Tomcat8.0 SSL配置

Tomcat ssl 配置

keytool -export -file tomcat.crt -alias tomcat -keystore tomcat.keystore 

导出数字证书

keytool -export -file tomcat.crt -alias tomcat -keystore tomcat.keystore 

在tomcat所在的机器，将证书导入到cacerts

keytool -importcert -alias tomcat -file tomcat.crt -keystore "%JAVA_HOME%/jre/lib/security/cacerts" -storepass changeit   

进入对应目录可使用如下命令查看证书信息：

keytool -list -keystore cacerts -alias tomcat
输入密钥库口令
tomcat, 2017-11-24, trustedCertEntry
证书指纹 (SHA1): C5:EE:80:F3:E0:A7:E8:42:D5:F1:D1:3B:D8:6B:67:8B:9C:63:BE:1F

将配置文件copy至对应的位置中

cd ${JAVA_HOME}/jre/lib/security

备用命令如下

keytool -delete -alias tomcat -keystore cacerts
keytool -import -alias tomcat -keystore cacerts -file ${JAVA_HOME}/jre/lib/security/tomcat.cer
keytool -list -keystore cacerts -alias tomcat

配置tomcat8.0的ssl协议

 <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
 
            maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
            
            clientAuth="false" sslProtocol="TLS" 
            
             keystoreFile="D:/java/jdk1.8.0_91/jre/lib/security/tomcat.keystore" 
             
             keystorePass="changeit" keystoreType="JKS"/>