Use keytool to generate a security certificate

For details, see Tomcat help documentation,: https: // localhost: 8080/tomcat-docs/ssl-howto.html.
1. Use keytool to generate a certificate:
Keytool-genkey-alias tomcat-keyalg RSA-keystore C:/tomcat/mykey
Note:
Here-alias Tomcat indicates that the generated certificate alias is tomcat,-keyalg RSA refers to the RSA algorithm used,-keystore C: /tomcat/mykey indicates the storage location of the generated certificate. After you press enter, you will be prompted to enter the keystore password, which can be set by yourself, and then some personal information and organization information can be easily done.
2. configuration information added in server. xml:
<Connection Port = "8888"
Maxthreads = "150" minsparethreads = "25" maxsparethreads = "75"
Enablelookups = "false" disableuploadtimeout = "true"
Acceptcount = "100" DEBUG = "0" Scheme = "HTTPS" secure = "true"
Clientauth = "false" sslprotocol = "TLS" keystorefile = "C: \ tomcat, mykey" keystorepass = "123456"/>
Note:
Tomcat uses port 8888, followed by keystorefile to indicate the location of your certificate, and keystorepass refers to the password.
3. After restarting tomcat, enter https: // localhost: 8888 in the address bar to complete the operation ~~~~~~~~
You are prompted to install the certificate when browsing the display.

==========================================
Common keytool commands in JDK
-Genkey creates a default file ". keystore" in the user's main directory, and generates a mykey alias. mykey contains the user's public key, private key, and certificate.
-Alias generation
-Keystore specifies the name of the keystore (the generated information will not be in the. keystore file.
-Keyalg: Algorithm for specifying the key
-Validity: Specifies the validity period of the created certificate.
-Keysize: Specifies the key length.
-Storepass: password of the specified keystore
-Keypass: Specifies the password of an Alias Entry
-Dname indicates the certificate owner information, for example, "cn = sagely, ou = ASD, O = szu, L = SZ, St = Gd, c = cn"
-List: displays the certificate information in the keystore. keytool-list-v-keystore sage-storepass ....
-V: displays the certificate details in the keystore.
-Export: export the Certificate specified by the alias to the file keytool-export-alias caroot-file caroot. CRT.
-The file parameter specifies the file name to be exported.
-Delete: Delete the keytool-delete-alias sage-keystore sage entry in the keystore.
-Keypasswd: Modify the entry password keytool-keypasswd-alias sage-keypass ......-New ......-storepass ......-keystore sage in the keystore
-Import the signed digital certificate to the keystore keytool-import-alias sage-keystore sagely-file Sagely. CRT
After importing the signed digital certificate with keytool-list-V, you can obviously find that the length of the authentication chain is longer and print out all the CA chains.
 
1. Certificate display
-List
[-V |-RFC] [-alias <alias>]
[-Keystore <keystore>] [-storepass <storepass>]
[-Storetype <storetype>] [-provider <provider_class_name>]
Example: keytool-list-v-alias rapaserver-keystore cacerts-storepass 12345678
Keytool-list-v-keystore d2aapplet. keystore-storepass 12345678-storetype iaikkeystore
2. Export the certificate to the certificate file
Example: keytool-export-keystore monitor. keystore-alias Monitor-File Monitor. Cer
Monitor the certificate library. certificates with the alias monitor in keystore are exported to monitor. the CER Certificate file contains the information of the certificate body and the public key of the certificate, excluding the private key, which can be made public.
Keytool-export-keystore d2aapplet. keystore-alias rapaserver-file rapa. cert-storetype iaikkeystore
3. Import the keystore to the certificate
Import rapa. Cert to the Java default certificate cacerts
Keytool-import-alias rapaserver-keystore cacerts-file rapa. cert-keystore cacerts
4. delete a certificate entry
The command line parameter-delete of keytool can delete entries in the keystore, for example, keytool-delete-alias rapaserver-keystore d2aapplet. keystore, this command will be d2aapplet. the certificate rapaserver in the keystore is deleted.
5. Certificate entry password Modification
Use the-keypasswd parameter, for example, keytool-keypasswd-alias rapaserver-keystore d2aapplet. keystore. You can interactively modify the certificate of the d2aapplet. keystore certificate library whose entries are rapaserver.
Keytool-keypasswd-alias rapaserver-keypass 654321-New 123456-storepass 888888-keystore d2aapplet. the keystore command line uses non-interactive methods to change the password of the certificate in the database alias rapaserver as the new password 654321, And the 123456 in the line indicates the original password of the certificate, 888888 is the password of the credential store.