Home > Developer > Web Develop

Tomcat configuration HTTPS self-signed certificate (keytool Generation)

Source: Internet
Author: User
Tags pkcs12
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Tomcat configuration HTTPS self-signed certificate (keytool generation) Build KeyStore

Keytool-genkeypair-alias "Server"-keyalg "RSA"-validity "365"-keystore "/app/webapp/tomcat/https/server.keystore"

[[email protected] https]$ pwd/app/webapp/tomcat/https[[email protected] https]$ Keytool-genkeypair- Alias "Server"-keyalg "RSA"-validity "365"-keystore "/app/webapp/tomcat/https/server.keystore" Enter KeyStore  Password:re-enter New Password:what is your first and last name?  [Unknown]: 10.13.22.102What is the name of the Your organizational unit?  [Unknown]: Aiwhat is the name of your organization?  [Unknown]: Aiwhat is the name of your city or Locality?  [Unknown]: Gzwhat is the name of your state or province?  [Unknown]: Gdwhat is the Two-letter country code for this unit?  [Unknown]: CnIs cn=10.13.22.102, Ou=ai, O=ai, L=gz, ST=GD, c=cn correct? [No]: Yesenter key password for <server> (RETURN if same as KeyStore password): Re-enter new Password:warn Ing:the JKS KeyStore uses a proprietary format. It is recommended to migrate to PKCS12 which are an industry standard format using "keytool-importkeystore-srckeystore/a Pp/webapp/tomcat/https/server.keYstore-destkeystore/app/webapp/tomcat/https/server.keystore-deststoretype pkcs12 ".  [[email protected] https]$
Modify Configuration Server.xml 
[[email protected] conf]$ pwd/app/webapp/tomcat/apache-tomcat-7.0.88/conf[[email protected] conf]$ vi server.xml
    <!--    <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"               clientAuth="false" sslProtocol="TLS" />    -->

Switch

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"               clientAuth="false" sslProtocol="TLS"                keystoreFile="/app/webapp/tomcat/https/server.keystore" keystorePass="123456"/>

Save:
: Wq

Modify the default port in tomcat for HTTPS 8443 (also not change, with default).
This is modified to 18003. Altogether modified three places. The other two are in the comments, not modified.

    <Connector port="18002" protocol="HTTP/1.1"               connectionTimeout="20000"               redirectPort="8443" />    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
    <Connector port="18002" protocol="HTTP/1.1"               connectionTimeout="20000"               redirectPort="18003" />    <Connector port="18003" protocol="org.apache.coyote.http11.Http11Protocol"               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"               clientAuth="false" sslProtocol="TLS"               keystoreFile="/app/webapp/tomcat/https/server.keystore" keystorePass="123456"/>    <Connector port="8009" protocol="AJP/1.3" redirectPort="18003" />
Modify Tomcat's web. XML to force HTTP to jump to HTTPS

[Email protected] conf]$ pwd
/app/webapp/tomcat/apache-tomcat-7.0.88/conf
[Email protected] conf]$ VI Web. XML

</welcome-file-list> add such a paragraph to the back:

    <login-config>            <!-- Authorization setting for SSL -->            <auth-method>CLIENT-CERT</auth-method>            <realm-name>Client Cert Users-only Area</realm-name>        </login-config>        <security-constraint>            <!-- Authorization setting for SSL -->            <web-resource-collection >                <web-resource-name >SSL</web-resource-name>                <url-pattern>/*</url-pattern>            </web-resource-collection>            <user-data-constraint>                <transport-guarantee>CONFIDENTIAL</transport-guarantee>            </user-data-constraint>        </security-constraint>
Restart Tomcat 
[[email protected] bin]$ pwd/app/webapp/tomcat/apache-tomcat-7.0.88/bin[[email protected] bin]$ sh Shutdown.shusing catalina_base:/app/webapp/tomcat/apache-tomcat-7.0.88using catalina_home:/app/webapp/tomcat/ Apache-tomcat-7.0.88using catalina_tmpdir:/app/webapp/tomcat/apache-tomcat-7.0.88/tempusing JRE_HOME:/opt/jdk1.8 .0_151using CLASSPATH:/app/webapp/tomcat/apache-tomcat-7.0.88/bin/bootstrap.jar:/app/webapp/tomcat/ Apache-tomcat-7.0.88/bin/tomcat-juli.jarjava HotSpot (TM) 64-bit Server VM warning:ignoring option permsize=256m; Support is removed in 8.0Java HotSpot (TM) 64-bit Server VM warning:ignoring option maxpermsize=256m; Support is removed in 8.0[[email protected] bin]$ sh startup.shusing catalina_base:/app/webapp/tomcat/apache-tom Cat-7.0.88using catalina_home:/app/webapp/tomcat/apache-tomcat-7.0.88using catalina_tmpdir:/app/webapp/tomcat/ Apache-tomcat-7.0.88/tempusing jre_home:/opt/jdk1.8.0_151using CLASSPATH:/app/webapp/tomcat/apache-tomcat-7.0.88/bin/bootstrap.jar:/app/webapp/tomcat/apache-tomcat-7.0.88/bin/ Tomcat-juli.jartomcat started.
Access

? http://10.13.22.102:18002/ops/app
Auto Jump:
? https://10.13.22.102:18003/ops/app

Tomcat configuration HTTPS self-signed certificate (keytool Generation)

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
https self signed certificate self signed https make self signed certificate self signed wildcard certificate renew self signed certificate self signed certificate security self signed certificate trusted

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More