135 ¤È»ØÄê)¡£

 

¾ÚÌÀ½ñȯ¹Ô¶É¤ËÂФ¹¤ë½ð̾ÉÕ¤­¾ÚÌÀ½ñ¤ÎÍ×µá

¸½»þÅÀ¤Ç¼ê¸µ¤Ë¤¢¤ë¤Î¤Ï¡¢1 Ä̤μ«¸Ê½ð̾¾ÚÌÀ½ñ¤À¤±¤Ç¤¹¡£¾ÚÌÀ½ñ¤Ë¾ÚÌÀ½ñ ȯ¹Ô¶É (CA) ¤Î½ð̾¤¬ÉÕ¤¤¤Æ¤¤¤ì¤Ð¡¢¤Û¤«¤Î¥æ¡¼¥¶¤«¤é¾ÚÌÀ½ñ¤¬¿®Íê¤Ç¤­¤ë ²ÄǽÀ­¤â¹â¤¯¤Ê¤ê¤Þ¤¹¡£CA ¤Î½ð̾¤ò¼èÆÀ¤¹¤ë¤Ë¤Ï¡¢¤Þ¤º¡¢¾ÚÌÀ½ñ½ð̾Í×µá (CSR) ¤òÀ¸À®¤·¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢¼¡¤Î¤è¤¦¤Ë¤·¤Þ¤¹¡£ 

example% keytool -certreq -file MarkJ.csr

CSR (¥Ç¥Õ¥©¥ë¥ÈÊÌ̾ mykey ¤Ë¤è¤Ã¤ÆÆÃÄꤵ¤ì¤ë¥¨¥ó¥Æ¥£¥Æ¥£¤Î CSR) ¤¬ºîÀ®¤µ¤ì¡¢ MarkJ.csr ¤È¤¤¤¦Ì¾Á°¤Î¥Õ¥¡¥¤¥ë¤ËÃÖ¤«¤ì¤Þ¤¹¡£¤³¤Î¥Õ¥¡¥¤¥ë¤Ï¡¢VeriSign ¤Ê¤É¤Î CA ¤Ë Äó½Ð¤·¤Þ¤¹¡£CA ¤ÏÍ×µá¼Ô¤ò (Ä̾ï¤Ï¥ª¥Õ¥é¥¤¥ó¤Ç) ǧ¾Ú¤·¡¢Í×µá¼Ô¤Î¸ø³«¸° ¤òǧ¾Ú¤·¤¿½ð̾ÉÕ¤­¤Î¾ÚÌÀ½ñ¤òÁ÷¤êÊÖ¤·¤Þ¤¹¡£¾ì¹ç¤Ë¤è¤Ã¤Æ¤Ï¡¢CA ¤¬¾ÚÌÀ½ñ ¤ÎÏ¢º¿¤òÊÖ¤¹¤³¤È¤â¤¢¤ê¤Þ¤¹¡£¾ÚÌÀ½ñ¤ÎÏ¢º¿¤Ç¤Ï¡¢³Æ¾ÚÌÀ½ñ¤¬Ï¢º¿Æâ¤Î¤½¤Î Á°¤Î½ð̾¼Ô¤Î¸ø³«¸°¤òǧ¾Ú¤·¤Þ¤¹¡£

 

CA ¤«¤é¤Î¾ÚÌÀ½ñ¤Î¥¤¥ó¥Ý¡¼¥È

ºîÀ®¤·¤¿¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Ï¡¢¾ÚÌÀÏ¢º¿¤ÇÃÖ¤­´¹¤¨¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£ ¾ÚÌÀÏ¢º¿¤Ç¤Ï¡¢³Æ¾ÚÌÀ½ñ¤¬¡¢¡Ö¥ë¡¼¥È¡×CA ¤òµ¯ÅÀ¤È¤¹¤ëÏ¢º¿Æâ¤Î¼¡¤Î¾ÚÌÀ½ñ ¤Î½ð̾¼Ô¤Î¸ø³«¸°¤òǧ¾Ú¤·¤Þ¤¹¡£

