标签:
#生成RSA密钥
openssl genrsa -out privkey.key 2048
#生成数字证书(自签名的)
openssl req -new -x509 -key privkey.key -out cacert.crt -days 3650
//nginx中配置:
# HTTPS server
#
server {
listen 9443 ssl;
server_name localhost_https;
ssl_certificate /etc/nginx/cert/cacert.crt;
ssl_certificate_key /etc/nginx/cert/privkey.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
#生产keystore文件
keytool -genkey -validity 3650 -keyalg RSA -keysize 2048 -keystore sso.keystore
#版cacert.pem导入到keystore文件中
keytool -import -v -trustcacerts -alias ssossl -file cacert.crt -keystore sso.keystore
#把证书导入到jre中(如果是cas单点登录,必须有这一步):
keytool -import -trustcacerts -alias ssossl -file cacert.crt -keystore /usr/java/jdk1.6.0_29/jre/lib/security/cacerts -storepass changeit
参考:
http://blog.sina.com.cn/s/blog_6ad624380101ido7.html
http://blog.163.com/liangge_sky/blog/static/21050018820110282637778/
标签:
原文地址:http://my.oschina.net/yzw/blog/487469