[root@test bin]# keytool -genkeypair -alias "anna" -keyalg "RSA" -keystore "/opt/anna.keystore"
输入密钥库口令:
再次输入新口令:
您的名字与姓氏是什么?
[Unknown]: test
您的组织单位名称是什么?
[Unknown]: test
您的组织名称是什么?
[Unknown]: test
您所在的城市或区域名称是什么?
[Unknown]: beijing
您所在的省/市/自治区名称是什么?
[Unknown]: beijing
该单位的双字母国家/地区代码是什么?
[Unknown]: china
CN=test, OU=test, O=test, L=beijing, ST=beijing, C=china是否正确?
[否]: y
输入 <anna> 的密钥口令
(如果和密钥库口令相同, 按回车):
[root@test bin]# cd /opt/
配置tomcat
<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
maxHttpHeaderSize="8192"
minSpareThreads="100"
maxSpareThreads="200"
acceptCount="1000"
maxConnections="1000"
connectionTimeout="30000"
keepAliveTimeout="15000"
maxKeepAliveRequests="1"
SSLCertificateFile="/app/tomcat_monitor/certificate/server.crt"
SSLCertificateKeyFile="/app/tomcat_monitor/certificate/server.pem"
SSLVerifyClient="optional" SSLProtocol="TLSv1"
keystoreFile="/路径/jdk生成的.keystore"
keystorePass="password"
/>
2) 生成证书:
# cd /usr/local/ssl
# openssl genrsa -des3 -out server.key 1024
# openssl req -new -key server.key -out server.csr
# cp server.key server.key.org
# openssl rsa -in server.key.org -out server.key
# openssl rsa -in server.key -out server.pem
# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
nginx 带ssl
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_modul
http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Configuration