Ssl== certificate related concepts

http://t.zoukankan.com/top5-p-1589129.html

https://blog.csdn.net/weiyuanke/article/details/87256937

use OPSSL Generate CSR Document and KEY file , Hold CSR Documents to CA Certification body let CA Signature of certification authority , Sign and return CRT file ,CRT Document and KEY The file is stored in the server （ Or use OPENSSL take CRT and KEY The documents are merged into PFX file , This file is very familiar , Put it in springboot Project resource You can configure it under the directory SSL）, Request the server to get CRT file , The client goes to CA Verified by Certification Authority CRT Document authenticity ( This process may not need to CA Agency verification , The computer or browser comes with something you can trust CA Institutional information ？), If it's true , Just use CRT The public key encryption recorded in the file should be sent after passing the information to the server . The service side with KEY The private key in the file decrypts the received information .

Openssl Generate CSR Document method _chengqiuming The blog of -CSDN Blog _openssl Generate csr file

=======================================

CSR file ：Certificate Signing Request Abbreviation , Certificate signing request , Keep the public key 、 Bound domain name 、 Company information 、 Region and other information

https://www.cnblogs.com/guanshan/p/guan2022-1-28.html

KEY file ： The file where the private key is stored

CRT file ：Certificate, after CA The official certificate after the signature and authentication of the organization , Self use OPENSSL Signature authentication is also ok

CA： E-commerce certification authority （CA, Certificate Authority）

PFX Documents or P12 file ： For convenience, such as springboot This program reads , take CRT file 、 The private key is packaged together to generate a file , You need to provide an additional password when packaging .

JKS file ：jdk Built-in tools keytool.exe pack CRT file 、 The file generated after the private key .keytool=openssl, Just two commands for creating and decompressing various files 、 The format is different , So there are two ways to generate online , The command used will be automatically generated

 ======================

PEM file ？ I think equal to CRT be equal to CER, Because to nginx Two files are required for the certificate ,PEM+KEY perhaps CRT+KEY perhaps CER+KEY

Nginx Certificate configuration :cer Document and jks File transfer nginx certificate .crt and key file _ Accompanying blog -CSDN Blog _nginx To configure cer certificate

Nginx install SSL certificate _love_yu_er The blog of -CSDN Blog

======================

java keytool Tools