<span>第一步</span><span>(</span><span>不是必须</span><span>) </span><span>删除已经存在的服务器端证书</span><span> <br></span><span>如果</span><span>jre</span><span>目录下已经存在</span><span> </span><span>服务器证书</span><span> </span><span>需呀删除证书</span><span> <br></span><span>输入如下命令删除</span><span> </span><span>指定别名</span><span>yanjzkey</span><span>的证书</span><span> <br>*/</span><span> <br></span>[b]<span>%java_home%/bin/keytool -delete -alias yanjzkey -keypass changeit -keystore %java_home%/jre/lib/security/cacerts </span>[/b]
[b]</strong>
<span><span>第二步</span><span> </span><span>生成服务端证书</span><span> <br></span><span>输入如下命令</span><span> </span><span>在当前目录中</span><span> </span><span>生成服务端证书</span><span>tomcat.jks </span></span>
<span><span>注意:</span><span> <br> 1.</span><span>密码随意输入,比如</span><span>:111111 <br> 2.</span><span>要求输入姓名时,需要输入作为</span><span>casserver</span><span>的机器的域名,没有域的话</span><span> </span><span>输入机器名</span><span> <br> 3. </span><span style="color: #000000;"><span>-validity 3650 </span><span>有效期</span><span>10</span><span>年</span></span><span><br>*/</span><span><span style="color: #000000;"> <br></span>[b]%java_home%/bin/keytool -genkey –alias –dname "cn=localhost" casserver -keyalg rsa -keystore tomcat.jks [/b]</span><span>[b]-validity 3650[/b]</span></span>
<span><span></span></span>
<span style="color: #000000;"><span><span>第三步</span><span> </span><span>导出证书</span><span> <br> </span><span>输入如下命令</span><span> </span><span>在当前目录中</span><span> </span><span>导出证书</span><span>cas.cer </span></span></span>
<span style="color: #000000;"><span>[b]<span>注意:</span><span>cas.cer</span><span>和</span><span>tomcat.jks</span><span>的名字都可以改变自定义(在此不要切换目录导出)</span>[/b]<span><br></span><span>[b]%java_home%/bin/keytool -export -file cas.cer -alias casserver -keystore tomcat.jks[/b]</span></span></span>
<span style="color: #000000;"><span><span>[b][/b]</span></span></span>
<span style="color: #000000;"><span><span></span></span></span>
<span lang="en-us"><span lang="en-us"><span style="color: #000000;"></span></span></span>
<span lang="en-us"><span lang="en-us"><span><span style="color: #000000;"><span>第四步</span><span lang="en-us"> </span><span>将证书导入到</span><span lang="en-us"> jre/lib/security</span><span>的</span><span lang="en-us">cacerts</span><span>中</span><span lang="en-us"> <br></span><span>注意:</span><span lang="en-us"> <br> 1.</span><span>此时输入的密码是</span><span lang="en-us">changeit ,</span><span>而不是之前的</span><span lang="en-us">111111 <br>*/</span><span lang="en-us"><span style="color: #000000;"> <br></span></span>[b]<span lang="en-us">%java_home%/bin/keytool -import -keystore %java_home%/jre/lib/security/cacerts -file cas.cer -alias yanjzkey </span>[/b]</span></span></span></span>
<span style="color: #000000;"><span><p>
</span></span>
<span style="color: #000000;">
</span>
<span><span><span>第五步</span><span lang="en-us"> </span><span>查询证书导入到</span><span lang="en-us"> jre/lib/security</span><span>的</span><span lang="en-us">cacerts</span><span>中证书确认</span><span lang="en-us"> <br>*/</span><span lang="en-us"><span style="color: #000000;"> <br>%java_home%/bin/keytool -list -v -keystore %java_home%/jre/lib/security/cacerts</span></span></span></span>
<strong>tomcat[/b] server.xml
<span style="white-space: pre;"> </span> <connector
