tomcat8.5配置https
阿新 • • 發佈:2019-04-15
host cli warning direct tin 不同 ner sha2 方法 一、使用jdk自帶的工具生成數字證書
window生成方法:
keytool -genkey -v -alias tomcat -keyalg RSA -keystore C:\apache-tomcat-8.5.31\conf\key\tomcat.keystore -validity 36500
centos生成方法:
keytool -genkey -v -alias tomcat -keyalg RSA -keystore /usr/local/apache-tomcat-8.5.31/conf/key/tomcat.keystore -validity 36500
配置過程:
Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: localhost What is the name of your organizational unit? [Unknown]: localhost What is the name of your organization? [Unknown]: localhost What is the name of your City or Locality? [Unknown]: shenzhen What is the name of your State or Province? [Unknown]: guangdong What is the two-letter country code for this unit? [Unknown]: CN Is CN=localhost, OU=localhost, O=localhost, L=shenzhen, ST=guangdong, C=CN correct? [no]: y Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 36,500 days for: CN=localhost, OU=localhost, O=localhost, L=shenzhen, ST=guangdong, C=CN Enter key password for <tomcat> (RETURN if same as keystore password): Re-enter new password: [Storing /usr/local/src/cert/tomcat.keystore] Warning: The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /usr/local/src/cert/tomcat.keystore -destkeystore /usr/local/src/cert/tomcat.keystore -deststoretype pkcs12".
命令參數部分解釋:
C:\apache-tomcat-8.5.31\conf\key\tomcat.keystore :表示數字證書生成後的文件路徑
36500 :表示有效時間,36500天,默認90天
二、tomcat的server.xml配置
1、註釋掉8080端口配置 (不是必須,也可以不註釋,不註釋的話,則http 8080端口也可以訪問)
<!--<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" />-->
2、取消註釋8443端口配置,並改為443端口(訪問不加端口的設置)(註意:Https訪問的端口是8443,可以修改成別的端口。),將生成的正式和密碼配置到keystoreFile="C:\apache-tomcat-8.5.31\conf\key\tomcat.keystore" keystorePass="123456"
?<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" ?????????????? maxThreads="150" SSLEnabled="true"? ?? ??? ??? ??? keystoreFile="C:\apache-tomcat-8.5.31\conf\key\tomcat.keystore" keystorePass="123456" ?? ??? ??? ??? > ??????? <!--<SSLHostConfig> ??????????? <Certificate certificateKeystoreFile="conf/localhost-rsa.jks" ???????????????????????? type="RSA" /> ??????? </SSLHostConfig>--> ??? </Connector> ?``` 註意: 如果是tomcat8.0,由於tomcat8.0的server.xml和tomcat8.5的不同,tomcat8.0的server.xml文件應該這樣改動:
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/usr/local/tomcat/conf/server.keystore"
keystorePass="123456" />
keystoreFile="D:\soft\apache-tomcat-8.0.47-9200\conf\key\tomcat.keystore"
keystorePass="tomcat123",此密碼就是生成證書時的密碼。
![](https://s1.51cto.com/images/blog/201904/15/515b036ad2ea49d1dc40d3095148edf8.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
3、更改8443端口為443
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
改為:
<Connector port="8009" protocol="AJP/1.3" redirectPort="443" />
# 三、訪問,輸入https://localhost/ 或 https://192.168.0.116
![](https://s1.51cto.com/images/blog/201904/15/1794907d7a024ee173723a045de7c915.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
tomcat8.5配置https