如何在Tomcat中配置SSL证书(2)-木庄网络博客

CA颁发证书后，将拥有以下文件： root certificate，intermediate certificate 和Issued certificate by CA。在此例中，文件名是

A. root.crt (root certificate)

B. intermediate.crt (intermediate certificate)

C. svr1.tecadmin.net.crt ( Issued certificate by CA )

安装root certificate：

1	`$ keytool -import -alias root -keystore/etc/pki/keystore-trustcacerts -fileroot.crt`

安装intermediate certificate：

1	`$ keytool -import -alias intermed -keystore/etc/pki/keystore-trustcacerts -fileintermediate.crt`

安装Issued certificate by CA

1	`$ keytool -import -aliassvr1.tecadmin.net-keystore/etc/pki/keystore-trustcacerts -filesvr1.tecadmin.net.crt`

步骤3：设置Tomcat密钥库

现在，转到你的Tomcat安装目录并在你喜欢的编辑器中编辑conf/server.xml文件，并按如下所示更新配置。如果需要，也可以将端口从8443更改为其他端口。

<Connector port="8443" protocol="HTTP/1.1"
                connectionTimeout="20000"
                redirectPort="8443"
                SSLEnabled="true"
                scheme="https"
                secure="true"
                sslProtocol="TLS"
                keystoreFile="/etc/pki/keystore"
                keystorePass="_password_" />