port="8443" minsparethreads="5" maxsparethreads="75"
enablelookups="true" disableuploadtimeout="true"
acceptcount="100" maxthreads="200"
scheme="https" secure="true" sslenabled="true"
keystorefile="c:\tomcat.jks" keystorepass="111111"
clientauth="false" sslprotocol="tls"/>
[b]</strong>
<span><span>第二步</span><span> </span><span>生成服务端证书</span><span> <br></span><span>输入如下命令</span><span> </span><span>在当前目录中</span><span> </span><span>生成服务端证书</span><span>tomcat.jks </span></span>
<span><span>注意:</span><span> <br> 1.</span><span>密码随意输入,比如</span><span>:111111 <br> 2.</span><span>要求输入姓名时,需要输入作为</span><span>casserver</span><span>的机器的域名,没有域的话</span><span> </span><span>输入机器名</span><span> <br> 3. </span><span style="color: #000000;"><span>-validity 3650 </span><span>有效期</span><span>10</span><span>年</span></span><span><br>*/</span><span><span style="color: #000000;"> <br></span>[b]%java_home%/bin/keytool -genkey –alias –dname "cn=localhost" casserver -keyalg rsa -keystore tomcat.jks [/b]</span><span>[b]-validity 3650[/b]</span></span>
<span><span></span></span>
<span style="color: #000000;"><span><span>第三步</span><span> </span><span>导出证书</span><span> <br> </span><span>输入如下命令</span><span> </span><span>在当前目录中</span><span> </span><span>导出证书</span><span>cas.cer </span></span></span>
<span style="color: #000000;"><span>[b]<span>注意:</span><span>cas.cer</span><span>和</span><span>tomcat.jks</span><span>的名字都可以改变自定义(在此不要切换目录导出)</span>[/b]<span><br></span><span>[b]%java_home%/bin/keytool -export -file cas.cer -alias casserver -keystore tomcat.jks[/b]</span></span></span>
<span style="color: #000000;"><span><span>[b][/b]</span></span></span>
<span style="color: #000000;"><span><span></span></span></span>
<span lang="en-us"><span lang="en-us"><span style="color: #000000;"></span></span></span>
<span lang="en-us"><span lang="en-us"><span><span style="color: #000000;"><span>第四步</span><span lang="en-us"> </span><span>将证书导入到</span><span lang="en-us"> jre/lib/security</span><span>的</span><span lang="en-us">cacerts</span><span>中</span><span lang="en-us"> <br></span><span>注意:</span><span lang="en-us"> <br> 1.</span><span>此时输入的密码是</span><span lang="en-us">changeit ,</span><span>而不是之前的</span><span lang="en-us">111111 <br>*/</span><span lang="en-us"><span style="color: #000000;"> <br></span></span>[b]<span lang="en-us">%java_home%/bin/keytool -import -keystore %java_home%/jre/lib/security/cacerts -file cas.cer -alias yanjzkey </span>[/b]</span></span></span></span>
<span style="color: #000000;"><span><p>
</span></span>
<span style="color: #000000;">
</span>
<span><span><span>第五步</span><span lang="en-us"> </span><span>查询证书导入到</span><span lang="en-us"> jre/lib/security</span><span>的</span><span lang="en-us">cacerts</span><span>中证书确认</span><span lang="en-us"> <br>*/</span><span lang="en-us"><span style="color: #000000;"> <br>%java_home%/bin/keytool -list -v -keystore %java_home%/jre/lib/security/cacerts</span></span></span></span>
<strong>tomcat[/b] server.xml
<span style="white-space: pre;"> </span> <connector
port="8443" minsparethreads="5" maxsparethreads="75"
enablelookups="true" disableuploadtimeout="true"
acceptcount="100" maxthreads="200"
scheme="https" secure="true" sslenabled="true"
keystorefile="c:\tomcat.jks" keystorepass="111111"
clientauth="false" sslprotocol="tls"/>