#使用jdk执行,生成keystore密钥对
keytool -genkeypair -alias dxxvue -keyalg RSA -keysize 2048 -validity 3650 -keypass 123456 -storepass 123456 -keystore D://workapp//apache-tomcat-8.5.23ori//ssl//dxxvuekeystore.keystore
#把jks证书转换为p12格式证书
keytool -importkeystore -srckeystore D:\workapp\apache-tomcat-8.5.23ori\ssl\dxxvuekeystore.keystore -destkeystore D:\workapp\apache-tomcat-8.5.23ori\ssl\dxxvuekeystore.p12 -srcstoretype JKS -deststoretype PKCS12
#导出 cer证书
keytool -exportcert -file D:\workapp\apache-tomcat-8.5.23ori\ssl\dxxvueserver.cer -alias dxxvue -keystore D://workapp//apache-tomcat-8.5.23ori//ssl//dxxvuekeystore.keystore -storepass 123456
#以下需安装openssl, 并打开openssl命令窗口
#windows下载链接 http://slproweb.com/products/Win32OpenSSL.html
#将cer格式证书转pem格式
x509 -inform der -in D:\workapp\apache-tomcat-8.5.23ori\ssl\dxxvueserver.cer -out D:\workapp\apache-tomcat-8.5.23ori\ssl\dxxvueserver.pem
#提取私钥
pkcs12 -nocerts -nodes -in D:\workapp\apache-tomcat-8.5.23ori\ssl\dxxvuekeystore.p12 -out D:\workapp\apache-tomcat-8.5.23ori\ssl\dxxvueserver.key
#配置nginx
server {
listen 8003 ssl;
ssl_certificate cert/dxxvueserver.pem;
ssl_certificate_key cert/dxxvueserver.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
...略