tomcat 配置https协议

开发的人脸识别功能,在本地localhost是可以访问,换成IP地址不能访问,通过不了浏览器的安全协议,

 

要把http协议,转成https协议,才能正常访问

方案有二种

  1、在项目springboot的配置文件中加;

  2、修改tomcat配置

方案一:入侵代码,不好

方案二:项目上线也是会部署到tomcat,这种配置比较好,不用修改代码;

 

具体配置:

1、在tomcat/conf/web.xml中添加 

<login-config>
    <auth-method>CLIENT-CERT</auth-method>
    <realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
    <web-resource-collection>
        <web-resource-name>SSL</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>    
</security-constraint>        

  

2、在tomcat/conf/server.xml中添加

tomcat8.5.36

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true">
  <SSLHostConfig>
    <Certificate certificateKeystoreFile="conf/httptest.jks" certificateKeystorePassword="123456" type="RSA" />
    </SSLHostConfig>
</Connector>

tomcat8.0.52

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
		maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
		clientAuth="false" sslProtocol="TLS"
		keystoreFile="conf\httptest.jks"
		keystorePass="123456">
</Connector>

  

  

3、httptest.jks证书文件是通过java 的keytools工具生成的。

在CMD命令行执行以下命令,

keytool -genkey -alias httptest -sigalg SHA256withRSA -keyalg RSA -keysize 2048 -keystore httptest.jks -dname "C=CN,ST=hubei,L=wuhan,O=httptest.com,OU=,CN=httptest.com" && keytool -certreq -alias httptest -file httptest.csr -keystore httptest.jks && echo Your certificate signing request file is httptest.csr.  Your keystore file is httptest.jks.  Thanks for using the 亚洲诚信TrustAsia keytool CSR helper.按

按提示输入密码,默认123456,好记 

会在默认目录生成httptest.jks文件,拷贝到tomcat/conf目录下 

4、启动tomcat

访问http://192.168.1.2:8080/webproject

浏览器第一次会跳出安全协议提示,点击后

自动跳转到https://192.168.1.2:8443/webproject

posted @ 2019-09-23 16:15  点点积累  阅读(385)  评论(0编辑  收藏  举报