23,118
社区成员
发帖
与我相关
我的任务
分享linux 环境使用openssl 生CA 和密钥报异常java.lang.NumberFormatException: For input string: "
真的好奇怪,使用shell脚本生成CA和密钥对,报异常keytool error: java.lang.NumberFormatException: For input string: "",说异常出现在第一条语句,检察了十几遍,尝试了很多次还是不可以,希望大神帮忙解决一下,雪地里跪求等待。单条拿出来执行是没有问题,执行脚本就有问题。脚本如下:
VALIDITY=365
SERVER_KEYSTORE_PASSWORD=javaking
SERVER_KEYSTORE_KEY_PASSWORD=javastudent
CA_PASSWORD=jackrabbit
SERVER_TRUSTSTORE_PASSWORD=htmlking
SERVER_TRUSTSTORE_KEY_PASSWORD=htmlstudent
CLIENT_TRUSTSTORE_PASSWORD=jsonking
CLIENT_TRUSTSTORE_KEY_PASSWORD=jsonstudent
CLIENT_KEYSTORE_PASSWORD=opencvking
CLIENT_KEYSTORE_KEY_PASSWORD=opencvstudent
D_NAME="CN=Chan, OU=Itcs, O=KK, L=Shanghai, ST=Shanghai, C=CN"
SUBJECT="/C=CN/ST=Shanghai/L=Shanghai/O=KK/CN=Chan"
echo "1. 创建集群证书到server keystore......"
keytool -keystore kafka.server.keystore.jks -alias localhost -validity $VALIDITY -genkey -keyalg RSA -storepass "$SERVER_KEYSTORE_PASSWORD" -keypass "$SERVER_KEYSTORE_KEY_PASSWORD" -dname "$D_NAME"
echo "2. 创建CA......"
openssl req -new -x509 -keyout ca-key -out ca-cert -days "$VALIDITY" -passin pass:"$CA_PASSWORD" -passout pass:"$CA_PASSWORD" -subj "$SUBJECT"
echo "3. 导入CA文件到server truststore和client truststore......"
keytool -keystore kafka.server.truststore.jks -alias CARoot -import -file ca-cert -storepass "$SERVER_TRUSTSTORE_PASSWORD" -keypass "$SERVER_TRUSTSTORE_KEY_PASSWORD" -noprompt
keytool -keystore kafka.client.truststore.jks -alias CARoot -import -file ca-cert -storepass "$CLIENT_TRUSTSTORE_PASSWORD" -keypass "$CLIENT_TRUSTSTORE_KEY_PASSWORD" -noprompt
echo "4. 从server keystore中导出集群证书......"
keytool -keystore kafka.server.keystore.jks -alias localhost -certreq -file cert-file -storepass "$SERVER_KEYSTORE_PASSWORD" -keypass "$SERVER_KEYSTORE_KEY_PASSWORD" -noprompt
echo "5. 签发server证书......"
openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file -out cert-signed -days "$VALIDITY" -CAcreateserial -passin pass:"$CA_PASSWORD"
echo "6. 导入CA文件到server keystore......"
keytool -keystore kafka.server.keystore.jks -alias CARoot -import -file ca-cert -storepass "$SERVER_KEYSTORE_PASSWORD" -keypass "$SERVER_KEYSTORE_KEY_PASSWORD" -noprompt
echo "7. 导入已签发证书到server keystore......"
keytool -keystore kafka.server.keystore.jks -alias localhost -import -file cert-signed -storepass "$SERVER_KEYSTORE_PASSWORD" -keypass "$SERVER_KEYSTORE_KEY_PASSWORD" -noprompt
echo "8. 创建集群证书到client keystore......"
keytool -keystore kafka.client.keystore.jks -alias localhost -validity $VALIDITY -genkey -keyalg RSA -storepass "$CLIENT_KEYSTORE_PASSWORD" -keypass "$CLIENT_KEYSTORE_KEY_PASSWORD" -dname "$D_NAME"
echo "9. 从client keystore中导出集群证书......"
keytool -keystore kafka.client.keystore.jks -alias localhost -certreq -file cert-file -storepass "$CLIENT_KEYSTORE_PASSWORD" -keypass "$CLIENT_KEYSTORE_KEY_PASSWORD" -noprompt
echo "10. 签发client证书......"
openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file -out cert-signed -days "$VALIDITY" -CAcreateserial -passin pass:"$CA_PASSWORD"
echo "11. 导入CA文件到client keystore......"
keytool -keystore kafka.client.keystore.jks -alias CARoot -import -file ca-cert -storepass "$CLIENT_KEYSTORE_PASSWORD" -keypass "$CLIENT_KEYSTORE_KEY_PASSWORD" -noprompt
echo "12. 导入已签发证书到client keystore......"
