jdk安装目录
D:\Program Files\Java\jdk1.8.0_121\
进入jdk的bin目录
d:
cd D:\Program Files\Java\jdk1.8.0_121\bin
生成keystore文件,文件路径:D:\Program Files\Java\jdk1.8.0_121\bin\testhttps.keystore
D:\Program Files\Java\jdk1.8.0_121\bin>keytool -genkey -alias testhttps -keystore testhttps.keystore -keyalg RSA
输入密钥库口令:testhttps
再次输入新口令:testhttps
您的名字与姓氏是什么?
[Unknown]: Yin
您的组织单位名称是什么?
[Unknown]: Test
您的组织名称是什么?
[Unknown]: Test
您所在的城市或区域名称是什么?
[Unknown]: BeiJing
您所在的省/市/自治区名称是什么?
[Unknown]: BeiJing
该单位的双字母国家/地区代码是什么?
[Unknown]: BJ
CN=Yin, OU=Test, O=Test, L=BeiJing, ST=BeiJing, C=BJ是否正确?
[否]: Y
输入 <testhttps> 的密钥口令
(如果和密钥库口令相同, 按回车):testhttps
再次输入新口令:testhttps
查看生成的keystore内容
D:\Program Files\Java\jdk1.8.0_121\bin>keytool -list -v -keystore testhttps.keystore
输入密钥库口令:testhttps
密钥库类型: JKS
密钥库提供方: SUN
您的密钥库包含 1 个条目
别名: testhttps
创建日期: 2020-9-21
条目类型: PrivateKeyEntry
证书链长度: 1
证书[1]:
所有者: CN=Yin, OU=Test, O=Test, L=BeiJing, ST=BeiJing, C=BJ
发布者: CN=Yin, OU=Test, O=Test, L=BeiJing, ST=BeiJing, C=BJ
序列号: 56f21d17
有效期开始日期: Mon Sep 21 14:49:04 CST 2020, 截止日期: Sun Dec 20 14:49:04 CST 2020
证书指纹:
MD5: 77:56:49:8D:C1:F2:B2:AB:7A:F7:26:D4:FE:76:51:2E
SHA1: 64:8D:9C:6D:3D:1C:CF:66:98:12:F0:6F:F4:A6:D0:B8:51:F4:EB:7E
SHA256: 9F:C6:09:9F:A5:ED:CD:26:B2:5E:34:01:AD:E8:E5:A5:C4:5D:ED:13:89:D4:73:55:EB:CA:78:E3:EC:A9:1D:A4
签名算法名称: SHA256withRSA
版本: 3
扩展:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 65 3B BB 49 9F 3A 12 EA AA 00 A7 60 19 45 16 D8 e;.I.:.....`.E..
0010: 53 5C CD 53 S\.S
]
]
*******************************************
*******************************************
根据keystore生成cer文件,文件路径:D:\Program Files\Java\jdk1.8.0_121\bin\testhttps.cer
D:\Program Files\Java\jdk1.8.0_121\bin>keytool -export -alias testhttps -keystore testhttps.keystore -rfc -file testhttps.cer
输入密钥库口令:testhttps
存储在文件 <testhttps.cer> 中的证书
添加cer文件到jdk中,会生成一个cacerts文件,需要先把D:\Program Files\Java\jdk1.8.0_121\jre\lib\security\cacerts文件删掉
,文件路径:D:\Program Files\Java\jdk1.8.0_121\bin\cacerts
D:\Program Files\Java\jdk1.8.0_121\bin>keytool -import -alias testhttps -file testhttps.cer -noprompt -trustcacerts -storetype jks -keystore cacerts -storepass testhttps
证书已添加到密钥库中
修改Tomcat的conf目录下的server.xml文件
<?xml version="1.0" encoding="UTF-8"?>
<Server port="8955" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener"/>
<Listener SSLEngine="on" className="org.apache.catalina.core.AprLifecycleListener"/>
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>
<GlobalNamingResources>
<Resource auth="Container" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" name="UserDatabase" pathname="conf/tomcat-users.xml" type="org.apache.catalina.UserDatabase"/>
</GlobalNamingResources>
<Service name="Catalina">
<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>
<Connector SSLEnabled="true" clientAuth="false" keystoreFile="D:\Program Files\Java\jdk1.8.0_121\bin\testhttps.keystore" keystorePass="testhttps" maxThreads="150" port="8443" protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="TLS"/>
<Connector port="8959" protocol="AJP/1.3" redirectPort="8443"/>
<Engine defaultHost="localhost" name="Catalina">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log" suffix=".txt" pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
创建测试项目
C:\Users\administrator>d:
d:\>cd d:\apache-tomcat-8.5.34-https\webapps
d:\apache-tomcat-8.5.34-https\webapps>md test
d:\apache-tomcat-8.5.34-https\webapps>cd test
d:\apache-tomcat-8.5.34-https\webapps\test>type nul>hello.html
d:\apache-tomcat-8.5.34-https\webapps\test>echo hello world >> hello.html
d:\apache-tomcat-8.5.34-https\webapps\test>cd ..\..\bin
d:\apache-tomcat-8.5.34-https\bin>startup.bat
验证tomcat配置https是否成功
浏览器访问https://127.0.0.1:8443/test/hello.html
页面输出hello world就成了