生成key
将key导出到证书
将证数导入到Java信任证书列表
Tomcat 5.5 server.xml 增加以下配置:
Tomcat 6.0
[code]
keytool -genkey -alias tomcat -keyalg RSA -keypass changeit -storepass changeit -keystore server.keystore -validity 3600
keytool -export -trustcacerts -alias tomcat -file server.cer -keystore server.keystore -storepass changeit
keytool -import -trustcacerts -alias tomcat -file server.cer -keystore %JAVA_HOME%/jre/lib/security/cacerts -storepass changeit
[/code]
如果系统的jre中已经有个叫tomcat的证书,则要先删除之。
[code]
keytool -delete -alias tomcat -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit
[/code]
修改apache-tomcat-6.0.20/conf/server.xml,此处注意keystoreFile的路径。
[code]
<Connector protocol="HTTP/1.1"
port="8443" enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="conf/server.keystore"
keystorePass="changeit"/>
[/code]
keytool -genkey -alias tomcat -keyalg RSA -keypass mypwd -storepass mypwd -keystore server.keystore -validity 3600
将key导出到证书
keytool -export -trustcacerts -alias tomcat -file server.cer -keystore server.keystore -storepass mypwd
将证数导入到Java信任证书列表
keytool -import -trustcacerts -alias tomcat -file server.cer -keystore %JAVA_HOME%/jre/lib/security/cacerts -storepass mypwd
Tomcat 5.5 server.xml 增加以下配置:
<Connector protocol="org.apache.coyote.http11.Http11Protocol"
port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="server.keystore"
keystorePass="mypwd" />
Tomcat 6.0
[code]
keytool -genkey -alias tomcat -keyalg RSA -keypass changeit -storepass changeit -keystore server.keystore -validity 3600
keytool -export -trustcacerts -alias tomcat -file server.cer -keystore server.keystore -storepass changeit
keytool -import -trustcacerts -alias tomcat -file server.cer -keystore %JAVA_HOME%/jre/lib/security/cacerts -storepass changeit
[/code]
如果系统的jre中已经有个叫tomcat的证书,则要先删除之。
[code]
keytool -delete -alias tomcat -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit
[/code]
修改apache-tomcat-6.0.20/conf/server.xml,此处注意keystoreFile的路径。
[code]
<Connector protocol="HTTP/1.1"
port="8443" enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="conf/server.keystore"
keystorePass="changeit"/>
[/code]