tomcat上搭建https

  1. 生成server-key:keytool -genkey -alias pay.test.com -keyalg RSA -keystore pay.key
  2. 生成key的CSR: keytool -certreq -keyalg RSA -alias tomcat -file pay.csr -keystore pay.key
  3. 将csr文件发送给证书颁发机构
  4. 下载证书颁发机构的中间key,在他们网站有,保存为 intermediate.crt
  5. 证书颁发机构会用email方式发给你一个client key, 保存为client.cer
  6. 将中间key导入到pay.key中:/opt/java/bin/keytool -import -trustcacerts -alias root -file intermediate.crt -keystore pay.key
  7. 将client key导入到pay.key中:/opt/java/bin/keytool -import -trustcacerts -alias pay.test.com -file client.cer -keystore pay.key
  8. 最后显示下pay.key信息:/opt/java/bin/keytool -list -keystore pay.key
  9. 输入keystore密码:Keystore 类型: JKS
    Keystore 提供者: SUN

    您的 keystore 包含 2 输入

    pay.test.com, 2010-1-8, PrivateKeyEntry,
    认证指纹 (MD5): XX:XX:XX:XX:2B:C1:2F:6B:CA:25:D7:XX:XX:XX:XX:XX
    root, 2010-1-8, trustedCertEntry,
    认证指纹 (MD5): XX:XX:XX:XX:0D:31:84:C6:25:EA:6F:XX:XX:XX:XX:XX

  10. 修改tomcat的server.xml文件
  11. <Connector port=”443″ protocol=”HTTP/1.1″ SSLEnabled=”true”
    maxThreads=”150″ minSpareThreads=”25″ maxSpareThreads=”75″
    enableLookups=”false” disableUploadTimeout=”true”
    acceptCount=”100″ debug=”0″ scheme=”https” secure=”true”
    clientAuth=”false” sslProtocol=”TLS”
    keystoreFile=”/data/key/pay.key” keystorePass=”paytest”/>;

关于 Timo
XNIX SA & MYSQL DBA

发表评论

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / 更改 )

Twitter picture

You are commenting using your Twitter account. Log Out / 更改 )

Facebook photo

You are commenting using your Facebook account. Log Out / 更改 )

Google+ photo

You are commenting using your Google+ account. Log Out / 更改 )

Connecting to %s

%d 博主赞过: