Usually, when you create an HTTPS server, you need a Web site's SSL certificate file, but the documents found on the Internet are basically the introduction of how to use Keytools to create a certificate, but this method of applying for the certificate will not be the majority of Internet users of the browser authentication, So if you want to create an HTTPS service that everyone can access, then request a certificate from a trusted institution.
While the certificates downloaded from the Certification Web site do not include the JKS certificate files that tomcat can use, you must first convert the certificate to a format that Tomcat can use.
In general, the certificate file we get is as follows: (temp is the same as the name of the certificate in the following example)
1. TEMP.CRT (certificate file for your own website)
2. Temp.key (optional, private key, can be generated by the CRT itself)
3. ROOT.CRT (optional, certification authority's own root certificate)
The first step:
Merging certificates, generating TEMP.P12 files
Command Line Input:
OpenSSL pkcs12-export-in temp.crt-inkey temp.key-out temp.p12-name Temp
You will be prompted to create your own key and repeat the password, please remember that we will also use
Step Two:
Generating the KeyStore file (JKS) requires that you enter the export password for the previous step, and that you need to use this password to specify the import of the new KeyStore password after a few steps.
<pre name= "code" class= "plain" >keytool-importkeystore-srckeystore temp.p12-srcstoretype pkcs12-destkeystore Temp.jks
You will be prompted to enter the password for the first step and enter a new KeyStore password
Step three (optional):
Generate Public key
<pre name= "code" class= "plain" >openssl rsa-in temp.key-out Temp_public.key
Fourth step (optional):
Merge the root certificate of the authority (that is, add trust)
Alias: Description of the trusted certificate
CA.CRT: The trust certificate to be added can also be a format such as Pem
<pre name= "code" class= "plain" >keytool-keystore Temp.jks-import-trustcacerts-alias alias-file ca.crt
Appendix:
Tomcat configuration:
/data/app/test/temp.jks: Your certificate file
123456: Your Certificate password
<connector port= "8080" protocol= "http/1.1"
Sslenabled= "true" maxthreads= "scheme=" https "
Secure= "true" Clientauth= "true" sslprotocol= "TLS"
Keystorefile= "/data/app/test/temp.jks" keystorepass= "123456"/>