Introduction to the Tomcat server HTTPS protocol configuration

First, the production of digital signature certificate
1. Generate the certificate with the Keytool tool that comes with the JDK;

2, export the certificate;

3, to the CA signature certification;

Note: For an example of making detailed steps, see the Appendix.

Ii. Modification of Server.xml file

Modify Conf/server.xml, add the following configuration

<connector port= "8443" protocol= "http/1.1" sslenabled= "true"

maxthreads= "Scheme=" "https" secure= "true"

Clientauth= "false" sslprotocol= "TLS"

Keystorefile= "E:/csp_local/keys/keystorea" (Digital certificate inventory placement)

keystorepass= "Changeit"/> (digital certificate library password)





Appendix

Digital Signature Certificate Authoring Example

Assume that the certificate to be generated represents the domain name sso.digitalchina.com, the city is Beijing, country cn, alias Tomcat, the certificate to be generated is stored in the certificate library in the current directory, and the certificate library name is Keystorea.

1. Generate a certificate to be signed

Keytool–genkey–alias tomcat–keyalg Rsa–keystore Keystorea–storepass Changeit

Execute the above command and follow the prompts to enter:

What is your first and last name (hint): sso.digitalchina.com (Input)

What is your organizational unit name (hint): digitalchina.com (Input)

What is your organization name (hint): SSO (Input)

What is the name of your city or region (hint): Beijing (Input)

What is the name of your state or province (hint): Beijing (Input)

What is the two-letter country code for this unit (hint): CN (Input)

is CN=SSO.DIGITALCHINA.COM,OU=DIGITALCHINA.COM,O=SSO,L=BEIJING,ST=BEIJING,C=CN correct? [No] (hint): Y (Input)

Enter <digitalchina> master password (if same as KeyStore password press ENTER): Enter



After the above steps, the file Keystorea is generated in the current directory.

2. Export the certificate to be signed

Export to the Cert directory under the current directory

Keytool–export–alias tomcat–file Cert/tomcat.jks–keystore Keystorea–storepass Changeit

After executing the above command, the certificate file Tomcat.jks is generated under the Cert directory.

3. Import the certificate to be signed

To import the certificate into the default certificate library, $java_home/jre/lib/security/cacerts, assuming that the default password for the library is Changeit, you need to perform the following import command.

Keytool-import-alias tomcat-file cert/tomcat.jks-keystore $JAVA _home/jre/lib/security/cacerts-storepass Changeit



Execute the above command to import into a virtual machine in the current environment.

Introduction to the Tomcat server HTTPS protocol configuration