Tomcat 配置 SSL
1.生成keystore文件
该文件类似于Openssl中的证书申请文件,用于产生下一步的证书。
keytool -v -genkey -alias tomcat -keyalg RSA -keystore /root/tomcat.keyst
Enter keystore password: 112233
Re-enter new password: 112233
What is your first and last name? localhost
-- SNIP --
keytool -exportcert -alias tomcat -keystore /root/tomcat.keyst -file /root/tomcat.cer
Enter keystore password: 112233
Certificate stored in file </root/tomcat.cer>
2.配置tomcat的server.xml文件
vi /etc/tomcat8/server.xml
首先设置https跳转(当访问http://xx.xx.xx:8090时自动跳转8443端口)
<Connector port="8090" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
修改连接标签里的属性
<Connector port="8443"
protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150"
SSLEnabled="true"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
keystoreFile="/root/tomcat.keyst"
keystorePass="112233">
</Connector>
3.配置tomcat的web.xml文件
vi /etc/tomcat8/web.xml
这里设置可以访问的目录
<security-constraint>
<web-resource-collection>
<web-resource-name>SSL</web-resource-name>
<!-- 可以访问根目录下所有文件 -->
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
登陆站点,可以用F12看到请求过程