在 TOMCAT 下配置 SSL
1、生成keystore
D:/tools/j2sdk1.4.2_10/bin/keytool -genkey -alias tomcat -keyalg RSA -keysize 1024 -validity 365 -keystore tomcat.keystore
2、配置 server.xml
<Connector port="10443"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="tomcat.keystore" keystorePass="ADMIN" URIEncoding="GBK"/>
3、测试连接
4、附 keytool 用法:
-certreq [-v] [-protected]
[-alias ] [-sigalg ]
[-file ] [-keypass ]
[-keystore ] [-storepass ]
[-storetype ] [-providerName ]
[-providerClass [-providerArg ]] ...
-delete [-v] [-protected] -alias
[-keystore ] [-storepass ]
[-storetype ] [-providerName ]
[-providerClass [-providerArg ]] ...
-export [-v] [-rfc] [-protected]
[-alias ] [-file ]
[-keystore ] [-storepass ]
[-storetype ] [-providerName ]
[-providerClass [-providerArg ]] ...
-genkey [-v] [-protected]
[-alias ]
[-keyalg ] [-keysize ]
[-sigalg ] [-dname ]
[-validity ] [-keypass ]
[-keystore ] [-storepass ]
[-storetype ] [-providerName ]
[-providerClass [-providerArg ]] ...
-help
-identitydb [-v] [-protected]
[-file ]
[-keystore ] [-storepass ]
[-storetype ] [-providerName ]
[-providerClass [-providerArg ]] ...
-import [-v] [-noprompt] [-trustcacerts] [-protected]
[-alias ]
[-file ] [-keypass ]
[-keystore ] [-storepass ]
[-storetype ] [-providerName ]
[-providerClass [-providerArg ]] ...
-keyclone [-v] [-protected]
[-alias ] -dest
[-keypass ] [-new ]
[-keystore ] [-storepass ]
[-storetype ] [-providerName ]
[-providerClass [-providerArg ]] ...
-keypasswd [-v] [-alias ]
[-keypass ] [-new ]
[-keystore ] [-storepass ]
[-storetype ] [-providerName ]
[-providerClass [-providerArg ]] ...
-list [-v | -rfc] [-protected]
[-alias ]
[-keystore ] [-storepass ]
[-storetype ] [-providerName ]
[-providerClass [-providerArg ]] ...
-printcert [-v] [-file ]
-selfcert [-v] [-protected]
[-alias ]
[-dname ] [-validity ]
[-keypass ] [-sigalg ]
[-keystore ] [-storepass ]
[-storetype ] [-providerName ]
[-providerClass [-providerArg ]] ...
-storepasswd [-v] [-new ]
[-keystore ] [-storepass ]
[-storetype ] [-providerName ]
[-providerClass [-providerArg ]] ...
keytool -genkey -alias XXXGameServer -keystore X
XXserver.keystore -keyalg RSA
输入keystore密码: mykey
您的名字与姓氏是什么?
[Unknown]: XXXgame
您的组织单位名称是什么?
[Unknown]: XXX
您的组织名称是什么?
[Unknown]: gameXXX
您所在的城市或区域名称是什么?
[Unknown]: chongqing
您所在的州或省份名称是什么?
[Unknown]: cn
该单位的两字母国家代码是什么
[Unknown]: cn
CN=XXXgame, OU=XXX, O=gameXXX, L=chongqing, ST=cn, C=cn 正确吗?
[否]: n
您的名字与姓氏是什么?
[XXXgame]:
您的组织单位名称是什么?
[XXX]:
您的组织名称是什么?
[gameXXX]:
您所在的城市或区域名称是什么?
[chongqing]:
您所在的州或省份名称是什么?
[cn]: chongqing
该单位的两字母国家代码是什么
[cn]:
CN=XXXgame, OU=XXX, O=gameXXX, L=chongqing, ST=chongqing, C=cn 正确吗?
[否]: y
输入的主密码
(如果和 keystore 密码相同,按回车):
keytool -export -alias XXXGameServerPublicKey -f
ile XXXGamePublicKey.cer -keystore XXXserver.keystore
输入keystore密码: mykey
keytool错误: java.lang.Exception: 别名 不存在
keytool -export -alias XXXGameServer -file XXXGa
mePublicKey.cer -keystore XXXserver.keystore
输入keystore密码: mykey
保存在文件中的认证
keytool -genkey -alias gsClient -keystore gsClie
nt.keystore -keyalg RSA
输入keystore密码: mykey
您的名字与姓氏是什么?
[Unknown]: gs
您的组织单位名称是什么?
[Unknown]: ccstudio
您的组织名称是什么?
[Unknown]: ccstudio
您所在的城市或区域名称是什么?
[Unknown]: chongqing
您所在的州或省份名称是什么?
[Unknown]: chongqing
该单位的两字母国家代码是什么
[Unknown]: cn
CN=gs, OU=ccstudio, O=ccstudio, L=chongqing, ST=chongqing, C=cn 正确吗?
[否]: y
输入的主密码
(如果和 keystore 密码相同,按回车):
keytool -export -alias gsClient -file gsClientPu
blicKey.cer -keystore gsClient.keystore
输入keystore密码: mykey
保存在文件中的认证
keytool -import -file XXXGamePublicKey.cer -keys
tore gsClient.truststore -alias XXX -noprompt
输入keystore密码: mykey
认证已添加至keystore中
keytool -import -file gsClientPublicKey.cer -key
store XXXserver.truststore -alias ccstudio -noprompt
输入keystore密码: mykey
认证已添加至keystore中