keytool -keystore kafka.client.keystore.jks -alias localhost -import -file cert-signed -storepass "$CLIENT_KEYSTORE_PASSWORD" -keypass "$CLIENT_KEYSTORE_KEY_PASSWORD" -noprompt
VALIDITY=365
SERVER_KEYSTORE_PASSWORD=javaking
SERVER_KEYSTORE_KEY_PASSWORD=javastudent
CA_PASSWORD=jackrabbit
SERVER_TRUSTSTORE_PASSWORD=htmlking
SERVER_TRUSTSTORE_KEY_PASSWORD=htmlstudent
CLIENT_TRUSTSTORE_PASSWORD=jsonking
CLIENT_TRUSTSTORE_KEY_PASSWORD=jsonstudent
CLIENT_KEYSTORE_PASSWORD=opencvking
CLIENT_KEYSTORE_KEY_PASSWORD=opencvstudent
D_NAME="CN=Chan, OU=Itcs, O=KK, L=Shanghai, ST=Shanghai, C=CN"
SUBJECT="/C=CN/ST=Shanghai/L=Shanghai/O=KK/CN=Chan"
echo "1. 创建集群证书到server keystore......"
keytool -keystore kafka.server.keystore.jks -alias localhost -validity $VALIDITY -genkey -keyalg RSA -storepass "$SERVER_KEYSTORE_PASSWORD" -keypass "$SERVER_KEYSTORE_KEY_PASSWORD" -dname "$D_NAME"
echo "2. 创建CA......"
openssl req -new -x509 -keyout ca-key -out ca-cert -days "$VALIDITY" -passin pass:"$CA_PASSWORD" -passout pass:"$CA_PASSWORD" -subj "$SUBJECT"
echo "3. 导入CA文件到server truststore和client truststore......"
keytool -keystore kafka.server.truststore.jks -alias CARoot -import -file ca-cert -storepass "$SERVER_TRUSTSTORE_PASSWORD" -keypass "$SERVER_TRUSTSTORE_KEY_PASSWORD" -noprompt
keytool -keystore kafka.client.truststore.jks -alias CARoot -import -file ca-cert -storepass "$CLIENT_TRUSTSTORE_PASSWORD" -keypass "$CLIENT_TRUSTSTORE_KEY_PASSWORD" -noprompt
echo "4. 从server keystore中导出集群证书......"
keytool -keystore kafka.server.keystore.jks -alias localhost -certreq -file cert-file -storepass "$SERVER_KEYSTORE_PASSWORD" -keypass "$SERVER_KEYSTORE_KEY_PASSWORD" -noprompt
echo "5. 签发server证书......"
openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file -out cert-signed -days "$VALIDITY" -CAcreateserial -passin pass:"$CA_PASSWORD"
echo "6. 导入CA文件到server keystore......"
keytool -keystore kafka.server.keystore.jks -alias CARoot -import -file ca-cert -storepass "$SERVER_KEYSTORE_PASSWORD" -keypass "$SERVER_KEYSTORE_KEY_PASSWORD" -noprompt
echo "7. 导入已签发证书到server keystore......"
keytool -keystore kafka.server.keystore.jks -alias localhost -import -file cert-signed -storepass "$SERVER_KEYSTORE_PASSWORD" -keypass "$SERVER_KEYSTORE_KEY_PASSWORD" -noprompt
echo "8. 创建集群证书到client keystore......"
keytool -keystore kafka.client.keystore.jks -alias localhost -validity $VALIDITY -genkey -keyalg RSA -storepass "$CLIENT_KEYSTORE_PASSWORD" -keypass "$CLIENT_KEYSTORE_KEY_PASSWORD" -dname "$D_NAME"
echo "9. 从client keystore中导出集群证书......"
keytool -keystore kafka.client.keystore.jks -alias localhost -certreq -file cert-file -storepass "$CLIENT_KEYSTORE_PASSWORD" -keypass "$CLIENT_KEYSTORE_KEY_PASSWORD" -noprompt
echo "10. 签发client证书......"
openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file -out cert-signed -days "$VALIDITY" -CAcreateserial -passin pass:"$CA_PASSWORD"
echo "11. 导入CA文件到client keystore......"
keytool -keystore kafka.client.keystore.jks -alias CARoot -import -file ca-cert -storepass "$CLIENT_KEYSTORE_PASSWORD" -keypass "$CLIENT_KEYSTORE_KEY_PASSWORD" -noprompt
echo "12. 导入已签发证书到client keystore......"
keytool -keystore kafka.client.keystore.jks -alias localhost -import -file cert-signed -storepass "$CLIENT_KEYSTORE_PASSWORD" -keypass "$CLIENT_KEYSTORE_KEY_PASSWORD" -noprompt
...全文
请发表友善的回复…
发表回复
李庆海 2018-06-18
- 打赏
- 举报
你好,请问你是否在shell脚本开头写[#!/bin/bash],如果写了请VALIDITY 试用 【 ${VALIDITY} 】 试下。我在CentOS7下测试没有问题如图
java.security.spec.InvalidKeySpecException: java.lang.RuntimeException: error:0c0000b9:ASN.1 encodin
