1.创建自签名证书
(1)使用JDK自带的keytool创建自签名证书。
keytool -selfcert -alias myself -keystore myselfstore -keypass myselfstore
(3)查看myselfstore中的公钥密钥对
keytool -list -keystore myselfstore
(4)验证成功后导出证书
keytool -export -alias myself -file test.cert -keystore myselfstore
2,配置Tomcat HTTPS
(1)将keystore文件部署到"$TOMECAT_HOME/conf"目录下
(2)将导出的证书文件部署到"$TOMCAT_HOME/webapps/ssl目录下
(3)在$TOMCAT_HOME/conf/server.xml文件中增加https-ssl对应的Connector配置
<Connector SSLEnabled="true" URIEncoding="UTF-8"
acceptCount="100" clientAuth="false" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="8443" scheme="https" secure="true" sslProtocol="TLS" keystoreFile="${catalina.home}/conf/myselfstore" keystorePass="myselfstorepass"/>
其中:
keystoreFile为“myselfstore”文件所在的路径。
keystorePass为创建“myselfstore”的密码
3.导入test.cert证书到密钥库myselfstore
keytool -import -alias newimporcert -file test.cert -keystore myselfstore
(1)使用JDK自带的keytool创建自签名证书。
keytool -selfcert -alias myself -keystore myselfstore -keypass myselfstore
(3)查看myselfstore中的公钥密钥对
keytool -list -keystore myselfstore
(4)验证成功后导出证书
keytool -export -alias myself -file test.cert -keystore myselfstore
2,配置Tomcat HTTPS
(1)将keystore文件部署到"$TOMECAT_HOME/conf"目录下
(2)将导出的证书文件部署到"$TOMCAT_HOME/webapps/ssl目录下
(3)在$TOMCAT_HOME/conf/server.xml文件中增加https-ssl对应的Connector配置
<Connector SSLEnabled="true" URIEncoding="UTF-8"
acceptCount="100" clientAuth="false" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="8443" scheme="https" secure="true" sslProtocol="TLS" keystoreFile="${catalina.home}/conf/myselfstore" keystorePass="myselfstorepass"/>
其中:
keystoreFile为“myselfstore”文件所在的路径。
keystorePass为创建“myselfstore”的密码
3.导入test.cert证书到密钥库myselfstore
keytool -import -alias newimporcert -file test.cert -keystore myselfstore