0
点赞
收藏
分享

微信扫一扫

164-cas-server5.3 支持https,生成证书

生成keystore:

keytool -genkeypair -alias "tomcat" -keyalg "RSA" -keystore "D:\workspace\cas-all\cas-server2\tomcat.keystore"

导出证书:

keytool -export -file D:\workspace\cas-all\cas-server2\cas.crt -keystore D:\workspace\cas-all\cas-server2\tomcat.keystore -alias tomcat


导入到jre中:

keytool -import -file D:\workspace\cas-all\cas-server2\cas.crt -alias tomcat -keystore D:\java\jre1.8.0_231\lib\security\cacerts -storepass 123456


这步报错:

java.io.IOException: Keystore was tampered with, or password was incorrect


原因是证书的默认密码是:changeit,并非我上一步设置的123456

重新导入:

keytool -import -file D:\workspace\cas-all\cas-server2\cas.crt -alias tomcat -keystore D:\java\jre1.8.0_231\lib\security\cacerts -storepass changeit


tomcat配置https:

注释掉:

    <!-- <Connector port="8888" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />
			   -->

添加:

<Connector protocol="org.apache.coyote.http11.Http11NioProtocol" 
port="8443" maxThreads="200" scheme="https" secure="true" 
SSLEnabled="true" 
keystoreFile="D:\workspace\cas-all\cas-server2\tomcat.keystore" 
keystorePass="123456" 
clientAuth="false" sslProtocol="TLS"/>

举报

相关推荐

0 条评论