1.生成一个自签名证书
keytool -genkey -alias tomcat -keyalg RSA -keystore "C:/Documents and Settings/Administrator/.keystore"
2.生成一个证书申请请求
keytool -certreq -keyalg RSA -alias tomcat -file "c:/10.0.21.42.csr" -keystore "C:/Documents and Settings/Administrator/.keystore"
3.导入第三方CA根证书
keytool -import -alias root -keystore "C:/Documents and Settings/Administrator/.keystore" -trustcacerts -file "c:/Watchsafe_CA.cer"
4.导入服务器证书
keytool -import -alias tomcat -keystore "C:/Documents and Settings/Administrator/.keystore" -file "c:/10.0.21.42.cer"
5.修改tomcat6.0 的server.xml
<Connector protocol="org.apache.coyote.http11.Http11Protocol"
port="8443" minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="${catalina.base}/conf/store/.keystore" keystorePass="123456"
truststoreFile="${catalina.base}/conf/store//.keystore" truststorePass="123456"
clientAuth="true" sslProtocol="TLS"/>