At the Command Prompt window, enter the Tomcat directory and execute the following command:
Keytool-genkey-alias tomcat-keyalg rsa-keypass changeit-storepass changeit-keystore server.keystore-validity 3600
Generate the Server.keystore certificate file by using the steps above
Turn on the servlet.xml comment
<!--Define a SSL http/1.1 Connector on port 8443-->
<connector protocol= "Org.apache.coyote.http11.Http11Protocol"
Port= "8443" maxhttpheadersize= "8192"
maxthreads= "minsparethreads=" maxsparethreads= "75"
Enablelookups= "false" disableuploadtimeout= "true"
Acceptcount= "Scheme=" "https" secure= "true"
Clientauth= "false" sslprotocol= "TLS"
Keystorefile= "Server.keystore"
keystorepass= "Changeit"/>
Go to this step to access https://ip:8443/
The general Tomcat default SSL port number is 8443, but for the SSL standard port number is 443, so you can access the Web page directly using HTTPS without the need for the input port number, such as https://ip/
To modify the port number, you need to modify Tomcat's Server.xml file:
1.NON-SSL http/1.1 connector defined places, generally as follows:
<connector port= "8192" maxhttpheadersize= "
maxthreads= "minsparethreads=" maxsparethreads= "75"
Enablelookups= "false" redirectport= "443" acceptcount= "100"
connectiontimeout= "20000" disableuploadtimeout= "true"/>
Change the Redirectport port number to: 443
2.SSL http/1.1 Connector defined place, modify the port number to: 443, as follows:
<connector
port= "443" maxhttpheadersize= "8192"
maxthreads= "minsparethreads=" "25"
maxsparethreads= "75"
Enablelookups= "false"
Disableuploadtimeout= "true"
Acceptcount= "Scheme=" "https"
Secure= "true"
Clientauth= "false" sslprotocol= "TLS"
Keystorefile= "Conf/tomcat.keystore"
keystorepass= "123456"/>
3.AJP 1.3 Connector defined place, the modified Redirectport is 443, as follows:
<connector port= "8009"
Enablelookups= "false" redirectport= "443" protocol= "ajp/1.3"/>
Restart Tomcat on the go. This step can form the access mode https://ip/
4. Force HTTPS access
After the </welcome-file-list> in the Tomcat\conf\web.xml, add such a paragraph:
<login-config>
<!--Authorization setting for SSL-->
<auth-method>CLIENT-CERT</auth-method>
<realm-name>client Cert users-only area</realm-name>
</login-config>
<security-constraint>
<!--Authorization setting for SSL-->
<web-resource-collection >
<web-resource-name >SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Note: (If the machine port used by the other side is occupied)
Need to switch ports to convert data: iptables-t nat-a prerouting-p tcp--dport 80-j REDIRECT--to-port 8080