keytool -genkey -alias tomcat -keyalg RSA -keysize 1024 -keypass changeit -storepass changeit -keystore tomcat.keystore -validity 3600
--这两步可以不用
keytool -export -trustcacerts -alias tomcat -file tomcat.cer -keystore tomcat.keystore -storepass changeit
keytool -import -trustcacerts -alias tomcat -file tomcat.cer -keystore %JAVA_HOME%/jre/lib/security/cacerts -storepass changeit
Tomcat4.1.34配置:
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8443" enableLookups="true" scheme="https" secure="true" acceptCount="100" useURIValidationHack="false" disableUploadTimeout="true" clientAuth="false" sslProtocol="TLS" keystoreFile="tomcat.keystore" keystorePass="changeit"/>
Tomcat5.5.9配置:
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="tomcat.keystore"
keystorePass="changeit"/>
Tomcat5.5.20配置(此配置同样可用于Tomcat6.0):
<Connector protocol="org.apache.coyote.http11.Http11Protocol"
port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="tomcat.keystore"
keystorePass="changeit"/>
Tomcat6.0.10配置:
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="D:/tools/apache-tomcat-6.0.10/tomcat.keystore"
keystorePass="changeit"/>
其他有用keytool命令(列出信任证书库中所有已有证书,删除库中某个证书):
keytool -list -v -keystore D:/sdks/jdk1.5.0_11/jre/lib/security/cacerts
keytool -delete -trustcacerts -alias tomcat -keystore D:/sdks/jdk1.5.0_11/jre/lib/security/cacerts -storepass changeit