生成客户端证书
openssl genrsa -out ca\myCA.key 2048
openssl req -x509 -new -key ca\myCA.key -out ca\myCA.cer -days 700 -subj /CN="szlanyou"
生成 服务端证书
openssl genrsa -out ca\server.key 2048
openssl req -new -out ca\server.req -key ca\server.key -subj /CN=172.26.188.181/CN=172.26.188.181/CN=localhost
openssl x509 -req -in ca\server.req -out ca\server.cer -CAkey ca\myCA.key -CA ca\myCA.cer -days 36500 -CAcreateserial -CAserial ca\server.serial
openssl pkcs12 -export -in ca\server.cer -inkey ca\server.key -out ca\server.p12 -name "server"
生成keystore
keytool -importkeystore -v -srckeystore ca\server.p12 -srcstoretype pkcs12 -srcstorepass 123456 -destkeystore ca\server.keystore -deststoretype jks -deststorepass 123456
修改tomcat 的connector配置
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="E:/server.keystore" keystorePass="123456"
clientAuth="false" sslProtocol="TLS" />