超哥超哥 学习手册

tomcat配置https自签名证书(keytool生成)

文章目录

[隐藏]

  • 生成keystore
  • 修改配置server.xml
  • 修改tomcat的web.xml,强制http跳转到https
  • 重启tomcat
  • 访问
生成keystore
keytool -genkeypair -alias "server" -keyalg "RSA" -validity "365" -keystore "/app/webapp/tomcat/https/server.keystore"  [[email protected] https]$ pwd  /app/webapp/tomcat/https  
[[email protected] https]$ keytool -genkeypair -alias "server" -keyalg "RSA" -validity "365" -keystore "/app/webapp/tomcat/https/server.keystore"  Enter keystore password:  Re-enter new password:  What is your first and last name?    [Unknown]:  10.13.22.102  What is the name of your organizational unit?    [Unknown]:  ai  What is the name of your organization?    [Unknown]:  ai  What is the name of your City or Locality?    [Unknown]:  gz  What is the name of your State or Province?    [Unknown]:  gd  What is the two-letter country code for this unit?    [Unknown]:  cn  Is CN=10.13.22.102, OU=ai, O=ai, L=gz, ST=gd, C=cn correct?    [no]:  yes    Enter key password for <server>          (RETURN if same as keystore password):  Re-enter new password:    Warning:  The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /app/webapp/tomcat/https/server.keystore -destkeystore /app/webapp/tomcat/https/server.keystore -deststoretype pkcs12".  [[email protected] https]$
修改配置server.xml
[[email protected] conf]$ pwd  /app/webapp/tomcat/apache-tomcat-7.0.88/conf  [[email protected] conf]$ vi server.xml  
    <!--      <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"                 maxThreads="150" SSLEnabled="true" scheme="https" secure="true"                 clientAuth="false" sslProtocol="TLS" />      -->

改为:

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"                 maxThreads="150" SSLEnabled="true" scheme="https" secure="true"                 clientAuth="false" sslProtocol="TLS"                 keystoreFile="/app/webapp/tomcat/https/server.keystore" keystorePass="123456"/>

保存:
:wq

修改https的tomcat里的默认端口8443(也可不改,用默认的)。
这里修改为18003。共修改三处。另外两处是注释里的,可不修改。

    <Connector port="18002" protocol="HTTP/1.1"                 connectionTimeout="20000"                 redirectPort="8443" />        <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />  
    <Connector port="18002" protocol="HTTP/1.1"                 connectionTimeout="20000"                 redirectPort="18003" />        <Connector port="18003" protocol="org.apache.coyote.http11.Http11Protocol"                 maxThreads="150" SSLEnabled="true" scheme="https" secure="true"                 clientAuth="false" sslProtocol="TLS"                 keystoreFile="/app/webapp/tomcat/https/server.keystore" keystorePass="123456"/>        <Connector port="8009" protocol="AJP/1.3" redirectPort="18003" />
修改tomcat的web.xml,强制http跳转到https
[[email protected] conf]$ pwd  /app/webapp/tomcat/apache-tomcat-7.0.88/conf  
[[email protected] conf]$ vi web.xml

后面加上这样一段:

    <login-config>          <!-- Authorization setting for SSL -->          <auth-method>CLIENT-CERT</auth-method>          <realm-name>Client Cert Users-only Area</realm-name>      </login-config>      <security-constraint>          <!-- Authorization setting for SSL -->          <web-resource-collection >              <web-resource-name >SSL</web-resource-name>              <url-pattern>/*</url-pattern>          </web-resource-collection>          <user-data-constraint>              <transport-guarantee>CONFIDENTIAL</transport-guarantee>          </user-data-constraint>      </security-constraint>
重启tomcat
[[email protected] bin]$ pwd  /app/webapp/tomcat/apache-tomcat-7.0.88/bin  [[email protected] bin]$ sh shutdown.sh  Using CATALINA_BASE:   /app/webapp/tomcat/apache-tomcat-7.0.88  Using CATALINA_HOME:   /app/webapp/tomcat/apache-tomcat-7.0.88  Using CATALINA_TMPDIR: /app/webapp/tomcat/apache-tomcat-7.0.88/temp  Using JRE_HOME:        /opt/jdk1.8.0_151  Using CLASSPATH:       /app/webapp/tomcat/apache-tomcat-7.0.88/bin/bootstrap.jar:/app/webapp/tomcat/apache-tomcat-7.0.88/bin/tomcat-juli.jar  Java HotSpot(TM) 64-Bit Server VM warning: ignoring option PermSize=256m; support was removed in 8.0  Java HotSpot(TM) 64-Bit Server VM warning: ignoring option MaxPermSize=256m; support was removed in 8.0  [[email protected] bin]$ sh startup.sh  Using CATALINA_BASE:   /app/webapp/tomcat/apache-tomcat-7.0.88  Using CATALINA_HOME:   /app/webapp/tomcat/apache-tomcat-7.0.88  Using CATALINA_TMPDIR: /app/webapp/tomcat/apache-tomcat-7.0.88/temp  Using JRE_HOME:        /opt/jdk1.8.0_151  Using CLASSPATH:       /app/webapp/tomcat/apache-tomcat-7.0.88/bin/bootstrap.jar:/app/webapp/tomcat/apache-tomcat-7.0.88/bin/tomcat-juli.jar  Tomcat started.
访问
http://10.13.22.102:18002/ops/app

自动跳转:

https://10.13.22.102:18003/ops/app

原文出处:51cto -> http://blog.51cto.com/170023/2154885?source=dra

本站所发布的一切资源仅限用于学习和研究目的;不得将上述内容用于商业或者非法用途,否则,一切后果请用户自负。本站信息来自网络,版权争议与本站无关。您必须在下载后的24个小时之内,从您的电脑中彻底删除上述内容。如果您喜欢该程序,请支持正版软件,购买注册,得到更好的正版服务。如果侵犯你的利益,请发送邮箱到 [email protected],我们会很快的为您处理。

超哥 钻石

分享到:

相关推荐