centos7+jdk1.8+tomcat8 配置https
阿新 • • 發佈:2021-07-09
1、使用jdk自帶工具生成證書
# keytool -genkey -v -alias tomcat -keyalg RSA -keystore /usr/local/tomcat-8.5.69/conf/one.keystore
若報錯,可使用下面命令或檢視系統提示修改命令。
# keytool -importkeystore -srckeystore /usr/local/tomcat-8.5.69/conf/one.keystore -destkeystore /usr/local/tomcat-8.5.69/conf/one.keystore -deststoretype pkcs12
注意:/usr/local/tomcat-8.5.69/conf/one.keystore 是自定義證數生成後存放路徑
需要輸入:
1 Enter keystore password: # 密碼自定義
2 Re-enter new password:
3 What is your first and last name?
4 [Unknown]: tomcat
5 What is the name of your organizational unit?
6 [Unknown]: tomcat
7 What is the name of your organization?
8 [Unknown]: tomcat
9 What is the name of your City or Locality?
10 [Unknown]: # 城市名
11 What is the name of your State or Province?
12 [Unknown]: # 省份
13 What is the two-letter country code for this unit?
14 [Unknown]: cn
生成成功可在檔案目錄檢視
[root@server conf]# ls
Catalina jaspic-providers.xsd tomcat-users.xml
catalina.policy logging.properties tomcat -users.xsd
catalina.properties one.keystore web.xml
context.xml one.keystore.old
jaspic-providers.xml server.xml
2、修改tomcat配置檔案server.xml
該檔案預設目錄在
/tomcat/conf/server.xml
修改命令
# vim server.xml
1 <Connector port="80" protocol="HTTP/1.1"
2 connectionTimeout="20000"
3 redirectPort="443" /> # 修改為443埠
# 找到此段,取消註釋,並修改埠號為443
1 <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" 2 maxThreads="150" SSLEnabled="true"> 3 <SSLHostConfig> <Certificate certificateKeystoreFile="conf/one.keystore" # 此處為存放證數路徑
type="RSA" certificateKeystorePassword="123456" /> #設定的證數密碼 4 </SSLHostConfig> 5 </Connector>
按 i 鍵進行修改,按 Esc 鍵退出編輯模式,按 :wq 儲存並退出
3、重啟tomcat並登入網站
啟動tomcat
# /tomcat8.5.69/bin/startup.sh
關閉tomcat
# /tomcat8.5.69/bin/shutdown.sh
檢視tomcat狀態
ps -ef|grep tomcat