Online such a large number of tutorials, this article mainly records the steps and several points of attention.
First, we use the keytool of the JDK to generate the certificate. The command is as follows:
keytool-genkey-alias tomcat-keyalg rsa-keystore tomcat.keystore
Note: Check that your CentOS use is not openjdk, if it is please uninstall OPENJDK, install Oracle JDK. To avoid unnecessary hassles, keep the development environment, and the JDK version of the server environment is at least a large version. (for example, all 1.8.x)
Explanation: Alias is followed by aliases, a random one (if you have used the Tomcat alias, here can no longer use, that can not be repeated), this alias in the final step of generating a certificate will appear.
Keyalg is the name of the cryptographic algorithm that generates the certificate, so it is OK to write.
KeyStore is followed by the location of the generated certificate, for example, I will generate a certificate called Tomcat.keystore in the current directory of the knocking command. You can also specify a directory.
After entering the above command, enter, you will see the following interface:
Explanation: In the place where the label password should be consistent, the password is set to Tomcat-users.xml , and the administrator user.
First name and surname here, some tutorials say casually fill, and some say to your domain name consistent, I test down, is can be filled, because my domain name at that time can not be used, I also through the IP address directly access my server,
My tomcat is not configured with this domain name, so here is a domain name to explain what. The following organizational unit, the organization name can be filled in casually.
After the good keystore is generated, it is the server.xml of the configuration tomcat:
Explanation: The Port property value was originally 8443, and I changed it to 443, so you don't need a port number to access the project. Keystorefile the absolute path of the KeyStore file you generated. The password is the password you set in the first step.
At this point, the configuration of Tomcat ends, saves, and restarts Tomcat.
Finally, Vi/etc/sysconfig/iptables, go to the firewall, open 443 ports.
Then, the service iptables restart a bit.
Access https://your server IP, see the certificate unsafe prompt, continue to access is.
Finally, paste in my configuration process, refer to the article link, thank the authors!
Http://www.linuxidc.com/Linux/2016-08/134339.htm
Http://wakan.blog.51cto.com/59583/21600/
Http://www.cnblogs.com/xiaoliao/p/5778262.html
http://blog.csdn.net/sunzxhqq/article/details/52797028
Configure Tomcat to support HTTPS under CentOS