版本:tomcat8,jdk1.7
1.制作jks
#产生keystore
keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore www.myweb.cn.jks -storepass password -keypass password -validit
y 3650
#产生csr
keytool -certreq -alias server -sigalg SHA256withRSA -file certreq.csr -keystore www.myweb.cn.jks -keypass password -storepass password -dname "CN=192.168.100.100,ST=Beijing,L=Beijing,OU=Test,O=Test Trust Network,C=CN"
#将csr提交给第三方CA签发服务器证书,保存为www.myweb.cn.cer
#导入服务器证书的根证书
keytool -import -alias root -keystore www.myweb.cn.jks -trustcacerts -storepass password -file root.cer
#导入服务器证书
keytool -import -alias server -keystore www.myweb.cn.jks -trustcacerts -storepass password -file www.myweb.cn.cer
#查看一下
keytool -list -v -keystore www.myweb.cn.jks -storepass password
2.修改tomcat/conf/server.xml:
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="conf/cert/www.myweb.cn.jks" keystorePass="password"
clientAuth="false" sslProtocol="TLS"/>
3.测试: https://www.myweb.cn:8443/