cas ssl本地测试

keytool -genkey -alias new_server -keyalg RSA -keystore tomcat_new.jks

keytool -export -file cas_new.cer -alias new_server -keystore tomcat_new.jks

keytool -import -keystore %JAVA_HOME%/JRE/LIB/SECURITY/CACERTS -file cas_new.cer -alias new_key

keytool -import -file cas_new.cer -keypass changeit -alias new_key

注意：keytool 生成tomcat_new.jks 时候用户名不能写IP只能写域名,
本地测试可以用 localhost

tomcat-6.0

<Connector port=“8443” minSpareThreads=“5” maxSpareThreads=“75”

    enableLookups="true" disableUploadTimeout="true" 
    acceptCount="100" maxThreads="200" 
    scheme="https" secure="true" SSLEnabled="true" 
    clientAuth="false" sslProtocol="TLS" 
    keystoreFile="D:/ssl/20130125/tomcat_new.jks" 
    keystorePass="111111"/> 

如果使用域名：
C:\WINDOWS\system32\drivers\etc
文件HOSTS

127.0.0.1 localhost
127.0.0.1 aaa.test.net
127.0.0.1 casserver.test.net
127.0.0.1 client1.test.net
127.0.0.1 client2.test.net

2013-02-18

keytool -genkey -alias casserver2567 -keyalg RSA -keystore tomcat2567.jks
keytool -export -file cas2567.cer -alias casserver2567 -keystore tomcat2567.jks

keytool -import -keystore %JAVA_HOME%/JRE/LIB/SECURITY/CACERTS -file cas2567.cer -alias Key567

–changeit

keytool -import -file cas2567.cer -keypass changeit -alias Key567