https tomcat 证书搭建

首先生成证书说明

keytool -genkey -alias castest -keyalg RSA -keystore c:/keys/caskey

先让输入密码，密码必须记住，下面会用到

其中“您的名字与姓氏是什么？”这是必填项，并且必须是TOMCAT部署主机的域名或者IP[如：gbcom.com 或者 10.1.25.251]（就是你将来要在浏览器中输入的访问地址），否则浏览器会弹出警告窗口，提示用户证书与所在域不匹配。在本地做开发测试时，应填 入“localhost”。

 

导出证书
keytool -export -file c:\keys\cas.crt -alias castest -keystore c:\keys\caskey

导入到服务端
keytool -import -keystore "C:\Program Files (x86)\Java\jdk1.8.0_73\jre\lib\security\cacerts" -file c:\keys\cas.crt -alias castest 

 

2.配置tomcat

    <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />
    <!-- A "Connector" using the shared thread pool-->
    <!--
    <Connector executor="tomcatThreadPool"
               port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />
    -->
    <!-- Define a SSL HTTP/1.1 Connector on port 8443
         This connector uses the BIO implementation that requires the JSSE
         style configuration. When using the APR/native implementation, the
         OpenSSL style configuration is required as described in the APR/native
         documentation -->
    <!-- protocol="org.apache.coyote.http11.Http11Protocol" -->
    <Connector port="8443" protocol="HTTP/1.1"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
			   keystoreFile="c:\keys\caskey"
			   keystorePass="123456"/>

 主要是配置keystoreFile 为证书说明 和 keystorePass 位上面输入的密码

 

 

 

 

 

 

 

 

其他：参考度娘