1. 让tomcat支持HTTPS协议
第一步:使用JDK自带的工具(KEYTOOL.EXE)生成证书
cmd>keytool -genkey -alias tomcat -keyalg RSA -keystore c:/mrj 输入相应资料即可
第二步:修改SERVICE.XML文件
在文件里面找到关于SSL定义的地方,于下面加入如下配置
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="C:\mrj" keystorePass="passwor"/>
其中 keystoreFile为生成的证书地址;keystorePass为证书密码
第三步:启动TOMCAT,在地址栏输入:https://localhost:8443查看效果
2. 导入由机构颁发的信任的证书
根据jdk keytool 命令生成证书
1、keytool -genkey -alias tomcat -keyalg RSA -keysize 1024 -dname "CN=ccjk.petrochina,OU=bj,S=bj,C=CN" -keypass 123123123 -validity 3650 -keystore c:\ca\tomcat.keystore -storepass 1123123、
导出证书请求,将csr的文件提供给某机构如CA
2、keytool -certreq -keyalg RSA -alias tomcat -keystore F:\stall\apache-tomcat-6.0.20\apache-tomcat-6.0.20\keystore
-storepass huoying -file C:\Users\Administrator\Desktop\car.csr
-----BEGIN NEW CERTIFICATE REQUEST-----
MIIBpTCCAQ4CAQAwZTELMAkGA1UEBhMCQ04xDzANBgNVBAgTBmJlamluZzERMA8GA1UEBwwIXWhh
aWRpYW4xDDAKBgNVBAoTA3dlYjETMBEGA1UECxMKd29uZGVyc29mdDEPMA0GA1UEAwwGd2FuZ2hd
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNfVz87aoUnyicR3a9rpKt7oIMSV1VuDJVOfzJ
WX+1VX2MG7PCLzD8nK5h5mq7b8QlYJ+mbq8EQxlOF5mZY2Y9JCDgfCsyLCLvni6Js1Y4hjuL1Vkj
ymBEOj67W+t3+Vjfo+lbYi+Y5/fyiNJaHYmTx4LfbWUm+h2jiZTWoR/aDQIDAQABoAAwDQYJKoZI
hvcNAQEFBQADgYEAO6SCgvSo4JQaWztkhd2OiQaD6pVZbtj6KboK38lSwQydwjsonVr3T8E4429d
bqCo9C3WqhBJjjsCiwiAs1QU01wG+TPGfeZrT1V02Q9K43auMarZkp9goB3Js9lEbXD4oOrWIpjz
/GZf/bntxPThHfG2ADE/FAhqr24aIRZHD34=
-----END NEW CERTIFICATE REQUEST-----
3、通过IAM生成的sign.cer、root.cer、sub_root.cer
4、keytool -import -v -trustcacerts -alias root -file c:\ca\root.cer -keystore c:\ca\tomcat.keystore
5、keytool -import -v -trustcacerts -alias subroot -file c:\ca\sub_root.cer -keystore c:\ca\tomcat.keystore
6、keytool -import -trustcacerts -alias tomcat -file c:\ca\sign.cer -keystore c:\ca\tomcat.keystore -storepass 123456
7、修改tomcat的conf/server.xml
8、重启tomcat