The server enables https and https.
Enable Tomcat https service
When publishing enterprise-level applications, an issue occurs: After IOS7.1, the app URL must start with https, so the server must support https.
Lab environment: Mac OSX, win7, Tomcat 7.0, JDK 1.7
1. Environment Construction
1. install tomcat
A.: http://tomcat.apache.org/download-70.cgi
B. Download the Tomcat version of your machine.
2. Install JDK
Tomcat needs to install the corresponding JDK or it cannot run.
Ii. Create a self-Signed CA certificate (Root Certificate)
There are two steps to create a CA certificate:
1. Create a private key file:
Opensslgenrsa-out myCA. key 2048
The private key is named myCA. key.
2. Create the root certificate:
Openssl req-x509-new-key myCA. key-out myCA. cer-days 730-subj/CN = "My CustomCA"
The root certificate is named myCA. cer and the organization name is My Custom CA.
3. Create a self-Signed SSL Certificate (leaf Certificate)
1. Create a private key first:
Opensslgenrsa-out server. key 2048
The private key is named server. key.
2. Create a CSR:
Opensslreq-new-out server. req-key server. key-subj/CN = 127.0.0.1/CN = 192.168.31.128/CN = localhost
Assume that the IP address of the server is 192.168.2.1. The output file is server. req.
3. Use CSR to create an SSL certificate:
Opensslx509-req-in server. req-out server. cer-CAkey myCA. key-CA myCA. cer-days36500-CAcreateserial-CAserial server. serial
Here we assume that the validity period is July 22, 100, the output file is server. cer, and the serial number file is server. serial (used when the certificate is revoked ).
4. Export the. key and. cer files as. p12 certificates:
Opensslpkcs12-export-in server. cer-inkey server. key-out server. p12-name "server"
Enter the certificate password twice according to the command prompt. Assume that the password is keypass. The output file name is server. p12.
5. Import the. p12 file to java keystore:
Keytool-importkeystore-v-srckeystore server. p12-srcstoretype pkcs12-srcstorepass keypass-destkeystore server. keystore-deststoretype jks-deststorepass keypass
Here we assume that the keystore file name is server. keystore, And the keystore password is keypass.
4. Use SSL certificates
Put the final obtained keystore file (server. keystore) on the web server. For example, in the conf directory of the Tomcat directory.
Then modify server. xml:
<Connectorport = "8443" protocol = "org. apache. coyote. http11.Http11Protocol" SSLEnabled = "true"
MaxThreads = "150" scheme = "https" secure = "true"
KeystoreFile = "D:/CA/server. keystore" keystorePass = "keypass"
ClientAuth = "false" sslProtocol = "TLS"/>
Restart Tomcat and access the https service at the following address:
Https: // localhost: 8443/or https: // 192.168.2.1: 8443 /.