D:\java\jdk1.8.0_71\bin\keytool.exe
服务器生成证书
keytool -genkey -alias tomcat -keypass 123456 -keyalg RSA -keysize 2048 -validity 3650 -keystore D:/keys/tomcat.keystore -storepass 123456
localhost 123456 crb
客户端生成证书
keytool -genkey -alias client1 -keypass 123456 -keyalg RSA -keysize 2048 -validity 3650 -storetype PKCS12 -keystore D:/keys/client1.p12 -storepass 123456
localhost 123456 limy
让服务器信任客户端证书
keytool -export -alias client1 -keystore D:/keys/client1.p12 -storetype PKCS12 -keypass 123456 -file D:/keys/client.cer
将该文件导入到服务器的证书库,添加为一个信任证书:
keytool -import -v -file D:/keys/client.cer -keystore D:/keys/tomcat.keystore -storepass 123456
完成之后通过list命令查看服务器的证书库
keytool -list -v -keystore D:/keys/tomcat.keystore
让客户端信任服务器证书
keytool -keystore D:/keys/tomcat.keystore -export -file D:/keys/server.cer