1.使用keytool生成根证书
1.1.查看jre信任的证书
(1)查看jre中所有信任的证书信息
keytool -list -keystore %JAVA_HOME%/jre/lib/security/cacerts -storepass changeit
(2)查看别名为root的证书信息
keytool -v -list -alias root -keystore %JAVA_HOME%/jre/lib/security/cacerts -storepass changeit
1.2.删除jre中别名为root的证书
keytool -delete -alias root -keystore %JAVA_HOME%/jre/lib/security/cacerts -storepass changeit
1.3.开始生成根证书
确认jre中不存在别名为root的证书之后,我们开始生成根证书。
(1)生成密钥库文件root.keystore
keytool -genkey -keyalg RSA -alias root -dname " CN=localhost, OU=javaeeOU, O=javaee, L=GuangZhou, ST=GuangDong, C=CN" -storepass changeit -keystore root.keystore
使用默认密码,直接回车。
(2)导出别名为root的证书,证书名root.crt
keytool -export -alias root -file root.crt -storepass changeit -keystore root.keystore
(3)将证书导入到jre信任证书库中
keytool -import -alias root -file root.crt -keystore %JAVA_HOME%/jre/lib/security/cacerts -storepass changeit
(4)查看别名为root的证书信息,确认成功导入到jre信任证书库中
keytool -v -list -alias root -keystore %JAVA_HOME%/jre/lib/security/cacerts -storepass changeit
2.启用HTTPS
2.1.在Tomcat中启用HTTPS配置
打开Tomcat目录下的conf/server.xml文件,添加Connector代码如下:
- <span style="font-size: small;"><Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
- maxThreads="150" minSpareThreads="2" maxSpareThreads="10"
- scheme="https" secure="true"
- clientAuth="false" sslProtocol="TLS"
- keystoreFile="conf/root.keystore" keystorePass="changeit"
- truststoreFile="E:/DevelopTools/JDK/jdk1.5.0_10/jre/lib/security/cacerts" /></span>