【SSL证书配置】tomcat实现SSL证书访问
SSL证书申请可以参考我的博客,这篇博客中还有nginx+tomcat配置ssl方法:https://www.cnblogs.com/HeiDi-BoKe/p/12162324.html
将申请好的证书文件上传到服务器上,并拷贝到tomcat目录下
[root@tanbaobao conf]# mkdir cert [root@tanbaobao conf]# chmod -R +777 cert/ [root@tanbaobao conf]# ls /usr/local/src/自己建立的目录存放证书文件/Tomcat/ keystorePass.txt 域名.jks [root@tanbaobao conf]# cp -r /usr/local/src/存放证书的目录/Tomcat/ /usr/local/tomcat-2/conf/cert/
修改tomcat的server.xml文件
# 修改8443位443,然后添加443的标签 # clientAuth:如果设为 true,表示 Tomcat 要求所有的 SSL 客户出示安全证书,对 SSL 客户进行身份验证。 [root@tanbaobao conf]# vi server.xml <Connector port="8181" protocol="HTTP/1.1" connectionTimeout="20000" URIEncoding="UTF-8" redirectPort="443" /> <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true" maxThreads="150" SSLEnabled="true"> <SSLHostConfig> <Certificate certificateKeystoreFile="/usr/local/tomcat-2/conf/cert/域名.jks" certificateKeystorePassword="秘钥文件" clientAuth="false" sslProtocol="TLS" type="RSA"/> </SSLHostConfig> </Connector> <Connector port="8010" protocol="AJP/1.3" redirectPort="443" /> <Engine name="Catalina" defaultHost="localhost"> <Realm className="org.apache.catalina.realm.LockOutRealm"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> </Realm> <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true"> <Context path="" docBase="beian" debug="0" privileged="true" reloadable="false"/> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log" suffix=".txt" pattern="%h %l %u %t "%r" %s %b" /> </Host>
重启服务
[root@tanbaobao tomcat-2]# ./bin/startup.sh
浏览器访问https://域名
不幸运的人也有被眷顾的权利