以Verisign 测试证书为例
1.创建一个本地证书:
keytool -genkey -alias tomcat -keyalg RSA -keystore keystore.jks
查看证书
keytool -list -keystore keystore
2.然后创建CSR
keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore keystore
3.从你获得证书的CA测试服务器证书
https://ssl-certificate-center.verisign.com/process/retail/trial_initial?application_locale=VRSN_US&tid=symc_vrsn_ssl_try
申请30天试用版本的
4.将verisgin回复的email中的
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIQFYfO6++nqUSJvu2NlEmofzANBgkqhkiG9w0BAQUFADCB
yzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTAwLgYDVQQL
EydGb3IgVGVzdCBQdXJwb3NlcyBPbmx5LiAgTm8gYXNzdXJhbmNlcy4xQjBABgNV
BAsTOVRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vY3Bz
L3Rlc3RjYSAoYykwOTEtMCsGA1UEAxMkVmVyaVNpZ24gVHJpYWwgU2VjdXJlIFNl
cnZlciBDQSAtIEcyMB4XDTE0MTAxMDAwMDAwMFoXDTE0MTEwOTIzNTk1OVowaDEL
MAkGA1UEBhMCQ04xDjAMBgNVBAgTBWdhbnN1MRAwDgYDVQQHFAdsYW56aG91MQ8w
DQYDVQQKFAZ3YW53ZWkxDzANBgNVBAsUBndhbndlaTEVMBMGA1UEAxQMd3d3LmN0
bm1hLmNuMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyy9GAht9Lp0k
7cexIZ/6MYjgwOxhVDKQD+55EtqUX1brrrrweryKoJPPsEBgK1grnwhS7CXkpDZH
E/sYHwcHW4Dt6AH/in5CQLHb8RqcsUy8EhLkK/uIUB9Kqi0zKaeN8Xk4PunbuURB
z9GKGJqBokzlWIUtoCDmmwupd2dIqyxDjMFP/8V+j+O2NNZegJ9uBI8A/+r1Zy7r
nZ5/KYUJAD8/96uRkgBwf2UNujmOS1FgYyCTMjdylMntdyezmeGYDIK3wx8GQDF2
EtSbX5A0peG0TqTvFk/+hJY1MSsjBnfUvwHDsvGeadHH7PSSVyVjR2SsKOqjJaK5
GwyrFfNmZwIDAQABo4IBRDCCAUAwFwYDVR0RBBAwDoIMd3d3LmN0bm1hLmNuMAkG
A1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6
Ly9zcS5zeW1jYi5jb20vc3EuY3JsMGUGA1UdIAReMFwwWgYdfIZIAYb4RQEHFTBM
MCMGCCsGAQUFBwIBFhdodHRwczovL2Quc3ltY22uY29tL2NwczAlBggrBgEFBQcC
AjAZDBdodHRwczovL2Quc3ltY2IuY29tL3JwYTAdBgNVHSUEFjAUBggrBgEFBQcD
AQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAUKBcTir3WorXcBiy3to7aEGZgbuUwNgYI
KwYBBQUHAQEEKjAoMCYGCCsGAQUFBzAChhpodHRwOi8vc3Euc3ltY2IuY29tL3Nx
LmNydDANBgkqhkiG9w0BAQUFAAOCAQEAiM1FxkcZQZcu6324Y1kDV0DohqNnmM1R
2R2TXcBjEjrAiclTaCnF5oVmfd/TLa+6chfIQ28EumlSwAL6c2UAWGyONzIeoBMj
DQJk9ZuJAdiMYEI4uxGobgkpt/O2BPOYMtO/Bm7x/dzy6/7tsC7cqQmuyvrXWU9s
6WOnH+Hvgd+0qSgO7CvuHMAVIP8Ds0Ipw3gaWVnKsjQkxrd0CLafa4mjphdy1QqO
7ltUWPYhRzcX24PUsTP6R/Iy+dxlaK5+tysLdQOZYAdrUSyvbai/EpeOhUOsAAWL
vCA223uW1CdOCpk1RIsjDzCYiy03DOOFhG2GbFjMubHPARiIokBS1A==
-----END CERTIFICATE-----
如下内容保存成tomcat.cer
5.下载testvtn.rar中的根证书和中级证书,解压后准备导入,地址如下
http://www.itrus.com.cn/verisignchina/Service/soft/testvtn.rar
6.导入root根证书
keytool -import -trustcacerts -alias root -file root.crt -keystore keystore
7.导入中级证书
keytool -import -trustcacerts -alias intermediate -file intermediate.cer -keystore keystore
8.导入申请的服务器签名证书
keytool -import -trustcacerts -alias tomcat -file tomcat.crt -keystore keystore
9.修改Tomcat的配置文件server.xml
<Connector port="8082" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
connectionTimeout="40000"
redirectPort="8443"
URIEncoding="UTF-8"
scheme="https" secure="true" clientAuth="false"
keystoreFile="C:\keystore.jks" keystorePass="123456" keyAlias="tomcat"
sslProtocol = "TLS"/>
9.为IE浏览器安装测试根证书:
双击root.cer,安装测试根证书
10.完成,在浏览器中测试