学着在tomcat中配置SSL 网上到处都是也不知道谁是原创了,记录一下
tomcat配置在conf/server.xml中插入
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="true" sslProtocol="TLS" keystoreFile="tomcat.keystore" keystorePass="logiscn" truststoreFile="tomcat.keystore" truststorePass="logiscn" />
生成tomcat keystore
keytool -genkey -v -alias tomcat -keyalg RSA -keystore D:/downloads/tomcat.keystore -dname "CN=192.168.1.1,OU=logiscn,O=logis,L=beijing,ST=beijing,C=CN" -validity 3650 -storepass logiscn -keypass logiscn
浏览器的keystore
keytool -genkey -v -alias tianli -keyalg RSA -storetype PKCS12 -keystore D:/downloads/p12/tianli.p12 -dname "CN=tianli,OU=logiscn,O=logis,L=beijing,ST=beijing,C=CN" -validity 3650 -storepass tianli -keypass tianli"
//导出客户端证书
keytool -export -alias tianli -keystore D:/downloads/p12/tianli.p12 -storetype PKCS12 -storepass tianli -rfc -file D:/downloads/cert/tianli.cer
生成证书,双击安装(一定要记得安装)
在tomcat keystore中添加信任
keytool -import -alias tianli -v -file D:/downloads/cert/tianli.cer -keystore D:/downloads/tomcat.keystore -storepass logiscn
输入 y
导出服务端的证书
keytool -keystore D:/downloads/tomcat.keystore -export -alias tomcat -file D:/downloads/server.cer