CA ¤«¤é¤Î¾ÚÌÀ½ñ±þÅú¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ë¤Ë¤Ï¡¢¥­¡¼¥¹¥È¥¢¤«¡¢( import ¥³¥Þ¥ó¥É¤ÇÀâÌÀ¤·¤Æ¤¤¤ë¤è¤¦¤Ë) cacerts ¥­¡¼¥¹¥È¥¢¥Õ¥¡¥¤¥ëÆâ¤Ë 1 ¤Ä°Ê¾å¤Î ¡Ö¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¡×¤òɬÍפȤ·¤Þ¤¹¡£

*
¾ÚÌÀ½ñ±þÅú¤¬¾ÚÌÀÏ¢º¿¤Î¾ì¹ç¤Ï¡¢Ï¢º¿¤Î¥È¥Ã¥×¤Î¾ÚÌÀ½ñ (¤½¤Î CA ¤Î¸ø³«¸°¤òǧ¾Ú¤¹¤ë¡Ö¥ë¡¼¥È¡×CA ¤Î¾ÚÌÀ½ñ) ¤À¤±¤òɬÍפȤ¹¤ë
*
¾ÚÌÀ½ñ±þÅú¤¬Ã±°ì¤Î¾ÚÌÀ½ñ¤Î¾ì¹ç¤Ï¡¢¾ÚÌÀ½ñ¤Ë½ð̾¤·¤¿ CA ¤Îȯ¹ÔÍѤΠ¾ÚÌÀ½ñ¤¬É¬Íפǡ¢¤½¤Î¾ÚÌÀ½ñ¤¬¼«¸Ê½ð̾¤µ¤ì¤Ê¤¤¾ì¹ç¤Ï¡¢¤µ¤é¤Ë¤½¤Î¾ÚÌÀ½ñ ¤Î½ð̾¼ÔÍѤξÚÌÀ½ñ¤òɬÍפȤ¹¤ë¡£¤³¤Î¤è¤¦¤Ë¤·¤Æ¼«¸Ê½ð̾¤µ¤ì¤ë¡Ö¥ë¡¼¥È¡×CA ¤Î¾ÚÌÀ½ñ¤Þ¤Ç¤½¤ì¤¾¤ì¾ÚÌÀ½ñ¤òɬÍפȤ¹¤ë

cacerts ¥­¡¼¥¹¥È¥¢¥Õ¥¡¥¤¥ë¤Ï¡¢5 ¤Ä¤Î VeriSign ¥ë¡¼¥È CA ¾ÚÌÀ½ñ¤ò´Þ¤ó¤À¾õÂÖ¤Ç ½Ð²Ù¤µ¤ì¤Æ¤¤¤ë¤Î¤Ç¡¢VeriSign ¤Î¾ÚÌÀ½ñ¤ò¡¢¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¤È¤·¤Æ¥­¡¼¥¹¥È¥¢ Æâ¤Ë¥¤¥ó¥Ý¡¼¥È¤¹¤ëɬÍפϤʤ¤²ÄǽÀ­¤¬¤¢¤ê¤Þ¤¹¡£¤¿¤À¤·¡¢¤Û¤«¤Î CA ¤ËÂФ·¤Æ ½ð̾ÉÕ¤­¾ÚÌÀ½ñ¤òÍ׵ᤷ¤Æ¤¤¤Æ¡¢¤³¤Î CA ¤Î¸ø³«¸°¤òǧ¾Ú¤¹¤ë¾ÚÌÀ½ñ¤¬¡¢ cacerts ¤Ë¤Þ¤ÀÄɲ䵤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¡¢³ºÅö¤¹¤ë CA ¤«¤é¤Î¾ÚÌÀ½ñ¤ò¡¢¡Ö¿®Íê¤Ç¤­¤ë ¾ÚÌÀ½ñ¡×¤È¤·¤Æ¥¤¥ó¥Ý¡¼¥È¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£

