tomcat安装https证书

豆浆咸饼可度日
236 阅读1分钟
  • https证书 
    E:.
│  xxx.com.cn.csr
│  xxx.com.cn.key
│  xxx.com.cn.pem
│
├─Apache
│      1_root_bundle.crt
│      2_xxx.com.cn.crt
│      3_xxx.com.cn.key
│
├─IIS
│      keystorePass.txt
│      xxx.com.cn.pfx
│
├─Nginx
│      1_xxx.com.cn_bundle.crt
│      2_xxx.com.cn.key
│
└─Tomcat
       keystorePass.txt
       xxx.com.cn.jks
  • tomcat安装https证书
  1. 关闭tomcat:./shutdown.sh
  2. 将证书和密码文件拷贝到tomcat/cert文件夹下
  3. 配置tomcat/conf/server.xml 
    .
.
.
<Connector port="8080"
protocol="HTTP/1.1"
SSLEnabled="true"
scheme="https"
secure="true"
keystoreFile="/usr/local/tomcat/cert/xxx.com.cn.jks" #证书文件全路径
keystorePass="证书密码"
clientAuth="false"
SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"
ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256" maxHttpHeaderSize="10240"/>
.
.
.
  4. 配置tomcat/conf/web.xml,实现HTTP自动跳转为HTTPS。 
    <web-app>
	.
	.
	.
	<login-config>  
		<!-- Authorization setting for SSL -->  
		<auth-method>CLIENT-CERT</auth-method>  
		<realm-name>Client Cert Users-only Area</realm-name>  
	</login-config>  
	<security-constraint>  
		<!-- Authorization setting for SSL -->  
		<web-resource-collection >  
			<web-resource-name >SSL</web-resource-name>  
			<url-pattern>/*</url-pattern>  
		</web-resource-collection>  
		<user-data-constraint>  
			<transport-guarantee>CONFIDENTIAL</transport-guarantee>  
		</user-data-constraint>  
	</security-constraint>
</web-app>
  5. 启动tomcat:./startup.sh
avatar
文章
阅读
粉丝