#生成RSA密钥
OpenSSL genrsa-out Privkey.key 2048
#生成数字证书 (self-signed)
OpenSSL req-new-x509-key privkey.key-out cacert.crt-days 3650
Configuration in Nginx:
# HTTPS Server
#
server {
Listen 9443 SSL;
server_name Localhost_https;
SSL_CERTIFICATE/ETC/NGINX/CERT/CACERT.CRT;
Ssl_certificate_key/etc/nginx/cert/privkey.key;
Ssl_session_cache shared:ssl:1m;
Ssl_session_timeout 5m;
Ssl_ciphers high:!anull:! MD5;
Ssl_prefer_server_ciphers on;
#生产keystore文件
Keytool-genkey-validity 3650-keyalg rsa-keysize 2048-keystore sso.keystore
#版cacert. PEM import into the KeyStore file
Keytool-import-v-trustcacerts-alias ssossl-file Cacert.crt-keystore sso.keystore
#把证书导入到jre中 (This step is required if you are a CAS single sign-on):
Keytool-import-trustcacerts-alias Ssossl-file Cacert.crt-keystore/usr/java/jdk1.6.0_29/jre/lib/security/cacerts- Storepass Changeit
Reference:
Http://blog.sina.com.cn/s/blog_6ad624380101ido7.html
http://blog.163.com/liangge_sky/blog/static/21050018820110282637778/
Nginx and Tomcat configure SSL at the same time