SSL Configuration (solve "No trusted certificate found")

按照以下的步骤终于搞定了SSL Configuration, 收藏之...

1.环境准备
Jdk1.4.2
Tomcat5.0.28
cas-server-2.0.12（没有采用更高版本，是因为它最简单明了）
cas-client-java-2.1.1
2.在jdk上配置SSL
到http://java.sun.com/products/jsse/去下载jsse，我用的是1.0.3；下载下来后是一个zip包，把里边lib目录下的jar包复制到你的jdk目录下的jre\lib\ext目录中，是三个文件：jsse.jar;jnet.jar;jcert.jar

3.SSL验证证书
3.1.生成
keytool -genkey -alias tomcat -keyalg RSA
? 如果C:\Documents and Settings\Administrator\.keystore已经存在，请先删除。
? 输入tomcat本身的缺省口令changeit
? 用户前名和用户后名都用localhost
keytool -export -alias tomcat -file server.crt
只能输入tomcat的缺省口令changeit
keytool -import -trustcacerts -alias tomcat -file server.crt -keystore %java_home%/jre/lib/security/cacerts
3.2.显示
keytool -list -v -keystore %java_home%/jre/lib/security/cacerts > t.txt
3.3.删除
keytool -delete -alias tomcat -keystore %java_home%/jre/lib/security/cacerts -keypass changeit
只能输入tomcat的缺省口令changeit
3.4.keytool参考
%JAVA_HOME%\bin\keytool -delete -alias tomcat -keypass changeit
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keypass changeit -keyalg RSA
%JAVA_HOME%\bin\keytool -export -alias tomcat -keypass changeit -file %FILE_NAME%
%JAVA_HOME%\bin\keytool -import -file server.crt -keypass changeit
-keystore %JAVA_HOME%/jre/lib/security/cacerts
%JAVA_HOME%\bin\keytool -import -file server.crt -keypass changeit
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keypass changeit -keyalg RSA -validity 365

4.Tomcat配置
4.1.拷贝
拷贝C:\Documents and Settings\Administrator\.keystore到％tomcat_home%\conf\
4.2.配置
编辑％tomcat_home%\conf\server.xml，去掉ssl的注释，并更改为如下配置
<Connector port="8443" keystorePass="changeit" keystoreFile="conf/.keystore"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
4.3.注意
请保持C:\Documents and Settings\Administrator\.keystore与％tomcat_home%\conf\.keystore一致