Ä̾CA ¤«¤é¤Î¾ÚÌÀ½ñ¤Ï¡¢¼«¸Ê½ð̾¾ÚÌÀ½ñ¡¢¤Þ¤¿¤Ï¤Û¤«¤Î CA ¤Ë¤è¤Ã¤Æ½ð̾ ¤µ¤ì¤¿¾ÚÌÀ½ñ¤Ç¤¹ (¸å¼Ô¤Î¾ì¹ç¤Ï¡¢³ºÅö¤¹¤ë¤Û¤«¤Î CA ¤Î¸ø³«¸°¤òǧ¾Ú¤¹¤ë ¾ÚÌÀ½ñ¤âɬÍ×)¡£¤¿¤È¤¨¤Ð¡¢ABC ¤È¤¤¤¦´ë¶È¤¬ CA ¤À¤È¤·¤Þ¤¹¡£¤³¤Î¤È¤­¡¢¤³¤Î CA ¤Î¸ø³«¸°¤òǧ¾Ú¤¹¤ë¼«¸Ê½ð̾¾ÚÌÀ½ñ¤È¹Í¤¨¤é¤ì¤ë ABCCA.cer ¤È¤¤¤¦Ì¾Á°¤Î¥Õ¥¡¥¤¥ë¤ò¡¢ABC ¤«¤éÆþ¼ê¤·¤¿¤È¤·¤Þ¤¹¡£

¡Ö¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¡×¤È¤·¤Æ¾ÚÌÀ½ñ¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ëÁ°¤Ë¡¢¾ÚÌÀ½ñ¤¬Í­¸ú¤Ç¤¢¤ë¤³¤È¤òɬ¤º³Îǧ¤·¤Æ¤¯¤À¤µ¤¤¡£¤Þ¤º¡¢¾ÚÌÀ½ñ¤ÎÆâÍƤòɽ¼¨¤· ( -printcert ¥µ¥Ö¥³¥Þ¥ó¥É¡¢¤Þ¤¿¤Ï -noprompt ¥ª¥×¥·¥ç¥ó¤Ê¤·¤Ç -import ¥µ¥Ö¥³¥Þ¥ó¥É¤ò»ÈÍÑ)¡¢É½¼¨¤µ¤ì¤¿¾ÚÌÀ½ñ¤Î¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤¬¡¢´üÂÔ¤µ¤ì¤ë¥Õ¥£¥ó ¥¬¡¼¥×¥ê¥ó¥È¤È°ìÃפ¹¤ë¤«¤É¤¦¤«¤ò³Îǧ¤·¤Þ¤¹¡£¾ÚÌÀ½ñ¤òÁ÷¿®¤·¤¿¿Íʪ¤ËÏ¢Íí¤·¡¢ ¤³¤Î¿Íʪ¤¬Ä󼨤·¤¿ (¤Þ¤¿¤Ï°ÂÁ´¤Ê¸ø³«¸°¤Î¥ê¥Ý¥¸¥È¥ê¤Ë¤è¤Ã¤ÆÄ󼨤µ¤ì¤ë) ¥Õ¥£ ¥ó¥¬¡¼¥×¥ê¥ó¥È¤È¡¢¾å¤Î¥³¥Þ¥ó¥É¤Çɽ¼¨¤µ¤ì¤¿¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤È¤òÈæ³Ó¤·¤Þ¤¹¡£ ¥Õ¥£¥ó¥¬¡¼¥×¥ê¥ó¥È¤¬°ìÃפ¹¤ì¤Ð¡¢Á÷¿®ÅÓÃæ¤Ç¤Û¤«¤Î²¿¼Ô¤« (¹¶·â¼Ô¤Ê¤É) ¤Ë¤è ¤ë¾ÚÌÀ½ñ¤Î¤¹¤êÂؤ¨¤¬¹Ô¤ï¤ì¤Æ¤¤¤Ê¤¤¤³¤È¤ò³Îǧ¤Ç¤­¤Þ¤¹¡£Á÷¿®ÅÓÃæ¤Ç¤³¤Î¼ï¤Î ¹¶·â¤¬¹Ô¤ï¤ì¤Æ¤¤¤¿¾ì¹ç¡¢¥Á¥§¥Ã¥¯¤ò¹Ô¤ï¤º¤Ë¾ÚÌÀ½ñ¤ò¥¤¥ó¥Ý¡¼¥È¤¹¤ë¤È¡¢¹¶·â ¼Ô¤Ë¤è¤Ã¤Æ½ð̾¤µ¤ì¤¿¤¹¤Ù¤Æ¤Î¤â¤Î¤ò¿®Íꤹ¤ë¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£

