1、创建证书
keytool -genkey -alias tomcat -keypass tomcat2018 -keyalg RSA -keystore tomcat.keystore
输入密码tomcat2018
What is your first name and last name?
sso.tomcat.com
what is the name of your organizational unit?
com
What is the name of your organizational?
com
What is the name of your city or locality?
com
What is the name of your state or province?
com
What is the two-letter country code for this unit?
CN
之后确认yes
其他命令:
证书条目删除
keytool -delete -alias tomcat -keystore tomcat.keystore -storepass tomcat2018
查看证书信息
keytool -list -v -keystore /opt/apache-tomcat-8.5.32/conf/cert/tomcat.keystore -storepass tomcat2018
2、导出证书
keytool -export -file tomcat.crt -alias tomcat -keypass tomcat2018 -keystore tomcat.keystore
3、为客户端JVM导入证书 tomcat2018
keytool -import -file /usr/java/jdk1.8.0_172-amd64/bin/tomcat.crt -keypass tomcat2018 -alias tomcat -keystore "mycerts"
4、应用证书到web容器-Tomcat
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="/opt/apache-tomcat-8.5.32/conf/cert/tomcat.keystore" keystorePass="tomcat2018" />
5、启动tomcat,访问https://192.168.0.129:8443/出现 https://sso.tomcat.com:8443
curl --insecure https://192.168.0.129:8443/