cobaltstrike keytool store 证书转换成nginx 所需证书

作者: print("") 分类: 信息安全 发布时间: 2021-09-11 16:42

今天大哥问了一个问题。如何让store  证书插上Nginx的翅膀

一、首先生成一个证书 

keytool -keystore ./microsoft.store -storepass 123456789 -keypass 123456789 -genkey -keyalg RSA -alias microsoft.com -dname "CN=microsoft, OU=microsoft, O=microsoft, L=Beijing, ST=Beijing, C=CN" -validity 36500

二、转换为PKCS12格式的证书

通过microsoft.store 转为local.store  

└──╼ #keytool  -keystore  microsoft.store -storepass 123456789 -rfc -file miss.cerkeytool -importkeystore -srckeystore microsoft.store -destkeystore  local.store -deststoretype pkcs12
Importing keystore microsoft.store to local.store...
Enter source keystore password:  
Entry for alias microsoft.com successfully imported.
Import command completed:  1 entries successfully imported, 0 entries failed or cancelled

三、使用JKS2PFX  进行转换

https://www.o2oxy.cn/wp-content/uploads/2021/09/2010052609300163.zip

用法: 

运行以下命令:
JKS2PFX <导出文件名> [Java Runtime的目录]
备注:
      KeyStore文件:指Tomcat保存SSL证书的文件
      KeyStore密码:KeyStore文件对应的密码
      Alias别名:  生成证书CSR时,所起的Alias别名
      导出文件名: 准备导出的文件名称 (不要带扩展名)
      Java Runtime的目录(可选): 指包含Java.exe和keytool.exe的目录,如:

JKS2PFX.bat local.store 123456789  microsoft.com  aaa

验证是否可用

自定义的nginx配置文件如下 

events {
  use epoll;
  worker_connections  4096;  ## Default: 1024
}
http
{
 
server {
   listen 443 ssl;
 ssl_certificate    /usr/share/nginx/aaa.crt;
   ssl_certificate_key    /usr/share/nginx/aaa.key;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=31536000";
 index index.php index.html index.htm default.php default.htm default.html;
    root /tmp/aaa;
 
 location /js{
    proxy_pass https://www.bt.cn/;
    proxy_set_header Host www.bt.cn;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header REMOTE-HOST $remote_addr;
    
    add_header X-Cache $upstream_cache_status;
    
    #Set Nginx Cache
    
     add_header Cache-Control no-cache;
 }
    location / {
        rewrite ^/ https://www.baidu.com/;
      }

}

}

测试进行访问

如果觉得我的文章对您有用,请随意打赏。您的支持将鼓励我继续创作!

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注

更多阅读
标签云
Apache2.4.50 Apache ShenYu APISIX APISIX Dashboard cc5 CNVD-2021-49104 CNVD-2022-60632 CobaltStrike CobaltStrike xss CommonsCollections5 Confluence CVE-2021-26084 CVE-2017-18349 CVE-2021-4034 CVE-2021-37580 CVE-2021-41277 CVE-2021-41773 cve-2021-42013 CVE-2021-43798 CVE-2021-44228 CVE-2021-45232 CVE-2021-45232 RCE CVE-2022-22954 CVE-2022-22965 CVE-2022-39197 CVE-2023-28432 Django E-Office grafana keytool store log4j2 MetaBase ONE Access python python爬虫 socks5 socks5搜索 store 证书转换成nginx VMware Workspace ONE Access ysoserial 代理池工具 宝塔面板 泛微 畅捷通 畅捷通漏洞 通达OA