centos7+jdk1.8+tomcat8 配置https

1、使用jdk自带工具生成证书

# keytool -genkey -v -alias tomcat -keyalg RSA -keystore /usr/local/tomcat-8.5.69/conf/one.keystore

若报错,可使用下面命令或查看系统提示修改命令。

# keytool -importkeystore -srckeystore /usr/local/tomcat-8.5.69/conf/one.keystore -destkeystore /usr/local/tomcat-8.5.69/conf/one.keystore -deststoretype pkcs12

注意:/usr/local/tomcat-8.5.69/conf/one.keystore 是自定义证数生成后存放路径

需要输入:

 1 Enter keystore password:   # 密码自定义 
 2 Re-enter new password: 
 3 What is your first and last name?
 4   [Unknown]:  tomcat
 5 What is the name of your organizational unit?
 6   [Unknown]:  tomcat
 7 What is the name of your organization?
 8   [Unknown]:  tomcat
 9 What is the name of your City or Locality?
10   [Unknown]:  # 城市名
11 What is the name of your State or Province?
12   [Unknown]:  # 省份
13 What is the two-letter country code for this unit?
14   [Unknown]:  cn

生成成功可在文件目录查看

[root@server conf]# ls
Catalina              jaspic-providers.xsd  tomcat-users.xml
catalina.policy       logging.properties    tomcat-users.xsd
catalina.properties   one.keystore          web.xml
context.xml           one.keystore.old
jaspic-providers.xml  server.xml

 

2、修改tomcat配置文件server.xml

该文件默认目录在

/tomcat/conf/server.xml

修改命令

# vim server.xml
1 <Connector port="80" protocol="HTTP/1.1"
2                connectionTimeout="20000"
3                redirectPort="443" />  # 修改为443端口
# 找到此段,取消注释,并修改端口号为443
1
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" 2 maxThreads="150" SSLEnabled="true"> 3 <SSLHostConfig> <Certificate certificateKeystoreFile="conf/one.keystore" # 此处为存放证数路径

                        type="RSA" certificateKeystorePassword="123456" />  #设置的证数密码 4 </SSLHostConfig> 5 </Connector>

按 i 键进行修改,按 Esc 键退出编辑模式,按 :wq 保存并退出

 

3、重启tomcat并登录网站

启动tomcat
# /tomcat8.5.69/bin/startup.sh

 

关闭tomcat
# /tomcat8.5.69/bin/shutdown.sh

 

查看tomcat状态
ps -ef|grep tomcat

 

posted @ 2021-07-09 20:11  郑NINE  阅读(294)  评论(0编辑  收藏  举报