ABCCA.cer ¤òÍ­¸ú¤Ê¾ÚÌÀ½ñ¤È¤·¤Æ¿®Íꤹ¤ë¾ì¹ç¤Ï¡¢¾ÚÌÀ½ñ¤ò¥­¡¼¥¹¥È¥¢¤ËÄɲà ¤Ç¤­¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢¼¡¤Î¤è¤¦¤Ë¤·¤Þ¤¹¡£ 

example% keytool -import -alias abc -file ABCCA.cer

ABCCA.cer ¥Õ¥¡¥¤¥ë¤Î¥Ç¡¼¥¿¤ò´Þ¤à¡Ö¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¡×¤Î¥¨¥ó¥È¥ê¤¬¥­¡¼¥¹¥È¥¢Æâ¤ËºîÀ®¤µ¤ì¡¢³ºÅö¤¹¤ë¥¨¥ó¥È¥ê¤Ë abc ¤È¤¤¤¦ÊÌ̾¤¬³ä¤êÅö¤Æ¤é¤ì¤Þ¤¹¡£

 

CA ¤«¤é¤Î¾ÚÌÀ½ñ±þÅú¤Î¥¤¥ó¥Ý¡¼¥È

¾ÚÌÀ½ñ½ð̾Í×µá¤ÎÄó½ÐÀè¤Î CA ¤Î¸ø³«¸°¤òǧ¾Ú¤¹¤ë¾ÚÌÀ½ñ¤ò¥¤¥ó¥Ý¡¼¥È¤·¤¿ ¤¢¤È¤Ï (¤Þ¤¿¤ÏƱ¼ï¤Î¾ÚÌÀ½ñ¤¬¤¹¤Ç¤Ë cacerts ¥Õ¥¡¥¤¥ëÆâ¤Ë¸ºß¤·¤Æ¤¤¤ë¾ì¹ç¤Ï)¡¢¾ÚÌÀ½ñ±þÅú¤ò¥¤¥ó¥Ý¡¼¥È¤·¡¢¼«¸Ê½ð̾¾ÚÌÀ ½ñ¤ò¾ÚÌÀÏ¢º¿¤ÇÃÖ¤­´¹¤¨¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£¤³¤Î¾ÚÌÀÏ¢º¿¤Ï¡¢CA ¤Î±þÅú¤¬Ï¢ º¿¤Î¾ì¹ç¡¢¾ÚÌÀ½ñ½ð̾Í×µá¤ËÂФ¹¤ë±þÅú¤È¤·¤Æ CA ¤«¤éÁ÷¤êÊÖ¤µ¤ì¤¿¾ÚÌÀÏ¢º¿ ¤Ç¤¹¡£¤Þ¤¿¡¢CA ¤Î±þÅú¤¬Ã±°ì¤Î¾ÚÌÀ½ñ¤Î¾ì¹ç¤Ï¡¢¤³¤Î¾ÚÌÀ½ñ±þÅú¤È¡¢¥¤¥ó¥Ý¡¼¥ÈÀè¤Î ¥­¡¼¥¹¥È¥¢Æâ¤Þ¤¿¤Ï cacerts ¥­¡¼¥¹¥È¥¢¥Õ¥¡¥¤¥ëÆâ¤Ë¤¹¤Ç¤Ë¸ºß¤¹¤ë¿®Íê¤Ç¤­¤ë¾ÚÌÀ½ñ¤È¤ò»È¤Ã¤Æ¹½ÃÛ¤·¤¿¾Ú ÌÀÏ¢º¿¤Ç¤¹¡£

¤¿¤È¤¨¤Ð¡¢¾ÚÌÀ½ñ½ð̾Í×µá¤ò VeriSign ¤ËÁ÷¿®¤·¤¿¤È¤·¤Þ¤¹¡£Á÷¤êÊÖ¤µ¤ì¤¿¾ÚÌÀ½ñ¤Î̾Á°¤¬ VSMarkJ.cer ¤À¤È¤¹¤ë¤È¡¢¼¡¤Î¤è¤¦¤Ë¤·¤Æ±þÅú¤ò¥¤¥ó¥Ý¡¼¥È¤Ç¤­¤Þ¤¹¡£ 

example% keytool -import -trustcacerts -file VSMarkJ.cer

 

