open.t.qq.com(这里是我的主机名称,就是完整计算机名称,改下就可,不改就用localhost)
预备生成5个文件文件:
[quote]1:cacerts, 2:server.keystore,3:client.keystore,4:server.cer,5:client.cer[/quote]
首先在 c盘 下新建一个文件夹 zhengshu ; cmd 进入这个目录:
[img]http://dl.iteye.com/upload/attachment/498258/24e2984c-3477-3d74-8946-bb9eb1f11e69.png[/img]
[b]1:生成服务器端库文件[/b]
(生成的时候,第一项name一定要写你的完整计算机名称,我的是open.t.qq.com)
[img]http://dl.iteye.com/upload/attachment/498260/89b0ccfc-ecdb-3a82-95c5-1de9771de3d3.png[/img]
[b]2:导出服务器端证书[/b]
[img]http://dl.iteye.com/upload/attachment/498262/c0f293de-f0cf-3e9a-a346-35d02817bff9.png[/img]
[b]3:生成客户端库文件[/b]
[img]http://dl.iteye.com/upload/attachment/498264/fde9040f-b8e5-3e8c-9dcd-42f5ecd5b2e0.png[/img]
[b]4:导出客户端证书[/b]
[img]http://dl.iteye.com/upload/attachment/498266/a0ea4a2c-a163-398f-a4fb-f29f67a5fc3b.png[/img]
[b]5:导入服务器端证书[/b]
[img]http://dl.iteye.com/upload/attachment/498268/09ab3faf-2961-3bc8-8fed-88b8141cc9de.png[/img]
[b]6:导入客户端证书[/b]
[img]http://dl.iteye.com/upload/attachment/498270/3a9d601b-eec0-3b08-8b96-e303efedb787.png[/img]
将如上生成5个文件文件:
1:cacerts, 2:server.keystore,3:client.keystore,4:server.cer,5:client.cer
[img]http://dl.iteye.com/upload/attachment/498278/7a100430-6377-34c2-9c79-429a8247557c.png[/img]
拷贝到cas服务器以及应用客户端TOMCAT_HOME主目录以及[size=xx-large]JAVA_HOME\jre\lib\security[/size]文件下(每个子系统的tomcat也要拷贝进去)
预备生成5个文件文件:
[quote]1:cacerts, 2:server.keystore,3:client.keystore,4:server.cer,5:client.cer[/quote]
首先在 c盘 下新建一个文件夹 zhengshu ; cmd 进入这个目录:
[img]http://dl.iteye.com/upload/attachment/498258/24e2984c-3477-3d74-8946-bb9eb1f11e69.png[/img]
[b]1:生成服务器端库文件[/b]
(生成的时候,第一项name一定要写你的完整计算机名称,我的是open.t.qq.com)
keytool -genkey -alias tomcat-server -keyalg RSA -keypass changeit -storepass changeit -keystore server.keystore -validity 3650
[img]http://dl.iteye.com/upload/attachment/498260/89b0ccfc-ecdb-3a82-95c5-1de9771de3d3.png[/img]
[b]2:导出服务器端证书[/b]
keytool -export -alias tomcat-server -storepass changeit -file server.cer -keystore server.keystore
[img]http://dl.iteye.com/upload/attachment/498262/c0f293de-f0cf-3e9a-a346-35d02817bff9.png[/img]
[b]3:生成客户端库文件[/b]
keytool -genkey -alias tomcat-client -keyalg RSA -keypass changeit -storepass changeit -keystore client.keystore -validity 3650
[img]http://dl.iteye.com/upload/attachment/498264/fde9040f-b8e5-3e8c-9dcd-42f5ecd5b2e0.png[/img]
[b]4:导出客户端证书[/b]
keytool -export -alias tomcat-client -storepass changeit -file client.cer -keystore client.keystore
[img]http://dl.iteye.com/upload/attachment/498266/a0ea4a2c-a163-398f-a4fb-f29f67a5fc3b.png[/img]
[b]5:导入服务器端证书[/b]
keytool -import -trustcacerts -alias server -file server.cer -keystore cacerts -storepass changeit
[img]http://dl.iteye.com/upload/attachment/498268/09ab3faf-2961-3bc8-8fed-88b8141cc9de.png[/img]
[b]6:导入客户端证书[/b]
keytool -import -trustcacerts -alias client -file client.cer -keystore cacerts -storepass changeit
[img]http://dl.iteye.com/upload/attachment/498270/3a9d601b-eec0-3b08-8b96-e303efedb787.png[/img]
将如上生成5个文件文件:
1:cacerts, 2:server.keystore,3:client.keystore,4:server.cer,5:client.cer
[img]http://dl.iteye.com/upload/attachment/498278/7a100430-6377-34c2-9c79-429a8247557c.png[/img]
拷贝到cas服务器以及应用客户端TOMCAT_HOME主目录以及[size=xx-large]JAVA_HOME\jre\lib\security[/size]文件下(每个子系统的tomcat也要拷贝进去)