tomcat8.5配置https
1、使用jdk自带的工具生成数字证书
window生成方法:apache
keytool -genkey -v -alias tomcat -keyalg RSA -keystore D:\conf\key\tomcat.keystore -validity 36500
centos生成方法:centos
keytool -genkey -v -alias tomcat -keyalg RSA -keystore /usr/local/src/key/tomcat.keystore -validity 36500
命令参数部分解释:
D:\conf\key\tomcat.keystore :表示数字证书生成后的文件路径
36500 :表示有效时间,36500天,默认90天
-alias tomcat(别名)
-keypass 123456(别名密码)tomcat
配置过程:
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: localhost
What is the name of your organizational unit?
[Unknown]: localhost
What is the name of your organization?
[Unknown]: localhost
What is the name of your City or Locality?
[Unknown]: shenzhen
What is the name of your State or Province?
[Unknown]: guangdong
What is the two-letter country code for this unit?
[Unknown]: CN
Is CN=localhost, OU=localhost, O=localhost, L=shenzhen, ST=guangdong, C=CN correct?
[no]: y
Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 36,500 days
for: CN=localhost, OU=localhost, O=localhost, L=shenzhen, ST=guangdong, C=CN
Enter key password for <tomcat>
(RETURN if same as keystore password):
Re-enter new password:
[Storing /usr/local/src/cert/tomcat.keystore]
Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /usr/local/src/cert/tomcat.keystore -destkeystore /usr/local/src/cert/tomcat.keystore -deststoretype pkcs12".
2、tomcat的server.xml配置
一、注释掉8080端口配置 (不是必须,也能够不注释,不注释的话,则http 8080端口也能够访问)ide
<!--<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />-->
二、取消注释8443端口配置,并改成443端口(访问不加端口的设置)(注意:Https访问的端口是8443,能够修改为别的端口。),将生成的正式和密码配置到keystoreFile="C:\apache-tomcat-8.5.31\conf\key\tomcat.keystore" keystorePass="123456"工具
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true"
keystoreFile="/usr/local/tomcat/conf/server.keystore"
keystorePass="123456"
>
<!--<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
type="RSA" />
</SSLHostConfig>-->
</Connector>
注意:
若是是tomcat8.0,因为tomcat8.0的server.xml和tomcat8.5的不一样,tomcat8.0的server.xml文件应该这样改动:this
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/usr/local/tomcat/conf/server.keystore"
keystorePass="123456" />
三、更改8443端口为4433d
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> 改成: <Connector port="8009" protocol="AJP/1.3" redirectPort="443" />
3、访问,输入 https://148.70.11.97
相关文章
- 1. Tomcat8.5配置HTTPS
- 2. tomcat8.5配置https
- 3. centos7.6 +tomcat8.5 配置https
- 4. Tomcat8.5配置https和SpringBoot配置https
- 5. tomcat8.5/7.0配置https连接
- 6. eclipse配置tomcat8.5
- 7. tomcat8.5 配置
- 8. tomcat8.5优化配置
- 9. Tomcat8.5 安装配置
- 10. 安装配置tomcat8.5
- 更多相关文章...
- • Eclipse Debug 配置 - Eclipse 教程
- • Maven 环境配置 - Maven教程
- • IntelliJ IDEA 代码格式化配置和快捷键
- • IDEA下SpringBoot工程配置文件没有提示
相关标签/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
欢迎关注本站公众号,获取更多信息
