tomcat配置https自簽名證書(keytool生成)-創(chuàng)新互聯(lián)

tomcat配置https自簽名證書(keytool生成)

生成keystore

keytool -genkeypair -alias "server" -keyalg "RSA" -validity "365" -keystore "/app/webapp/tomcat/https/server.keystore"

站在用戶的角度思考問(wèn)題,與客戶深入溝通,找到凌海網(wǎng)站設(shè)計(jì)與凌海網(wǎng)站推廣的解決方案,憑借多年的經(jīng)驗(yàn),讓設(shè)計(jì)與互聯(lián)網(wǎng)技術(shù)結(jié)合,創(chuàng)造個(gè)性化、用戶體驗(yàn)好的作品,建站類型包括:做網(wǎng)站、成都做網(wǎng)站、企業(yè)官網(wǎng)、英文網(wǎng)站、手機(jī)端網(wǎng)站、網(wǎng)站推廣、域名注冊(cè)、網(wǎng)頁(yè)空間、企業(yè)郵箱。業(yè)務(wù)覆蓋凌海地區(qū)。
[webapp@machina https]$ pwd
/app/webapp/tomcat/https
[webapp@machina https]$ keytool -genkeypair -alias "server" -keyalg "RSA" -validity "365" -keystore "/app/webapp/tomcat/https/server.keystore"
Enter keystore password:  
Re-enter new password: 
What is your first and last name?
  [Unknown]:  10.13.22.102
What is the name of your organizational unit?
  [Unknown]:  ai
What is the name of your organization?
  [Unknown]:  ai
What is the name of your City or Locality?
  [Unknown]:  gz
What is the name of your State or Province?
  [Unknown]:  gd
What is the two-letter country code for this unit?
  [Unknown]:  cn
Is CN=10.13.22.102, OU=ai, O=ai, L=gz, ST=gd, C=cn correct?
  [no]:  yes

Enter key password for <server>
        (RETURN if same as keystore password):  
Re-enter new password: 

Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /app/webapp/tomcat/https/server.keystore -destkeystore /app/webapp/tomcat/https/server.keystore -deststoretype pkcs12".
[webapp@machina https]$

修改配置server.xml

[webapp@machina conf]$ pwd
/app/webapp/tomcat/apache-tomcat-7.0.88/conf
[webapp@machina conf]$ vi server.xml
<!--
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />
    -->

改為:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" 
               keystoreFile="/app/webapp/tomcat/https/server.keystore" keystorePass="123456"/>

保存:
:wq

修改https的tomcat里的默認(rèn)端口8443(也可不改,用默認(rèn)的)。
這里修改為18003。共修改三處。另外兩處是注釋里的,可不修改。

<Connector port="18002" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />

    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<Connector port="18002" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="18003" />

    <Connector port="18003" protocol="org.apache.coyote.http11.Http11Protocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
               keystoreFile="/app/webapp/tomcat/https/server.keystore" keystorePass="123456"/>

    <Connector port="8009" protocol="AJP/1.3" redirectPort="18003" />

修改tomcat的web.xml,強(qiáng)制http跳轉(zhuǎn)到https

[webapp@machina conf]$ pwd
/app/webapp/tomcat/apache-tomcat-7.0.88/conf
[webapp@machina conf]$ vi web.xml

</welcome-file-list>后面加上這樣一段:

<login-config>    
        <!-- Authorization setting for SSL -->    
        <auth-method>CLIENT-CERT</auth-method>    
        <realm-name>Client Cert Users-only Area</realm-name>    
    </login-config>    
    <security-constraint>    
        <!-- Authorization setting for SSL -->    
        <web-resource-collection >    
            <web-resource-name >SSL</web-resource-name>    
            <url-pattern>/*</url-pattern>    
        </web-resource-collection>    
        <user-data-constraint>    
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>    
        </user-data-constraint>    
    </security-constraint>

重啟tomcat

[webapp@machina bin]$ pwd
/app/webapp/tomcat/apache-tomcat-7.0.88/bin
[webapp@machina bin]$ sh shutdown.sh
Using CATALINA_BASE:   /app/webapp/tomcat/apache-tomcat-7.0.88
Using CATALINA_HOME:   /app/webapp/tomcat/apache-tomcat-7.0.88
Using CATALINA_TMPDIR: /app/webapp/tomcat/apache-tomcat-7.0.88/temp
Using JRE_HOME:        /opt/jdk1.8.0_151
Using CLASSPATH:       /app/webapp/tomcat/apache-tomcat-7.0.88/bin/bootstrap.jar:/app/webapp/tomcat/apache-tomcat-7.0.88/bin/tomcat-juli.jar
Java HotSpot(TM) 64-Bit Server VM warning: ignoring option PermSize=256m; support was removed in 8.0
Java HotSpot(TM) 64-Bit Server VM warning: ignoring option MaxPermSize=256m; support was removed in 8.0
[webapp@machina bin]$ sh startup.sh
Using CATALINA_BASE:   /app/webapp/tomcat/apache-tomcat-7.0.88
Using CATALINA_HOME:   /app/webapp/tomcat/apache-tomcat-7.0.88
Using CATALINA_TMPDIR: /app/webapp/tomcat/apache-tomcat-7.0.88/temp
Using JRE_HOME:        /opt/jdk1.8.0_151
Using CLASSPATH:       /app/webapp/tomcat/apache-tomcat-7.0.88/bin/bootstrap.jar:/app/webapp/tomcat/apache-tomcat-7.0.88/bin/tomcat-juli.jar
Tomcat started.

訪問(wèn)

?http://10.13.22.102:18002/ops/app
自動(dòng)跳轉(zhuǎn):
?https://10.13.22.102:18003/ops/app

另外有需要云服務(wù)器可以了解下創(chuàng)新互聯(lián)scvps.cn,海內(nèi)外云服務(wù)器15元起步,三天無(wú)理由+7*72小時(shí)售后在線,公司持有idc許可證,提供“云服務(wù)器、裸金屬服務(wù)器、高防服務(wù)器、香港服務(wù)器、美國(guó)服務(wù)器、虛擬主機(jī)、免備案服務(wù)器”等云主機(jī)租用服務(wù)以及企業(yè)上云的綜合解決方案,具有“安全穩(wěn)定、簡(jiǎn)單易用、服務(wù)可用性高、性價(jià)比高”等特點(diǎn)與優(yōu)勢(shì),專為企業(yè)上云打造定制,能夠滿足用戶豐富、多元化的應(yīng)用場(chǎng)景需求。

新聞標(biāo)題:tomcat配置https自簽名證書(keytool生成)-創(chuàng)新互聯(lián)
標(biāo)題網(wǎng)址:http://muchs.cn/article32/dpppsc.html

成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián),為您提供小程序開發(fā)網(wǎng)站策劃、網(wǎng)站建設(shè)、App設(shè)計(jì)網(wǎng)站改版、外貿(mào)建站

廣告

聲明:本網(wǎng)站發(fā)布的內(nèi)容(圖片、視頻和文字)以用戶投稿、用戶轉(zhuǎn)載內(nèi)容為主,如果涉及侵權(quán)請(qǐng)盡快告知,我們將會(huì)在第一時(shí)間刪除。文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如需處理請(qǐng)聯(lián)系客服。電話:028-86922220;郵箱:631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載,或轉(zhuǎn)載時(shí)需注明來(lái)源: 創(chuàng)新互聯(lián)

成都定制網(wǎng)站網(wǎng)頁(yè)設(shè)計(jì)