準備

1。ca服務器

2。ca根證書及私鑰

步驟

1。申請keystore，使用ca根證書及密碼

E:\java\jdk14\bin>keytool -import -file E:\coa\cert\itrusca-win.crt -keypass huatong -keystore E:\coa\cert\huatong_keystore -storepass huatong

2。制造服務器私鑰，使用上步生成的keystore及密碼

keytool -genkey -alias tomcat_server -validity 365 -keyalg RSA -keysize 1024 -keypass huatong -storepass huatong -dname "cn=NightBox, ou=department, o=company, l=Beijing, st=Beijing, c=CN" -keystore E:\coa\cert\huatong_keystore

3。產生申請文件，然后在ca上申請服務器證書,保存為server_cert.cer

keytool -certreq -alias tomcat_server -sigalg MD5withRSA -file E:\coa\cert\server.csr -keypass huatong -keystore E:\coa\cert\huatong_keystore -storepass huatong

4。導入ca根證書到JRE

keytool -import -v -trustcacerts -storepass changeit -alias itrus_ca_root -file E:\coa\cert\itrusca-win.crt -keystore E:\java\jdk14\jre\lib\security\cacerts

5。導入根證書到keystore

keytool -import -v -trustcacerts -storepass huatong -alias itrus_ca_root -file E:\coa\cert\itrusca-win.crt -keystore E:\coa\cert\huatong_keystore

6。導入服務器證書到keystore

keytool -import -v -trustcacerts -storepass huatong -alias tomcat_server -file E:\coa\cert\server_cert.cer -keystore E:\coa\cert\huatong_keystore

7。修改tomcat的server.xml

<Connector port="8443"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" debug="0" scheme="https" secure="true"
               clientAuth="true" sslProtocol="TLS"
        keystoreFile="E:\coa\cert\huatong_keystore"  keystorePass="huatong"     
/>