tomcat配置ssl证书

1、使用jdk自带工具生成证书,找到jdk下bin目录执行一下命令:

keytool -genkeypair -alias “tomcat” -keyalg “RSA” -keystore “D:\ssl\tomcat.keystore” -validity 36500

D:\ssl\tomcat.keystore 为证书存储路径自行修改

2、将生成证书复制到tomcat ssl文件夹下,修改tomcat配置,找到tomcat/conf/server.xml文件

修改配置项:

<Connector port="8081" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" >
        <SSLHostConfig>
            <Certificate certificateKeystoreFile="ssl/tomcat.keystore" certificateKeystorePassword="jrealsoft" type="RSA" />
        SSLHostConfig>
    Connector>
    
<Connector port="8010" protocol="AJP/1.3" redirectPort="8081" />

3、重启tomcat

4、访问应用

使用http(http://localhost:8081/test/index.html)访问时会提示“Bad Request This combination of host and port requires TLS”
需要在conf/web.xml 标签内最后一行中加入以下配置,访问时自动转向https


<login-config> 
		 
		<auth-method>CLIENT-CERTauth-method> 
		<realm-name>Client Cert Users-only Arearealm-name> 
	login-config> 
	<security-constraint> 
		 
		<web-resource-collection > 
			<web-resource-name >SSLweb-resource-name> 
			<url-pattern>/*url-pattern> 
		web-resource-collection> 
		<user-data-constraint> 
			<transport-guarantee>CONFIDENTIALtransport-guarantee> 
		user-data-constraint> 
	security-constraint>

对于该方案在tomcat8.5版本测试无效,欢迎交流

5、访问时会提示“你的连接不是专用连接”由于证书不受信任导致

该问题未解决,欢迎评论交流

参考文章:
https://blog.csdn.net/qq_61407171/article/details/125159284
https://blog.csdn.net/qq_37138756/article/details/103516627
https://blog.csdn.net/dongyuxu342719/article/details/109312468
https://blog.csdn.net/Piconjo/article/details/104929099

你可能感兴趣的:(Tool,tomcat,ssl,https)