1. 先用如下命令生成tomcat 证书
1 cls 2 3 rem please set the env JAVA_HOME before run this bat file 4 SET JAVA_HOME=C:\Programs\Java\jdk1.7.0_51 5 SET PATH=%PATH%;%JAVA_HOME%/bin 6 7 rem delete alias tomcat if it is existed 8 keytool -delete -alias tomcatsso -keystore %JAVA_HOME%/jre/lib/security/cacerts -storepass changeit 9 10 REM DELETE existing tomcatsso certified book 11 keytool -delete -alias tomcatsso -storepass changeit 12 13 rem list all alias in the cacerts 14 REM List ALL certified in certified warehouse 15 keytool -list -keystore %JAVA_HOME%/jre/lib/security/cacerts -storepass changeit 16 17 18 rem generator a key 19 REM use RSA algorithm, generate a certified with name=tomcatsso, password=changeit 20 REM certified DN= cn=locahost, please make sure the DN = the host name 21 keytool -genkey -keyalg RSA -alias tomcatsso -dname "cn=localhost" -storepass changeit 22 23 rem export the key 24 REM expoert the certified from keystore, generate tomcatsso.crt file 25 keytool -export -alias tomcatsso -file %JAVA_HOME%/jre/lib/security/tomcatsso.crt -storepass changeit 26 27 REM import into trust cacerts, generate tomcatsso.crt file 28 REM import the tomcatsso.crt INTO JRE trusted certified warehouse, make sure the jre dir is the same as the jre which used by Tomcat, or Tomcat will not able to find the Certified 29 keytool -import -alias tomcatsso -file %JAVA_HOME%/jre/lib/security/tomcatsso.crt -keystore %JAVA_HOME%/jre/lib/security/cacerts -storepass changeit 30 31 rem list all alias in the cacerts 32 keytool -list -keystore %JAVA_HOME%/jre/lib/security/cacerts -storepass changeit
2.After the script run complete, verify the certificate generated correctly
(1) check there is a tomcatsso.crt in your %JAVA_HOME%\jre\lib\security
(2) check there is a .keystore in your C:\Documents and Settings\YOUR_USERNAME
3.在Eclipse 中的配置tomcat
保证启动tomcat的jdk是刚才用于生成证书的jdk
(2) 编辑Server.XML, 加入keystore和CA 证书
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true"
keystoreFile="C:/Documents and
Settings/e527051/.keystore" keystorePass="changeit"
truststoreFile="C:/Programs/Java/jdk1.6.0_22/jre/lib/security/cacerts"
clientAuth="false" sslProtocol="TLS" />
(3) 用8443端口打开应用
https://localhost:8443/ewusu-network
https://localhost:8443/ewusu-engine
下一篇文章讲解如何使用jasig cas在Tomcat中设置single sign on