Home > Developer > Web Develop
Reprint Address: http://ln-ydc.iteye.com/blog/1330674
Content Overview:
If you want Tomcat to support Https, the main task is to configure the SSL protocol
1. Generate a security certificate
2. Configure Tomcat
To generate a security certificate:
1.java Environment: Because Sun Company provides the tool to make the certificate Keytool.
This tool is included in the version of JDK 1.4 and is located in <java_home>\bin\keytool.exe.
2. Create a command for the certificate:
CMD codeThe meaning of the parameter is as follows:
The password I lost is Tomcat, name and surname for the domain name, and other according to the specific circumstances of the input
The above command will produce a pair of asymmetric keys and self-signed certificates f:\tomcat.keystore.
Save the certificate to the place where you want to store it, my saved in D:\Tools\Web\ssl\tomcat.keystore
Note: "First and last name" should be the domain name, lost to the name, and the real run time domain name does not match, will be problematic
--------------------------------------------------------------------------------------------------------------- ------------
To configure Tomcat:
Navigate to the Tomcat installation directory and locate the Server.xml file under Conf
Find the following code that has been commented:
XML codeRemove the comment and modify it to:
XML codeHere, the location of the password and certificate is set according to the individual environment, and the attribute parameters are as follows:
| Property | Describe |
| ClientAuth | If set to True, indicates that Tomcat requires all SSL clients to present a security certificate to authenticate the SSL client |
| Keystorefile | Specifies the location of the KeyStore file, either specifying an absolute path, or specifying a relative path relative to the <CATALINA_HOME> (Tomcat installation directory) environment variable. If this item is not set, by default, Tomcat will read the file named ". KeyStore" from the user directory of the current operating system user. |
| Keystorepass | Specifies the password for the KeyStore, and by default, Tomcat uses "Changeit" as the default password if it is not set. |
| Sslprotocol | Specifies the encryption/decryption protocol used by the socket (socket) and the default value is TLS, which should not be modified by the user. |
| Ciphers | Specifies the list of passwords available for the socket for encryption, separated by commas (,) between multiple passwords. If this item is not set, by default, the socket can use any one of the available passwords. |
To access a Web site that supports SSL:
Launch the game tomcat, enter in the browser: https://localhost:8443/, here with IE access
Choose to continue browsing this site
--------------------------------------------------------------------------------------------------------------- ------------
3. Force HTTPS access
Add the following paragraph to the </welcome-file-list> in Tomcat\conf\web.xml:
Java code
1. <login-config>
2. <!--Authorization setting for SSL--and
3. <auth-method>CLIENT-CERT</auth-method>
4. <realm-name>client Cert users-only area</realm-name>
5. </login-config>
6. <security-constraint>
7. <!--Authorization setting for SSL--and
8. <web-resource-collection >
9. <web-resource-name >SSL</web-resource-name>
Ten. <url-pattern>/*</url-pattern>
One. </web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>.
Configure Tomcat to use the HTTPS protocol (configure SSL protocol)
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
