准备

1。ca服务器

2。ca根证书及私钥

步骤

1。申请keystore，使用ca根证书及密码

E:\java\jdk14\bin>keytool -import -file E:\coa\cert\itrusca-win.crt -keypass huatong -keystore E:\coa\cert\huatong_keystore -storepass huatong

2。制造服务器私钥，使用上步生成的keystore及密码

keytool -genkey -alias tomcat_server -validity 365 -keyalg RSA -keysize 1024 -keypass huatong -storepass huatong -dname "cn=NightBox, ou=department, o=company, l=Beijing, st=Beijing, c=CN" -keystore E:\coa\cert\huatong_keystore

3。产生申请文件，然后在ca上申请服务器证书,保存为server_cert.cer

keytool -certreq -alias tomcat_server -sigalg MD5withRSA -file E:\coa\cert\server.csr -keypass huatong -keystore E:\coa\cert\huatong_keystore -storepass huatong

4。导入ca根证书到JRE

keytool -import -v -trustcacerts -storepass changeit -alias itrus_ca_root -file E:\coa\cert\itrusca-win.crt -keystore E:\java\jdk14\jre\lib\security\cacerts

5。导入根证书到keystore

keytool -import -v -trustcacerts -storepass huatong -alias itrus_ca_root -file E:\coa\cert\itrusca-win.crt -keystore E:\coa\cert\huatong_keystore

6。导入服务器证书到keystore

keytool -import -v -trustcacerts -storepass huatong -alias tomcat_server -file E:\coa\cert\server_cert.cer -keystore E:\coa\cert\huatong_keystore

7。修改tomcat的server.xml

<Connector port="8443"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" debug="0" scheme="https" secure="true"
               clientAuth="true" sslProtocol="TLS"
        keystoreFile="E:\coa\cert\huatong_keystore"  keystorePass="huatong"     
/>