前兩天公司要做https加密,記錄了一下自己的經歷,使用jdk自帶的keytool生成,首先到JAVA_HOME下的bin目錄下,打開命令行窗口,運行以下命令:
keytool -genkey -alias sampson -keypass sampson -keyalg RSA -keysize 1024 -validity 36500 -keystore e:/sampson/ssl/sampson.keystore -storepass sampson -dname "CN=personal, OU=personal, O=sampson, L=Haidian, ST=Beijing, C=cn"
這樣會在e:/sampson/ssl/目錄下生成sampson.keystore文件
然後運行以下命令,導入crt文件:
keytool -import -alias sampson -file e:/sampson/ssl/bd.sampson.com-bundle.crt -keystore e:/sampson/ssl/sampson.keystore -storepass sampson
這樣就完成基本的密鑰文件了。
接下來修改tomcat的配置文件,目錄爲conf/server.xml,修改內容如下:
<Connector port="8080" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="300" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" enableLookups="false"
disableUploadTimeout="true" minSpareThreads="50" maxHttpHeaderSize="8192"
keystoreFile="sampson.keystore" keystorePass="sampson"
truststoreFile="sampson.keystore" truststorePass="sampson"/>