¸ø³«¸°¤òǧ¾Ú¤¹¤ë¾ÚÌÀ½ñ¤Î¥¨¥¯¥¹¥Ý¡¼¥È

¤¿¤È¤¨¤Ð¡¢ jarsigner(1) ¥Ä¡¼¥ë¤ò»È¤Ã¤Æ Java ARchive (JAR) ¥Õ¥¡¥¤¥ë¤Ë½ð̾¤òÉÕ¤±¤¿¤È¤·¤Þ¤¹¡£ ¤³¤Î JAR ¥Õ¥¡¥¤¥ë¤Ï¥¯¥é¥¤¥¢¥ó¥È¤Ë¤è¤Ã¤Æ»È¤ï¤ì¤Þ¤¹¤¬¡¢¥¯¥é¥¤¥¢¥ó¥È¦¤Ç¤Ï ½ð̾¤òǧ¾Ú¤·¤¿¤¤¤È¹Í¤¨¤Æ¤¤¤Þ¤¹¡£

¥¯¥é¥¤¥¢¥ó¥È¤¬½ð̾¤òǧ¾Ú¤¹¤ëÊýË¡¤Î 1 ¤Ä¤Ë¡¢¤Þ¤º¼«Ê¬¤Î¸ø³«¸°¤Î¾ÚÌÀ½ñ¤ò ¡Ö¿®Íê¤Ç¤­¤ë¡×¥¨¥ó¥È¥ê¤È¤·¤Æ¥¯¥é¥¤¥¢¥ó¥È¤Î¥­¡¼¥¹¥È¥¢¤Ë¥¤¥ó¥Ý¡¼¥È¤¹¤ëÊýË¡¤¬¤¢¤ê¤Þ ¤¹¡£¤½¤Î¤¿¤á¤Ë¤Ï¡¢¾ÚÌÀ½ñ¤ò¥¨¥¯¥¹¥Ý¡¼¥È¤·¤Æ¡¢¥¯¥é¥¤¥¢¥ó¥È¤ËÄ󶡤·¤Þ¤¹¡£¤¿¤È¤¨ ¤Ð¡¢¼¡¤Î¤è¤¦¤Ë¤·¤Æ¡¢¾ÚÌÀ½ñ¤ò MJ.cer ¤È¤¤¤¦Ì¾Á°¤Î¥Õ¥¡¥¤¥ë¤Ë¥³¥Ô¡¼¤·¤Þ¤¹¡£¤³¤Î¥¨¥ó¥È¥ê¤Ë¤Ï¡Ö mykey ¡×¤È¤¤¤¦ÊÌ̾¤¬»È¤ï¤ì¤Æ¤¤¤ë¤È¤·¤Þ¤¹¡£ 

example% keytool -export -alias mykey -file MJ.cer

¾ÚÌÀ½ñ¤È½ð̾ÉÕ¤­ JAR ¥Õ¥¡¥¤¥ë¤òÆþ¼ê¤·¤¿¥¯¥é¥¤¥¢¥ó¥È¤Ï¡¢ jarsigner(1) ¥Ä¡¼¥ë¤ò»È¤Ã¤Æ½ð̾¤òǧ¾Ú¤Ç¤­¤Þ¤¹¡£

 

¸°¤Î¥Ú¥¢¤òÊÝ»ý¤·¤¿¤Þ¤Þ¤Ç¤Î¼±ÊÌ̾¤ÎÊѹ¹

½ê°Éô²Ý¤ÎÊѹ¹¤äž¶Ð¤Ê¤É¤Ë¤è¤Ã¤Æ¡¢¼±ÊÌ̾¤¬Êѹ¹¤µ¤ì¤¿¤È¤·¤Þ¤¹¡£¤³¤Î¤è¤¦¤Ê ¾ì¹ç¤Ï¡¢¼±ÊÌ̾¤ò¹¹¿·¤¹¤ë°ìÊý¤Ç¡¢°ú¤­Â³¤­°ÊÁ°¤ÈƱ¤¸¸ø³«¸°¤ÈÈó¸ø³«¸°¤Î ¥Ú¥¢¤ò»ÈÍѤ¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢Ì¾Á°¤¬ Susan Miller ¤Ç¡¢°ÊÁ°¤Ë sMiller ¤È¤¤¤¦ÊÌ̾¤Ç¸°¥¨¥ó¥È¥ê¤òºîÀ®¤·¤Æ¤¤¤¿¤È¤·¤Þ¤¹¡£¼±ÊÌ̾¤Ï¡¢¼¡¤Î¤è¤¦¤Ë»ØÄꤷ¤Æ ¤¤¤Þ¤·¤¿¡£ 

