Tomcat使用https协议

本文来自百度总结

 

--生成服务器证书
keytool -genkey -v -alias member -keyalg RSA -keystore F:\home\member.keystore -validity 365


名字为域名，本地填localhost


--生成客户端证书
keytool -genkey -v -alias client -keyalg RSA -storetype PKCS12 -keystore F:\home\client.p12


--服务器信任客户端证书
--先导出为cer
keytool -export -alias client -keystore F:\home\client.p12 -storetype PKCS12 -storepass Member. -rfc -file F:\home\client.cer


--然后导入到服务器的证书库
keytool -import -v -file F:\home\client.cer -keystore F:\home\member.keystore


--让客户端信任服务器证书(导出为cer)
keytool -keystore F:\home\member.keystore -export -alias member -file F:\home\member.cer


--查看服务器的证书库
keytool -list -keystore F:\home\member.keystore


--Tomcat  server.xml配置
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
    SSLEnabled="true" maxThreads="150" scheme="https"
    secure="true" clientAuth="true" sslProtocol="TLS"
    keystoreFile="F:\\home\\member.keystore" keystorePass="Member."
    truststoreFile="F:\\home\\member.keystore" truststorePass="Member." />