StartSSL下载crt证书后转成tomcat需要的jks证书

1.首先安装OpenSSL

2.从key和crt生成pkcs12格式的keystore

openssl pkcs12 -export -in 2_www.studyjava.cn.crt -inkey www.studyjava.cn.key -out mycert.p12 -name tomcat -CAfile myCA.crt

3.生成tomcat需要的keystore

keytool -importkeystore -v  -srckeystore mycert.p12 -srcstoretype pkcs12 -srcstorepass password -destkeystore tomcat.keystore -deststoretype jks -deststorepass password

4.tomcat配置server.xml

<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" 
			   keystoreFile="/tomcat/keys/20161024www.studyjava.cn.keystore" 
			   keystorePass="password" />