版权声明:本文为博主原创文章,未经博主允许不得转载,除非给本座进贡糖葫芦~ https://blog.csdn.net/kimqcn4/article/details/84030951
版本:tomcat8,jdk1.7
1.制作jks
#产生keystore
keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore www.myweb.cn.jks -storepass password -keypass password
#产生csr
keytool -certreq -alias server -sigalg SHA256withRSA -file certreq.csr -keystore www.myweb.cn.jks -keypass password -storepass password
#将csr提交给第三方CA签发服务器证书,保存为www.myweb.cn.cer
#导入服务器证书的根证书
keytool -import -alias root -keystore www.myweb.cn.jks -trustcacerts -storepass password -file root.cer
#导入服务器证书
keytool -import -alias server -keystore www.myweb.cn.jks -trustcacerts -storepass password -file www.myweb.cn.cer
#查看一下
keytool -list -v -keystore www.myweb.cn.jks -storepass password
2.修改tomcat/conf/server.xml:
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="conf/cert/www.myweb.cn.jks" keystorePass="password"
clientAuth="false" sslProtocol="TLS"/>
3.测试: https://www.myweb.cn:8443/