centos7+jdk1.8+tomcat8 配置https
1、使用jdk自带工具生成证书
# keytool -genkey -v -alias tomcat -keyalg RSA -keystore /usr/local/tomcat-8.5.69/conf/one.keystore
若报错,可使用下面命令或查看系统提示修改命令。
# keytool -importkeystore -srckeystore /usr/local/tomcat-8.5.69/conf/one.keystore -destkeystore /usr/local/tomcat-8.5.69/conf/one.keystore -deststoretype pkcs12
注意:/usr/local/tomcat-8.5.69/conf/one.keystore 是自定义证数生成后存放路径
需要输入:
1 Enter keystore password: # 密码自定义
2 Re-enter new password:
3 What is your first and last name?
4 [Unknown]: tomcat
5 What is the name of your organizational unit?
6 [Unknown]: tomcat
7 What is the name of your organization?
8 [Unknown]: tomcat
9 What is the name of your City or Locality?
10 [Unknown]: # 城市名
11 What is the name of your State or Province?
12 [Unknown]: # 省份
13 What is the two-letter country code for this unit?
14 [Unknown]: cn
生成成功可在文件目录查看
[root@server conf]# ls
Catalina jaspic-providers.xsd tomcat-users.xml
catalina.policy logging.properties tomcat-users.xsd
catalina.properties one.keystore web.xml
context.xml one.keystore.old
jaspic-providers.xml server.xml
2、修改tomcat配置文件server.xml
该文件默认目录在
/tomcat/conf/server.xml
修改命令
# vim server.xml
1 <Connector port="80" protocol="HTTP/1.1"
2 connectionTimeout="20000"
3 redirectPort="443" /> # 修改为443端口
# 找到此段,取消注释,并修改端口号为443
1 <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" 2 maxThreads="150" SSLEnabled="true"> 3 <SSLHostConfig> <Certificate certificateKeystoreFile="conf/one.keystore" # 此处为存放证数路径
type="RSA" certificateKeystorePassword="123456" /> #设置的证数密码 4 </SSLHostConfig> 5 </Connector>
按 i 键进行修改,按 Esc 键退出编辑模式,按 :wq 保存并退出
3、重启tomcat并登录网站
启动tomcat
# /tomcat8.5.69/bin/startup.sh
关闭tomcat
# /tomcat8.5.69/bin/shutdown.sh
查看tomcat状态
ps -ef|grep tomcat