tomcat9添加TLSv1.2https证书访问

打开 conf 下的 server.xml，从中找到如下注释信息。

<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443

This connector uses the NIO implementation. The default

SSLImplementation will depend on the presence of the APR/native

library and the useOpenSSL attribute of the

AprLifecycleListener.

Either JSSE or OpenSSL style configuration may be used regardless of

the SSLImplementation selected. JSSE style configuration is used below.

-->

在这里添加

<!--

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"

maxThreads="150" SSLEnabled="true">

<SSLHostConfig>

<Certificate certificateKeystoreFile="conf/localhost-rsa.jks"

type="RSA" />

</SSLHostConfig>

</Connector>

-->

 

添加代码如下

<Connector
port="443"
protocol="HTTP/1.1"
maxThreads="150"
SSLEnabled="true"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
sslEnabledProtocols="TLSv1.2"
keystoreFile="/usr/local/tomcat9/cert2022/zhengshu.pfx"
keystorePass="password"
truststoreType="PKCS12"
/>

 

需要注意的是keystoreFile是证书绝对路径地址，keystorePass是密码

然后去掉原有http访问配置，或者注释掉下面几行

<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />

 

然后找到

<!-- Define an AJP 1.3 Connector on port 8009 -->
<!--
<Connector protocol="AJP/1.3"
address="::1"
port="8009"
redirectPort="8443" />
-->

修改为

<Connector protocol="AJP/1.3"
address="::1"
port="8009"
redirectPort="443" />