#genkey:在tomcat根目录下
keytool -genkey -alias tomcat_cas -keyalg RSA -storepass changeit -keystore server.keystore -validity 3600
#list key:
keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts
#delete
keytool -delete -trustcacerts -alias tomcat_cas -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit
#export:在tomcat根目录下
keytool -export -trustcacerts -alias tomcat_cas -file server.cer -keystore server.keystore -storepass changeit
#import
keytool -import -trustcacerts -alias tomcat_cas -file server.cer -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit
(注:$JAVA_HOME:是linux下jdk根目录,如果是在windows下将其替换为:%JAVA_HOME% changeit为默认:storepass后的密码必须与genkey指令后的确认密码相同 在本地时域名为:localhost)
常用步骤:
1:genkey
2:export
3:import
4:设置tomcat/conf/server.xml
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/home/brin/webserver/apache-tomcat-6.0.32/casserver.keystore"
truststoreFile="/opt/jdk1.6.0_45/jre/lib/security/cacerts"
keystorePass="changeit" />
5:启动tomcat
6:https://localhost:8443/cas
常见问题补充:
1: java.io.IOException:Cannot recover key
storepass后的密码与genkey最后的确认密码不一致,可delete后重新genkey, export, import
2: java.io.IOException: Keystore was tempered with, or password was incorrect
tomcat/conf/server.xml中的keystorePass="xxx"密码输入错误
3: java.io.FileNotFoundException:/root/.keystore
tomcat/conf/server.xml中keystoreFile中没有添加或输入值有误