生成keystore:
keytool -genkeypair -alias "tomcat" -keyalg "RSA" -keystore "D:\workspace\cas-all\cas-server2\tomcat.keystore"
导出证书:
keytool -export -file D:\workspace\cas-all\cas-server2\cas.crt -keystore D:\workspace\cas-all\cas-server2\tomcat.keystore -alias tomcat
导入到jre中:
keytool -import -file D:\workspace\cas-all\cas-server2\cas.crt -alias tomcat -keystore D:\java\jre1.8.0_231\lib\security\cacerts -storepass 123456
这步报错:
java.io.IOException: Keystore was tampered with, or password was incorrect
原因是证书的默认密码是:changeit,并非我上一步设置的123456
重新导入:
keytool -import -file D:\workspace\cas-all\cas-server2\cas.crt -alias tomcat -keystore D:\java\jre1.8.0_231\lib\security\cacerts -storepass changeit
tomcat配置https:
注释掉:
<!-- <Connector port="8888" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
添加:
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200" scheme="https" secure="true"
SSLEnabled="true"
keystoreFile="D:\workspace\cas-all\cas-server2\tomcat.keystore"
keystorePass="123456"
clientAuth="false" sslProtocol="TLS"/>