请注意: 如果收到的是jks文件请跳过第一步。
1. 导入p7b格式到keystore文件
C:\Users\suppo\tomcat>keytool -import -trustcacerts -alias getssl -file demo.getssl.cn.p7b -keystore getssl.jks
输入keystore密码:
输入生成jks时的密码,即可导入成功。使用以下命令查询刚刚导入的证书
C:\Users\suppo\tomcat>keytool -list -keystore getssl.jks -v
输入keystore密码:
Keystore 类型: JKS
Keystore 提供者: SUN
您的 keystore 包含 1 输入
别名名称: getssl
创建日期: 2017-8-20
项类型: PrivateKeyEntry
认证链长度: 2
认证 [1]:
所有者:CN=demo.getssl.cn, OU=GETSSL, O=IT DEPT, L=SHANGHAI, ST=SHANGHAI, C=CN
2 . 安装证书
将jks文件放到tomcat安装目录。
使用编辑器或者vi 打开 tomcat安装目录/conf/server.xml ,添加一个 Connector
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
SSLEnabled="true" maxThreads="150" scheme="https" secure="true"
clientAuth="false" keystoreFile="getssl.jks" keystorePass="123456" keyAlias="getssl" sslProtocol="TLSv1.2"
sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1"
ciphers="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"
/>
- keystoreFile jks文件名
- keystorePass jks文件密码
- keyAlias 生成csr时设置的别名, 从我们网站下载JKS文件的用户默认为 1,keyAlias="1"
安装后重启tomcat
shutdown.sh / shutdown.bat
startup.sh / startup.bat
相关文章