1.创建服务器KeyStore。
keytool -genkey -alias server_jks_cennavi -keyalg RSA -keypass 123456 -storepass 123456 -keystore server.jks -validity 3650
2.导出服务端证书
keytool -export -trustcacerts -alias server_jks_cennavi -file server.cer -keystore server.jks -storepass 123456
3创建客户端keystore
keytool -genkey -alias client_p12_cennavi -keyalg RSA -keypass 123456 -storepass 123456 -keystore client.p12 -validity 3650 -storetype PKCS12
4.导出客户端证书
keytool -export -trustcacerts -alias client_p12_cennavi -file client.cer -keystore client.p12 -storepass 123456 -storetype PKCS12
5.客户端导入服务器证书
keytool -import -trustcacerts -alias client_p12_cennavi -file client.cer -keystore server.jks
6.服务器导入客户端证书
keytool -import -trustcacerts -alias server_jks_cennavi -file server.cer -keystore client.jks
7.配置tomcat conf/server.xml
搜索prot="8443"取消注释
<Connector port="8443"
protocol="HTTP/1.1"
enableLookups="true"
disableUploadTimeout="true"
acceptCount="100"
maxThreads="150"
scheme="https"
secure="true"
SSLEnabled="true"
clientAuth="true"
sslProtocol="TLS"
keystoreFile="E:\javaweb\.metadata\.me_tcat\server.jks" keystorePass="123456"
truststoreFile="E:\javaweb\.metadata\.me_tcat\server.jks" truststorePass="123456"
/>