Recently doing how to make the website have SSL, have a day, now summarize
The first thing to do is to install OpenSSL and Java Keytool
Generate private keys and CSRs with OpenSSL first
openssl req -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr
You will be prompted to enter some information at the time of generation, remember to enter the information of the domain name to be authenticated in common name, such as Xxx.xxx.com
After the build, the CSR information is opened in Notepad, the information is entered into the CA certificate publisher's website, and then the certificate signed
After the completion of the name may send a compressed file to you, I use the Comodo certificate
Contains 3 files
Domain.ca-bundle
Domain.crt
domain.p7b
Must go to their website to download, they will only email you send two files, one is domain.ca-bundle another is DOMAIN.CRT
The rest is to convert p7b to PFX.
Convert p7b to CER first
OpenSSL pkcs7-print_certs-in domain.p7b-out domain.cer
Then generate a PFX with the previous generation and signature of the private and CER files
OpenSSL pkcs12-export-in Domain.cer-inkey domain.key-out domain.pfx
If you are using Tomcat,tomcat to support PFX, but I like to build it jks, so take one step
Keytool -importkeystore -srckeystore domain.pfx -srcstoretype pkcs12 -destkeystore domain.jks -deststoretype jks
Then add this certificate in Tomcat's server.xml to start the certificate and you can use the
How to issue an SSL certificate