<span>第一步</span><span>(</span><span>不是必须</span><span>)?</span><span>删除已经存在的服务器端证书</span><span> <br></span><span>如果</span><span>jre</span><span>目录下已经存在</span><span>?</span><span>服务器证书</span><span>?</span><span>需呀删除证书</span><span> <br></span><span>输入如下命令删除</span><span>?</span><span>指定别名</span><span>yanjzkey</span><span>的证书</span><span> <br>*/</span><span> <br></span>
<span>%java_home%/bin/keytool?-delete?-alias?yanjzkey?-keypass?changeit?-keystore?%java_home%/jre/lib/security/cacerts </span></strong>?
<span><span>第二步</span><span>?</span><span>生成服务端证书</span><span> <br></span><span>输入如下命令</span><span>?</span><span>在当前目录中</span><span>?</span><span>生成服务端证书</span><span>tomcat.jks </span></span>
<span><span>注意:</span><span> <br>??1.</span><span>密码随意输入,比如</span><span>:111111 <br>??2.</span><span>要求输入姓名时,需要输入作为</span><span>casserver</span><span>的机器的域名,没有域的话</span><span>?</span><span>输入机器名</span><span> <br>??3. </span><span style="color: #000000;"><span>-validity 3650 </span><span>有效期</span><span>10</span><span>年</span></span><span><br>*/</span><span><span style="color: #000000;"> <br></span>[b]%java_home%/bin/keytool?-genkey?–alias –dname "cn=localhost"?casserver?-keyalg?rsa?-keystore?tomcat.jks </span><span>
-validity 3650</span></span>
<span><span></span></span>
?
?
<span style="color: #000000;"><span><span>第三步</span><span>?</span><span>导出证书</span><span> <br>?</span><span>输入如下命令</span><span>?</span><span>在当前目录中</span><span>?</span><span>导出证书</span><span>cas.cer </span></span></span>
<span style="color: #000000;"><span>
<span>注意:</span><span>cas.cer</span><span>和</span><span>tomcat.jks</span><span>的名字都可以改变自定义(在此不要切换目录导出)</span><span><br></span><span>
%java_home%/bin/keytool?-export?-file?cas.cer?-alias?casserver?-keystore?tomcat.jks</span></span></span>
<span style="color: #000000;"><span><span>
[/b]</span></span></span>
<span style="color: #000000;"><span><span></span></span></span>
<span lang="en-us"><span lang="en-us"><span style="color: #000000;"></span></span></span>
<span lang="en-us"><span lang="en-us"><span><span style="color: #000000;"><span>第四步</span><span lang="en-us">?</span><span>将证书导入到</span><span lang="en-us">?jre/lib/security</span><span>的</span><span lang="en-us">cacerts</span><span>中</span><span lang="en-us"> <br></span><span>注意:</span><span lang="en-us"> <br>?1.</span><span>此时输入的密码是</span><span lang="en-us">changeit?,</span><span>而不是之前的</span><span lang="en-us">111111 <br>*/</span><span lang="en-us"><span style="color: #000000;"> <br></span></span>[b]<span lang="en-us">%java_home%/bin/keytool?-import?-keystore?%java_home%/jre/lib/security/cacerts?-file?cas.cer?-alias?yanjzkey </span></span></span></span></span>
?
<span style="color: #000000;"><span><p>?
?
</span></span>?
<span style="color: #000000;">?
?
</span>?
?
<span><span><span>第五步</span><span lang="en-us">?</span><span>查询证书导入到</span><span lang="en-us">?jre/lib/security</span><span>的</span><span lang="en-us">cacerts</span><span>中证书确认</span><span lang="en-us"> <br>*/</span><span lang="en-us"><span style="color: #000000;"> <br>%java_home%/bin/keytool?-list?-v?-keystore?%java_home%/jre/lib/security/cacerts</span></span></span></span>
?
?
<strong>tomcat[/b] server.xml
<span style="white-space: pre;"> </span> ?<connector
? ? ? ? ? ?port="8443" minspare
threads="5" maxsparethreads="75"
? ? ? ? ? ?enablelookups="true" disableuploadtimeout="true"
? ? ? ? ? ?acceptcount="100" ?maxthreads="200"
? ? ? ? ? ?scheme="https" secure="true" sslenabled="true"
? ? ? ? ? ?keystorefile="c:\tomcat.jks" keystorepass="111111"
? ? ? ? ? ?clientauth="false" sslprotocol="tls"/>
?
?
相关文章
