tomcat配置pkcs12证书

导出证书
keytool -import -trustcacerts -file ca.crt -keystore server.public -keypass 123456 -storepass 123456 -alias cert
keytool -import -trustcacerts -file testcert.pem -keystore server.public -keypass 123456 -storepass 123456 -alias cert

创建密钥对
keytool -genkey -alias clientprivate -keystore client.private -storetype JKS -keyalg rsa -dname "CN=name, OU=organizational unit, O=organization, L=city, S=state, C=country" -storepass 123456 -keypass 123456

-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

keytool -export -alias clientprivate -keystore client.private -file temp.key -storepass 123456
keytool -import -noprompt -alias clientpublic -keystore client.public -file temp.key -storepass public

keytool -import -v -trustcacerts -storepass 123456 -file server.pem -keystore server_keystore

openssl pkcs12 -export -out mycert.p12 -inkey wildcard.jemstech.com.09082010.key -in geo_intermediate_02182020.crt -CAfile jemstech.com.09132013.crt

SSLCertificateKeyFile SSLCertificateFile SSLCACertificateFile
openssl pkcs12 -export -out mycert.p12 -inkey wildcard.jemstech.com.09082010.key -in jemstech.com.09132013.crt -certfile geo_intermediate_02182020.crt

openssl pkcs12 -info -in mycert.p12

<Connector
port="443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="d:/tomcat6/conf/cert.p12"
keystorePass="123456"
keystoreType="PKCS12"
clientAuth="false" sslProtocol="TLS"
/>