Tomcat 6
1、生成keystore文件
cmd到jdk的bin目录下执行下面命令 生成名称为test的keystore文件keytool -genkey -alias test.keystore -keyalg RSA -validity 36500 -keystore d:/test.keystore
validity 36500:有效时长100年
过程中需要两次输入密码 这里我都是123456
将d盘下的test.keystore文件拷贝到服务部署的tomcat路径中
如:D:\tomcat\apache-tomcat-6.0.48-73j-aj-selfservice\conf\test.keystore
2、配置server.xml
找到以下配置,tomcat 默认是注释掉不支持的,放开注释并加上keystoreFile、keystorePass属性
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<Connector SSLEnabled="true" clientAuth="false" maxThreads="150" port="8443"
protocol="HTTP/1.1" scheme="https" secure="true"
keystoreFile="D:\tomcat\apache-tomcat-6.0.48-73j-aj-selfservice\conf\test.keystore"
keystorePass="123456"
sslProtocol="TLS"/>
3、启动服务 访问 https://127.0.0.1:8443/
Tomcat 9:
1、生成.jks文件
keytool -genkey -keyalg RSA -keysize 1024 -validity 365 -dname "CN=spdb, OU=spdb,O=spdb, L=shanghai, ST=shanghai, C=CN" -alias csii_key -keypass 123456 -keystore csii.jks -storepass 123456
注:keypass、storepass 保持一致使用了123456 否则可能会抛出
Java.security.UnrecoverableKeyException: Cannot recover key
2、配置server.xml
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/csii.jks"
type="RSA" certificateKeyAlias="csii_key" certificateKeystorePassword="123456"/>
</SSLHostConfig>
</Connector>
3、启动服务 访问 https://127.0.0.1:8443/