如何从 Java 生成、签署和导入 SSL 证书

Possible Duplicate:
Generate certificates, public and private keys with Java

I need to generate a self signed certificates at run time, sign them and import to the Java keystore. I can do this using "keytool" and "openssl" from command line in the following way:

keytool -import -alias root -keystore keystore.txt -file cacert.pem
keytool -genkey -keyalg RSA -keysize 1024 -alias www.cia.gov -keystore keystore.txt
keytool -keystore keystore.txt -certreq -alias www.cia.gov -file req.pem
openssl x509 -req -days 3650 -in req.pem -CA cacert.pem -CAkey cakey.pem -CAcreateserial -out reqsigned.pem 
keytool -import -alias www.cia.gov -keystore keystore.txt -trustcacerts  -file reqsigned.pem

I can, of course, ship my application with keytool and openssl binaries and execute the above commands from Java, but I'm looking for a cleaner approach which would allow me to do all of the above using pure Java.

Any libraries I can use ?

解决方案

Use BouncyCastle to generate certificates. I believe it also allows you to import them to Java keystore.

Also your question seems to be very similar to this one.