Tomcat configuration HTTPS

Tomcat supports the JKS format certificate, and the PFX format certificate is supported starting from TOMCAT7, with either of the two certificate formats selected. File Description: 1. Certificate file 21397867314xxxx.pem, which contains two pieces of content, do not delete any part of the content. 2. If the CSR is created by the certificate system, it also contains: Certificate private key File 21397867314xxxx.key, PFX format certificate file 21397867314xxxx.pfx, PFX format certificate password file pfx-password.txt. 1. Certificate Format conversion

Create the Cert directory under the Tomcat installation directory, and copy all downloaded files to the Cert directory. If you are creating a CSR file when you request a certificate, the attachment contains only the 21397867314xxxx.pem file, and you need to copy the private key file to the Cert directory, which is named 213978673140913.key, and if it is a system-created CSR, go directly to step 2nd.

Complete the PFX format Conversion command in the Cert directory by executing the following command, which is to set the PFX certificate password, keep in mind:

OpenSSL pkcs12-export-out 213978673140913.pfx-inkey 213978673140913.key-in 213978673140913.pem

2. PFX Certificate Installation

Locate the file Server.xml in the installed Tomcat directory, and the general default path is in the Conf folder. Locate the <connection port= "8443" tab and add the following properties:

Keystorefile= "cert/21397867314xxxx.pfx" keystoretype= "PKCS12" #此处的证书密码, please refer to the password file in the attachment or the password set in step 1th keystorepass= "Certificate Password"

The complete configuration is as follows, where the port property is modified according to the actual situation:

<connector port= "8443"    protocol= "http/1.1"    sslenabled= "true"    scheme= "https"    secure= "true"    keystorefile= "cert/21397867314xxxx.pfx"    keystoretype= "PKCS12"    keystorepass= "certificate Password"    clientauth= "False"    sslprotocol= "tlsv1+tlsv1.1+tlsv1.2"    ciphers= "tls_rsa_with_aes_128_cbc_sha,tls_rsa_with_aes_256 _cbc_sha,tls_ecdhe_rsa_with_aes_128_cbc_sha,tls_ecdhe_rsa_with_aes_128_cbc_sha256,tls_rsa_with_aes_128_cbc_ sha256,tls_rsa_with_aes_256_cbc_sha256 "/>


Front-End Scheduling:

server {    listen;    Listen 443;    server_name test.xxx.com;    Location/{        Proxy_pass http://guor_test-appsrv_pools;        Proxy_set_header Host                   $host;        Proxy_set_header x-real-ip              $remote _addr;        Proxy_set_header x-forwarded-for        $proxy _add_x_forwarded_for;        Proxy_redirect/HTTP $scheme://;    } }

Back end tomcat:# Vim conf/server.xml

<connector port= "8443" protocol= "Org.apache.coyote.http11.Http11NioProtocol" maxthreads= "sslenabled="               True "Scheme=" https "secure=" true "               clientauth=" false "sslprotocol=" TLS "                keystorefile="/etc/cert/ 21397867314xxxx.pfx "               keystoretype=" PKCS12 "               keystorepass=" 21397867314xxxx "               sslprotocol=" tlsv1+ tlsv1.1+tlsv1.2 "               ciphers=" Tls_rsa_with_aes_128_cbc_sha,tls_rsa_with_aes_256_cbc_sha,tls_ecdhe_rsa_with_aes _128_cbc_sha,tls_ecdhe_rsa_with_aes_128_cbc_sha256,tls_rsa_with_aes_128_cbc_sha256,tls_rsa_with_aes_256_cbc_ SHA256 "/>

Tomcat configuration HTTPS