【SSL证书配置】tomcat实现SSL证书访问

SSL证书申请可以参考我的博客,这篇博客中还有nginx+tomcat配置ssl方法:https://www.cnblogs.com/HeiDi-BoKe/p/12162324.html

将申请好的证书文件上传到服务器上,并拷贝到tomcat目录下

[root@tanbaobao conf]# mkdir cert
[root@tanbaobao conf]# chmod -R +777 cert/
[root@tanbaobao conf]# ls /usr/local/src/自己建立的目录存放证书文件/Tomcat/
keystorePass.txt   域名.jks  
[root@tanbaobao conf]# cp -r /usr/local/src/存放证书的目录/Tomcat/ /usr/local/tomcat-2/conf/cert/

修改tomcat的server.xml文件

# 修改8443位443,然后添加443的标签
# clientAuth:如果设为 true,表示 Tomcat 要求所有的 SSL 客户出示安全证书,对 SSL 客户进行身份验证。
[root@tanbaobao conf]# vi server.xml
    <Connector port="8181" protocol="HTTP/1.1"
               connectionTimeout="20000"
           URIEncoding="UTF-8"
               redirectPort="443" />

<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" 
    scheme="https" secure="true" maxThreads="150" SSLEnabled="true">
        <SSLHostConfig>
           <Certificate 
        certificateKeystoreFile="/usr/local/tomcat-2/conf/cert/域名.jks"  
        certificateKeystorePassword="秘钥文件" 
        clientAuth="false" sslProtocol="TLS"  
        type="RSA"/>
        </SSLHostConfig>
</Connector>

    <Connector port="8010" protocol="AJP/1.3" redirectPort="443" />

    <Engine name="Catalina" defaultHost="localhost">

      <Realm className="org.apache.catalina.realm.LockOutRealm">
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
               resourceName="UserDatabase"/>
      </Realm>

      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">

    <Context path="" docBase="beian" debug="0" privileged="true" reloadable="false"/>

       <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />
      </Host>

重启服务

[root@tanbaobao tomcat-2]# ./bin/startup.sh 

浏览器访问https://域名

posted @ 2020-01-07 18:32  HeiDi_BoKe  阅读(875)  评论(0编辑  收藏  举报