"cn=Susan Miller, ou=Finance Department, o=BlueSoft, c=us"

¤³¤³¤Ç¡¢½ê°Éô²Ý¤¬ Finance Department ¤«¤é Accounting Department ¤Ë Êѹ¹¤Ë¤Ê¤Ã¤¿¤È¤·¤Þ¤¹¡£¤³¤Î¾ì¹ç¡¢°ÊÁ°¤ËÀ¸À®¤·¤¿¸ø³«¸°¤ÈÈó¸ø³«¸°¤Î¥Ú¥¢¤ò »È¤¤Â³¤±¤Ê¤¬¤é¼±ÊÌ̾¤ò¹¹¿·¤¹¤ë¤Ë¤Ï¡¢¼¡¤Î¤è¤¦¤Ë¤·¤Þ¤¹¡£ ¤Þ¤º¡¢¸°¥¨¥ó¥È¥ê¤ò ¥³¥Ô¡¼ (Ê£À½) ¤·¤Þ¤¹¡£ 

example% keytool -keyclone -alias sMiller -dest sMillerNew

¤³¤ÎÎã¤Ç¤Ï¡¢¥¹¥È¥¢¤Î¥Ñ¥¹¥ï¡¼¥É¤ª¤è¤Ó¸µ¤ÎÈó¸ø³«¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤ÈÊ£À½Àè¤Î Èó¸ø³«¸°¤Î¥Ñ¥¹¥ï¡¼¥É¤ò¥³¥Þ¥ó¥É¹Ô¤Ç»ØÄꤷ¤Æ¤¤¤Ê¤¤¤Î¤Ç¡¢¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤò µá¤á¤é¤ì¤Þ¤¹¡£¸°¥¨¥ó¥È¥ê¤ò¥³¥Ô¡¼¤·¤¿¤¢¤È¤Ï¡¢Ï¢º¿Æâ¤ÎºÇ½é¤Î¾ÚÌÀ½ñ¤¬Êѹ¹¸å ¤Î¼±ÊÌ̾¤ò»È¤¦¤è¤¦¤Ë¤¹¤ë¤¿¤á¤Ë¡¢¥³¥Ô¡¼¤·¤¿¸°¥¨¥ó¥È¥ê¤Ë´ØÏ¢ÉÕ¤±¤é¤ì¤Æ¤¤¤ë ¾ÚÌÀÏ¢º¿¤òÊѹ¹¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¤Þ¤º¡¢Å¬ÀÚ¤Ê̾Á°¤Ç¼«¸Ê½ð̾¾ÚÌÀ½ñ¤ò À¸À®¤·¤Þ¤¹¡£ 

example% keytool -selfcert -alias sMillerNew
-dname "cn=Susan Miller, ou=Accounting Department, o=BlueSoft, c=us"

¼¡¤Ë¡¢¤³¤Î¿·¤·¤¤¾ÚÌÀ½ñ¤Î¾ðÊó¤Ë´ð¤Å¤¤¤Æ¾ÚÌÀ½ñ½ð̾Í×µá¤òÀ¸À®¤·¤Þ¤¹¡£ 

example% keytool -certreq -alias sMillerNew

CA ¤Î¾ÚÌÀ½ñ±þÅú¤òÆþ¼ê¤·¤¿¤é¡¢±þÅú¤ò¥¤¥ó¥Ý¡¼¥È¤·¤Þ¤¹¡£ 

example% keytool -import -alias sMillerNew -file VSSMillerNew.cer

¾ÚÌÀ½ñ±þÅú¤Î¥¤¥ó¥Ý¡¼¥È¸å¤Ï¡¢¸Å¤¤¼±ÊÌ̾¤¬»È¤ï¤ì¤Æ¤¤¤ë¸µ¤Î¸°¥¨¥ó¥È¥ê¤òºï½ü¤Ç¤­¤Þ¤¹¡£ 

example% keytool -delete -alias sMiller

 

