tomcat 配置https协议
开发的人脸识别功能,在本地localhost是可以访问,换成IP地址不能访问,通过不了浏览器的安全协议,
要把http协议,转成https协议,才能正常访问
方案有二种
1、在项目springboot的配置文件中加;
2、修改tomcat配置
方案一:入侵代码,不好
方案二:项目上线也是会部署到tomcat,这种配置比较好,不用修改代码;
具体配置:
1、在tomcat/conf/web.xml中添加
<login-config> <auth-method>CLIENT-CERT</auth-method> <realm-name>Client Cert Users-only Area</realm-name> </login-config> <security-constraint> <web-resource-collection> <web-resource-name>SSL</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
2、在tomcat/conf/server.xml中添加
tomcat8.5.36
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true"> <SSLHostConfig> <Certificate certificateKeystoreFile="conf/httptest.jks" certificateKeystorePassword="123456" type="RSA" /> </SSLHostConfig>
</Connector>
tomcat8.0.52
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="conf\httptest.jks" keystorePass="123456"> </Connector>
3、httptest.jks证书文件是通过java 的keytools工具生成的。
在CMD命令行执行以下命令,
keytool -genkey -alias httptest -sigalg SHA256withRSA -keyalg RSA -keysize 2048 -keystore httptest.jks -dname "C=CN,ST=hubei,L=wuhan,O=httptest.com,OU=,CN=httptest.com" && keytool -certreq -alias httptest -file httptest.csr -keystore httptest.jks && echo Your certificate signing request file is httptest.csr. Your keystore file is httptest.jks. Thanks for using the 亚洲诚信TrustAsia keytool CSR helper.按
按提示输入密码,默认123456,好记
会在默认目录生成httptest.jks文件,拷贝到tomcat/conf目录下
4、启动tomcat
访问http://192.168.1.2:8080/webproject
浏览器第一次会跳出安全协议提示,点击后
自动跳转到https://192.168.1.2:8443/webproject