1生成服务器端证书
keytool -genkeypair -v -alias server -keyalg RSA -validity 3650 -keystore ./server.keystore -storepass 123456 -keypass 123456 -dname "CN=122.51.67.240,OU=rm,O=rm,L=gz,ST=gd,C=cn"
keytool -importkeystore -srckeystore ./server.keystore -destkeystore ./server.keystore -deststoretype pkcs12
2导出服务器端证书
keytool -exportcert -alias server -keystore ./server.keystore -file ./server.cer -storepass 123456
3将服务器端证书导入信任证书
keytool -importcert -alias serverca -keystore ./server_trust.keystore -file ./server.cer -storepass 123456
4生成客户端证书
keytool -genkeypair -v -alias client -dname "CN=rorymo" -keyalg RSA -validity 3650 -keypass 123456 -keystore ./client.p12 -storepass 123456 -storetype PKCS12
5导出客户端证书
keytool -exportcert -alias client -file ./client.cer -keystore ./client.p12 -storepass 123456 -storetype PKCS12
6导入客户端证书到服务器端信任证书库
keytool -importcert -alias clientca -keystore ./server_trust.keystore -file ./client.cer -storepass 123456
7编辑conf/server.xml文件加入如下的配置:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS"
keystoreFile="${catalina.base}/server.keystore" keystorePass="123456"
truststoreFile ="${catalina.base}/server_trust.keystore" truststorePass="123456"/>
8 双击client.p12 导入客户端证书
9 双击server.cer 导入服务器端证书到客户端
原文:https://www.cnblogs.com/adolfmc/p/14147818.html