´ØÏ¢¹àÌÜ

jar(1)¡¢ jarsigner(1)

¼¡¤Ë¤Ä¤¤¤Æ¤Ï¡¢ java.sun.com ¤ò»²¾È¤Þ¤¿¤Ï¸¡º÷¤·¤Æ¤¯¤À¤µ¤¤¡£

Security in Java 2 Platform @
http://java.sun.com/docs/books/tutorial/security1.2/index.html

 

Index

̾Á°
·Á¼°
µ¡Ç½ÀâÌÀ
¥­¡¼¥¹¥È¥¢¤Î¥¨¥ó¥È¥ê
¥­¡¼¥¹¥È¥¢¤ÎÊÌ̾
¥­¡¼¥¹¥È¥¢¤Î¾ì½ê
¥­¡¼¥¹¥È¥¢¤ÎºîÀ®
¥­¡¼¥¹¥È¥¢¤Î¼ÂÁõ
¥µ¥Ý¡¼¥È¤µ¤ì¤ë¥¢¥ë¥´¥ê¥º¥à¤È¸°¤Î¥µ¥¤¥º
¾ÚÌÀ½ñ
X.509 ¾ÚÌÀ½ñ
X.500 ¼±ÊÌ̾
¥¤¥ó¥¿¡¼¥Í¥Ã¥È RFC 1421 ¾ÚÌÀ½ñ¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°
¾ÚÌÀÏ¢º¿
¾ÚÌÀ½ñ¤Î¥¤¥ó¥Ý¡¼¥È
¾ÚÌÀ½ñ¤Î¥¨¥¯¥¹¥Ý¡¼¥È
¾ÚÌÀ½ñ¤Îɽ¼¨
¼«¸Ê½ð̾¾ÚÌÀ½ñ¤ÎÀ¸À®
»ÈÍÑÊýË¡
¥ª¥×¥·¥ç¥ó¤Î´ûÄêÃÍ
¤Û¤È¤ó¤É¤Î¥µ¥Ö¥³¥Þ¥ó¥É¤Ç»È¤ï¤ì¤ë¥ª¥×¥·¥ç¥ó
¥Ñ¥¹¥ï¡¼¥É¤Ë´Ø¤¹¤ëÃí°Õ»ö¹à
¥µ¥Ö¥³¥Þ¥ó¥É
¥­¡¼¥¹¥È¥¢¤Ø¤Î¥Ç¡¼¥¿¤ÎÄɲÃ
¥Ç¡¼¥¿¤Î¥¨¥¯¥¹¥Ý¡¼¥È
¥Ç¡¼¥¿¤Îɽ¼¨
¥­¡¼¥¹¥È¥¢¤Î´ÉÍý
¥Ø¥ë¥×¤Îɽ¼¨
Îã
¸°¤Î¥Ú¥¢¤ÎÀ¸À®
¾ÚÌÀ½ñȯ¹Ô¶É¤ËÂФ¹¤ë½ð̾ÉÕ¤­¾ÚÌÀ½ñ¤ÎÍ×µá
CA ¤«¤é¤Î¾ÚÌÀ½ñ¤Î¥¤¥ó¥Ý¡¼¥È
CA ¤«¤é¤Î¾ÚÌÀ½ñ±þÅú¤Î¥¤¥ó¥Ý¡¼¥È
¸ø³«¸°¤òǧ¾Ú¤¹¤ë¾ÚÌÀ½ñ¤Î¥¨¥¯¥¹¥Ý¡¼¥È
¸°¤Î¥Ú¥¢¤òÊÝ»ý¤·¤¿¤Þ¤Þ¤Ç¤Î¼±ÊÌ̾¤ÎÊѹ¹
´ØÏ¢¹àÌÜ
This document was created by man2html, using the manual pages.
Time: 04:12:30 GMT, April 18, 2024