版本:tomcat8,jdk1.7
1.製作jks
#產生keystore
keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore www.myweb.cn.jks -storepass password -keypass password -validit
y 3650
#產生csr
keytool -certreq -alias server -sigalg SHA256withRSA -file certreq.csr -keystore www.myweb.cn.jks -keypass password -storepass password -dname "CN=192.168.100.100,ST=Beijing,L=Beijing,OU=Test,O=Test Trust Network,C=CN"
#將csr提交給第三方CA簽發服務器證書,保存爲www.myweb.cn.cer
#導入服務器證書的根證書
keytool -import -alias root -keystore www.myweb.cn.jks -trustcacerts -storepass password -file root.cer
#導入服務器證書
keytool -import -alias server -keystore www.myweb.cn.jks -trustcacerts -storepass password -file www.myweb.cn.cer
#查看一下
keytool -list -v -keystore www.myweb.cn.jks -storepass password
2.修改tomcat/conf/server.xml:
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="conf/cert/www.myweb.cn.jks" keystorePass="password"
clientAuth="false" sslProtocol="TLS"/>
3.測試: https://www.myweb.cn:8443/