1, 生成keystore
#免交互: keytool -genkeypair -v -alias testKey -keyalg RSA -validity 365000 -keystore test.keystore \
-storepass 123456789 -keypass 123456789 \
-dname "cn=my.com.web, ou=devops, o=my.com, c=CN, l=bj , st=bj "
[wang@c7-iris2 sh]# keytool -genkeypair -v -alias testKey -keyalg RSA -validity 365000 -keystore test.keystore
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: my.com
What is the name of your organizational unit?
[Unknown]: devops
What is the name of your organization?
[Unknown]: my.com
What is the name of your City or Locality?
[Unknown]: bj
What is the name of your State or Province?
[Unknown]: bj
What is the two-letter country code for this unit?
[Unknown]: CN
Is CN=my.com, OU=devops, O=my.com, L=bj, ST=bj, C=CN correct?
[no]: yes
Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 3,650 days
for: CN=my.com, OU=devops, O=my.com, L=bj, ST=bj, C=CN
Enter key password for <testKey>
(RETURN if same as keystore password):
Re-enter new password:
[Storing test.keystore]
Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore test.keystore -destkeystore test.keystore -deststoretype pkcs12".
[root@cdh-c6-master aaa]# ls
test.keystore
[wang@c7-iris2 ~]# mkdir /usr/share/ssl
[wang@c7-iris2 ~]# cp test.keystore /usr/share/ssl/tomcat.keystore
2, tomcat启动:配置server.xml
[wang@c7-iris2 ~]# vi apache-tomcat-8.5.54/conf/server.xml
<Connector port="8080" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="/usr/share/ssl/tomcat.keystore"
keystorePass="123456789"
clientAuth="false" />
3, jar包启动:配置application.properties
[wang@c7-iris2 ~]# cat application.properties
server.port=8088
server.ssl.key-store=C:/tomcat.keystore
server.ssl.keyStoreType=JKS
server.ssl.key-store-password=123456
打完Jar 包后, 启动jar包: