HYL Studio – 个人学习笔记

http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html

1.生成tomcat自签名证书
keytool -genkey -alias tomcat -keyalg RSA -keystore self.jks

Enter keystore password: 设置keystore密码
Re-enter new password: 设置keystore密码
What is your first and last name?
[Unknown]: localhost 输入localhost
What is the name of your organizational unit?
[Unknown]:
What is the name of your organization?
[Unknown]:
What is the name of your City or Locality?
[Unknown]:
What is the name of your State or Province?
[Unknown]:
What is the two-letter country code for this unit?
[Unknown]:
Is CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
[no]: yes

Enter key password for
(RETURN if same as keystore password): 直接回车

直接生成了self.jks

2.让系统信任这个证书
keytool -exportcert -alias tomcat -keystore self.jks -file self.cer
sz self.cer
传到windows上打开self.cer，点击详细信息->复制到文件->Base64编码X.509->另存为self.crt
rz
回传self.crt
sudo mkdir -p /usr/share/ca-certificates/tomcat
sudo cp self.crt /usr/share/ca-certificates/tomcat
sudo dpkg-reconfigure ca-certificates
第一步选yes，然后按空格选中self.crt，回车。

3.tomcat开启SSL
打开/etc/tomcat8/server.xml，修改这段如下

4.apache开启SSL模块和proxy模块
cd /etc/apache2/mods-enabled
sudo ln -s ../mods-available/proxy.load .
sudo ln -s ../mods-available/proxy_http.load .
sudo ln -s ../mods-available/ssl.load .

5.Apache反向代理配置

重启apache和tomcat即可