Tomcat: 配置https(第三方CA簽發)
阿新 • • 發佈:2018-11-29
版本:tomcat8,jdk1.7
1.製作jks
#產生keystore keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore www.myweb.cn.jks -storepass password -keypass password #產生csr keytool -certreq -alias server -sigalg SHA256withRSA -file certreq.csr -keystore www.myweb.cn.jks -keypass password -storepass password #將csr提交給第三方CA簽發伺服器證書,儲存為www.myweb.cn.cer #匯入伺服器證書的根證書 keytool -import -alias root -keystore www.myweb.cn.jks -trustcacerts -storepass password -file root.cer #匯入伺服器證書 keytool -import -alias server -keystore www.myweb.cn.jks -trustcacerts -storepass password -file www.myweb.cn.cer #檢視一下 keytool -list -v -keystore www.myweb.cn.jks -storepass password
2.修改tomcat/conf/server.xml:
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="conf/cert/www.myweb.cn.jks" keystorePass="password" clientAuth="false" sslProtocol="TLS"/>
3.測試: https://www.myweb.cn:8443/