生成服务端keystore
keytool -genkey -alias edu_server -keyalg RSA -keypass 123456 -storepass 123456 -keystore edu_server.jks -validity 3650
生成服务端server.cer
keytool -export -trustcacerts -alias edu_server -file edu_server.cer -keystore edu_server.jks -storepass 123456
生成客户端keystore
keytool -genkey -alias edu_client -keyalg RSA -keypass 123456 -storepass 123456 -storetype PKCS12 -keystore edu_client.p12 -validity 3650
生成客户端client.cer
keytool -export -trustcacerts -alias edu_client -file edu_client.cer -storetype PKCS12 -keystore edu_client.p12 -storepass 123456
查看证书列表
keytool -list -keystore edu_server.jks -storepass 123456
导入证书
keytool -import -alias edu_client -file edu_client.cer -keystore edu_server.jks -storepass 123456
删除证书
keytool -delete -alias edu_client -keystore edu_server.jks -storepass 123456
tomcat配置文件server.xml
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" maxThreads="150"
SSLEnabled="true" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS"
keystoreFile="D:\Java\jdk1.7.0_80\bin\edu_server.jks" keystorePass="123456"
truststoreFile="D:\Java\jdk1.7.0_80\bin\edu_server.jks" truststorePass="123456"/>