第一步、先搞到证书:CRT格式+KEY格式
第二步、把CRT+KEY两个文件转转成JKS:
crt转为p12证书
openssl pkcs12 -export -in client.crt -inkey client.key -out iot.p12 -name “iot”
jks p12互转
keytool -importkeystore -srckeystore iot.p12 -srcstoretype PKCS12 -deststoretype JKS -destkeystore iot.jks
keytool -importkeystore -srckeystore iot.jks -srcstoretype JKS -deststoretype PKCS12 -destkeystore iot.p12
————————————————
原文链接:https://blog.csdn.net/u010801696/article/details/86546191
第三步、修改tomcat目录下config/server.xml
<Connector port=”8443″ protocol=”org.apache.coyote.http11.Http11NioProtocol”
maxThreads=”150″ SSLEnabled=”true” scheme=”https” secure=”true”
keystoreFile=”/usr/local/nginx/conf/ssl/iot.jks” keystorePass=”your passwd” clientAuth=”false” sslProtocol=”TLS”>
</Connector >
第四步、重启
第五步、Nginx转发
server {
listen 443;
server_name xxxx.9187.cn;
root /home/wwwroot/default;
ssl on;
ssl_certificate ssl/9187.cn.ssl.crt;
ssl_certificate_key ssl/9187.cn.key;
include enable-php.conf;
location /center{
proxy_pass https://localhost:8443;
}
}