生成证书,在IP为192.168.217.128的/data下面生成一个秘钥文件,密码为123456。IP、密码、文件存放路径,根据实际情况修改
[root@localhost ~]# mkdir /data
[root@localhost ~]# keytool -genkey -alias ssozzjz5 -keyalg RSA -keysize 1024 -keypass 123456 -storepass 123456 -dname "CN=192.168.217.128,OU=csoa,O=csoa,L=FZ,ST=FZ,C=CN" -ext san=ip:192.168.217.128 -validity 3600 -keystore /data/ssozzjz5.keystore
[root@localhost ~]# keytool -export -file /data/ssozzjz5.crt -alias ssozzjz5 -keystore /data/ssozzjz5.keystore
输入密钥库口令:
存储在文件 </data/ssozzjz5.crt> 中的证书
[root@localhost ~]# echo $JAVA_HOME
/opt/jdk1.8.0_144
[root@localhost ~]# cd /opt/jdk1.8.0_144/jre/lib/security/
[root@localhost security]# keytool -import -keystore ./cacerts -file /data/ssozzjz5.crt -alias ssozzjz5
//这里写jdk的密码,默认是changeit
输入密钥库口令:
所有者: CN=192.168.217.128, OU=csoa, O=csoa, L=FZ, ST=FZ, C=CN
发布者: CN=192.168.217.128, OU=csoa, O=csoa, L=FZ, ST=FZ, C=CN
序列号: 77af2c9
有效期开始日期: Tue Dec 08 09:55:59 CST 2020, 截止日期: Thu Oct 17 09:55:59 CST 2030
证书指纹:
......
......
是否信任此证书? [否]: y
证书已添加到密钥库中
[root@localhost security]# cd
[root@localhost ~]# vim tomcat/conf/server.xml
<Connector port="8080" protocol="HTTP/1.1"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="/data/ssozzjz5.keystore" keystorePass="123456"/>
[root@localhost ~]# cd tomcat/
[root@localhost tomcat]# ./bin/startup.sh
Using CATALINA_BASE: /root/tomcat
Using CATALINA_HOME: /root/tomcat
Using CATALINA_TMPDIR: /root/tomcat/temp
Using JRE_HOME: /opt/jdk1.8.0_144
Using CLASSPATH: /root/tomcat/bin/bootstrap.jar:/root/tomcat/bin/tomcat-juli.jar
Using CATALINA_OPTS:
Tomcat started.
[root@localhost ~]# systemctl stop firewalld
效果图