1.生成ssl证书
keytool -genkeypair -alias “tomcat” -keyalg “RSA” -keystore “D:\ssl\tomcat.keystore” -validity 36500
2.将生成证书复制到tomcat ssl文件夹下,修改tomcat配置,找到tomcat/conf/server.xml文件
<Connector port="8081" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" >
<SSLHostConfig>
<Certificate certificateKeystoreFile="ssl/tomcat.keystore" certificateKeystorePassword="jrealsoft" type="RSA" />
</SSLHostConfig>
</Connector>
<!-- certificateKeystoreFile:为证书存储路径
keystorePass:生成证书时的密码 -->
<Connector port="8010" protocol="AJP/1.3" redirectPort="8081" />
3.重启tomcat
4.访问应用
使用http(http://localhost:8081/test/index.html)访问时会提示“Bad Request This combination of host and port requires TLS”
需要在conf/web.xml 标签内最后一行中加入以下配置,访问时自动转向https
<!--配置网站支持https,/* 表示全部请求都走https, transport-guarantee 标签设置为 CONFIDENTIAL以便使应用支持 SSL。 如果需要关闭 SSL ,将 CONFIDENTIAL 改为 NONE 即可 -->
<login-config>
<!-- Authorization setting for SSL -->
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
<!-- Authorization setting for SSL -->
<web-resource-collection >
<web-resource-name >SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
5、访问时会提示“你的连接不是专用连接”由于证书不受信任导致
标签:keystore,Tomcat,tomcat,ssl,证书,访问,conf From: https://www.cnblogs.com/big-keyboard/p/17373892.html