Tomcat6.0用第三方CA签发的证书作服务器证书的配置方法

1.生成一个自签名证书
keytool -genkey -alias tomcat -keyalg RSA -keystore "C:/Documents and Settings/Administrator/.keystore"
2.生成一个证书申请请求
keytool -certreq -keyalg RSA -alias tomcat -file "c:/10.0.21.42.csr" -keystore "C:/Documents and Settings/Administrator/.keystore"
3.导入第三方CA根证书
keytool -import -alias root -keystore "C:/Documents and Settings/Administrator/.keystore" -trustcacerts -file "c:/Watchsafe_CA.cer"
4.导入服务器证书
keytool -import -alias tomcat -keystore "C:/Documents and Settings/Administrator/.keystore" -file "c:/10.0.21.42.cer"
5.修改tomcat6.0 的server.xml
             port="8443" minSpareThreads="5" maxSpareThreads="75"
           enableLookups="true" disableUploadTimeout="true"
           acceptCount="100"  maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           keystoreFile="${catalina.base}/conf/store/.keystore" keystorePass="123456"
           truststoreFile="${catalina.base}/conf/store//.keystore" truststorePass="123456"
           clientAuth="true" sslProtocol="TLS"/>