#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 3A 8F 05 4C 85 6D 2F EE 1E E6 46 ED AD CC CA A6 :..L.m/...F.....
0010: 06 78 A7 CA .x..
]
]
*******************************************
*******************************************
Alias name: 1
Creation date: Apr 16, 2018
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: EMAILADDRESS=tomcat@apache.com, CN=Tomcat, OU=Tomcat, O=Apache, L=Beijing, ST=Beijing, C=CN
Issuer: EMAILADDRESS=tomcat@apache.com, CN=Tomcat, OU=Tomcat, O=Apache, L=Beijing, ST=Beijing, C=CN
Serial number: 84802670058ff7d5
Valid from: Mon Apr 16 16:31:46 CST 2018 until: Thu Apr 13 16:31:46 CST 2028
Certificate fingerprints:
MD5: 46:F0:86:8A:FB:60:2E:AA:14:E5:AF:7F:8B:05:A2:F5
SHA1: EF:3E:90:08:0D:9E:53:95:4E:4F:36:29:78:05:93:E1:DB:48:CB:A2
SHA256: 8E:B7:51:6D:04:09:24:28:20:68:4F:C3:2A:2E:47:1E:B8:F6:C2:87:D1:55:30:8C:B0:2A:EA:2A:02:8B:09:76
Signature algorithm name: SHA1withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 1
*******************************************
*******************************************
Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore mykey.keystore -destkeystore mykey.keystore -deststoretype pkcs12".
9 将mykey.keystore 秘钥库文件按照前文说明的方式部署到Tomcat中(非APR链接器)。通过浏览器可查看证书信息。
10 如果在APR链接器配置SSL,首先需要在server.xml的<Server>下添加监听器AprLifecycleListener:
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"
SSLRandomSeed="builtin" userAprConnector="true" />
说明:userAprConnector 为8.5版本新属性,用于启用Apr Connector,8.5版本之前不必配置,默认自动启用
然后,添加SSL链接器配置如下(Tomcat8.5):
<Connector port="8443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" scheme="https" secure="true" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="${catalina.base}/conf/serverkey.pem"
certificateFile="${catalina.base}/conf/serverkey.crt"
type="RSA" />
</SSLHostConfig>
</Connector>
certificateKeystoreFile 用于配置服务器端秘钥
certificateFile用于配置服务器端证书