Tomcat配置ssl证书
1.生成ssl证书
keytool -genkeypair -alias “tomcat” -keyalg “RSA” -keystore “D:\ssl\tomcat.keystore” -validity 36500
2.将生成证书复制到tomcat ssl文件夹下,修改tomcat配置,找到tomcat/conf/server.xml文件
<Connector port="8081" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" > <SSLHostConfig> <Certificate certificateKeystoreFile="ssl/tomcat.keystore" certificateKeystorePassword="jrealsoft" type="RSA" /> </SSLHostConfig> </Connector> <!-- certificateKeystoreFile:为证书存储路径 keystorePass:生成证书时的密码 -->
<Connector port="8010" protocol="AJP/1.3" redirectPort="8081" />
3.重启tomcat
4.访问应用
使用http(http://localhost:8081/test/index.html)访问时会提示“Bad Request This combination of host and port requires TLS”
需要在conf/web.xml 标签内最后一行中加入以下配置,访问时自动转向https
<!--配置网站支持https,/* 表示全部请求都走https, transport-guarantee 标签设置为 CONFIDENTIAL以便使应用支持 SSL。 如果需要关闭 SSL ,将 CONFIDENTIAL 改为 NONE 即可 --> <login-config> <!-- Authorization setting for SSL --> <auth-method>CLIENT-CERT</auth-method> <realm-name>Client Cert Users-only Area</realm-name> </login-config> <security-constraint> <!-- Authorization setting for SSL --> <web-resource-collection > <web-resource-name >SSL</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
5、访问时会提示“你的连接不是专用连接”由于证书不受信任导致