keytool -genkey -alias tomcat -keyalg RSA -keypass changeit -storepass changeit -keystore d:\server.keystore
注意 CN必须域名
比如以后通过https://localhost:8443/path/ 访问网站
这时候CN = localhost
2、tomcat 打开SSL配置
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="d:/server.eystore" keystorePass="changeit"/>
3、 直接访问
浏览器输入https://localhost:8443/path/ 这个时候由于证书不是第三方颁发的所以会提示认证安全证书有问题。
4、导出x509证书
keytool -export -alias tomcat -file d:\server.cer -keystore d:\server.keystore.
先导出一个x509证书
5、新建client信任的keystore.
keytool -genkey -alias trust -keyalg RSA -keypass changeit -storepass changeit -keystore d:\trust.keystore
6、添加服务器端证书进入本地信任keystore
keytool -import -v -alias tomcat -file d:\server.cer -keystore d:\trust.keystore
7、java 测试代码
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import javax.net.ssl.HttpsURLConnection;
public class TClient {
public static void main(String[] args) throws Exception {
System.setProperty("javax.net.ssl.trustStore", "d:/trust.keystore" );
new TClient().test();
}
private void test() {
String https_url = "https://localhost:8443/path/login.jsp";
URL url;
try {
url = new URL(https_url);
HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
connection.setDoOutput(true);
connection.setRequestMethod("POST");
connection.getOutputStream().flush();
connection.getOutputStream().close();
System.out.println( connection.getPeerPrincipal().toString() );
} catch (MalformedURLException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
}