1. 在C:WindowsSystem32driversetchosts文件中新增一条项目web.demo.com,让Tomcat可以通过域名访问:
127.0.0.1 web.demo.com
3. 生成证书:
keytool -genkey -alias casdemo -keyalg RSA -keysize 1024 -keypass casdemo -validity 365 -keystore c:casdemo.keystore -storepass casdemo
4. 导出证书:
keytool -export -alias casdemo -file c:casdemo.crt -keystore c:casdemo.keystore -storepass casdemo
5. 导入证书:
keytool -import -alias casdemo -file c:casdemo.crt -keystore "%JAVA_HOME%jrelibsecuritycacerts" -storepass changeit
6. 打开Tomcat目录下的conf/server.xml文件,找到8443的配置:
<!-- <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" /> -->
按照下面方式修改:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" keystoreFile="c:/casdemo.keystore" keystorePass="casdemo" clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8" />
7. 打开浏览器测试是否成功:
参考:
SSO之CAS单点登录实例演示
java keytool证书工具使用小结
Tomcat SSL配置 Connector attribute SSLCertificateFile must be defined when using SSL with APR解决