用JDK自带的keytool工具生成安全证书

发表于 更新于 分类于

环境

  • JDK6
  • Windows
  • Tomcat 6.35

创建证书

1
keytool -genkey -alias tomcat -keypass tomcat -keyalg RSA -keystore tomcat.keystore

ps:keystore密码要和-keypass密码保持一致

导出证书

1
keytool -export -file tomcat.crt -alias tomcat -keypass tomcat -keystore tomcat.keystore

为客户端JVM导入证书

1
keytool -import -file E:\keys\tomcat.crt -keypass tomcat -alias tomcat -keystore "cacerts"

ps:此处keystore的密码要输入:changeit 不然会报错

应用证书到web容器- tomcat

打开tomcat目录的conf/server.xml文件,开启83和87行的注释代码,并设置keystoreFile、keystorePass修改结果如下:

1
2
3
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" keystoreFile="E:/keys/tomcat.keystore" keystorePass="tomcat"/>

启动tomcat,访问https://localhost:8443/出现此页面说明成功

参考

http://www.kafeitu.me/sso/2010/11/05/sso-cas-full-course.html
http://www.cnblogs.com/wen12128/archive/2010/10/11/1848076.html