日期:2014-05-17 浏览次数:20959 次
工具:http://code.google.com/p/openssl-for-windows/
?
genrsa -out ca/ca2-key.pem 1024
req -new -out ca/ca-req.csr -key ca/ca2-key.pem?
x509 -req -in ca/ca-req.csr -out ca/ca2-cert.pem -signkey ca/ca2-key.pem -days 3650
pkcs12 -export -clcerts -in ca/ca2-cert.pem -inkey ca/ca2-key.pem -out ca/ca2.p12
genrsa -out server/server2-key.pem 1024?
req -new -out server/server2-req.csr -key server/server2-key.pem
?
x509 -req -in server/server2-req.csr -out server/server2-cert.pem -signkey server/server2-key.pem -CA ca/ca2-cert.pem -CAkey ca/ca2-key.pem -CAcreateserial -days 3650?
?
pkcs12 -export -clcerts -in server/server2-cert.pem -inkey server/server2-key.pem -out server/server2.p12?
genrsa -out client/client2-key.pem 1024
req -new -out client/client2-req.csr -key client/client2-key.pem
?
x509 -req -in client/client2-req.csr -out client/client2-cert.pem -signkey client/client2-key.pem -CA ca/ca2-cert.pem -CAkey ca/ca2-key.pem -CAcreateserial -days 3650?
?
pkcs12 -export -clcerts -in client/client2-cert.pem -inkey client/client2-key.pem -out client/client2.p12
?
keytool -keystore C:\openssl\bin\jks\truststore2.jks -keypass changeit -storepass changeit -alias ca -import -trustcacerts -file C:\openssl\bin\ca\ca2-cert.pem?
<!-- tomcat 6.0.20 -->
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
?????????????? maxThreads="150" scheme="https" secure="true"
?????????????? clientAuth="true" sslProtocol="TLS"
?????????????? keystoreFile="C:/openssl/bin/server/server2.p12" keystorePass="changeit" keystoreType="PKCS12"?
?????????????? truststoreFile="C:/openssl/bin/jks/truststore2.jks" truststorePass="changeit" truststoreType="JKS"/>
?
?
?
?