Tomcat Configuration HTTPS method

Simple description Action:

1, first into the JDK under the bin directory

2, and then enter the following instructions

Keytool-v-genkey-alias tomcat-keyalg rsa-keystore d:/tomcat.keystore-validity 36500

Attention:

(1) D:/tomcat.keystore is to put the generated tomcat.keystore in the D-packing directory.

"-validity 36500" represents the validity period of the certificate, 36500:365*100 days, that is 100 years, default value: 90 days

(2) If put to C disk, under the Win7 system, to enter the command line as an administrator to operate, otherwise you will not be able to create tomcat.keystore.

Here, for example, under D disk.
Step: Start-> the search box to enter cmd-> Wait (note not to return)-> appears cmd.exe-> right button "Run as Administrator" can be.

3, then enter KeyStore password

The password can be arbitrary, punishable by 123456 as an example, which is used when configuring Server.xml.

4, enter the name, organizational units, organizations, cities, provinces, countries and other information Note: (1) Enter KeyStore Password: Here you need to enter a string greater than 6 characters (2) "What is your first and last name?" This is required and must be the domain name of the Tomcat deployment host or ip[such as: Dbcom.com or 192.168.1.200], which is the access address (3) "What is" in the future to be entered in the browser "your Organizational unit? "," What is the name of your organization?, "What is the name of your city or locality?," What is the N Ame of your state or province?, What are the Two-letter code for this unit? "can write, not fill in direct return, in the system to inquire" country? " When, in contrast with the input information, if meet the requirements then use the keyboard input letter "Y", otherwise enter "n" to fill in the above information (4) Enter key password for <TOMCAT>, which is more important, will be used in the Tomcat configuration file. It is recommended to enter the same password as KeyStore, set other passwords can also be completed above input, direct return in the second step you defined in the location to find the generated files

5, again input will appear after the confirmation prompts

Enter yat this time, and return. The completion KeyStore is created at this time. Access to the D-packing directory to see the generated tomcat.xml

6, and then into the Tomcat folder conf directory
Find the Sever.xml in the Conf directory and edit

7. Re-edit
<connector port= "8080" protocol= "http/1.1" sslenabled= "true"
maxthreads= "Scheme=" "https" secure= "true"
Clientauth= "false" keystorefile= "D:/appserver/tomcat/apache-tomcat-6.0.32/conf/tomcat.keystore"
keystorepass= "Deleiguo" sslprotocol= "TLS"/>
Note: the keystore password in the box is the "123456" that we set up just now, and the editor closes and saves Sever.xml

8, after Tomcat started successfully, use https://127.0.0.1:8080 access page

If the page is successfully opened, the HTTPS configuration under Tomcat succeeds.

9. Set Application HTTP Auto jump to HTTPS

Add in Web.xml in the application: <security-constraint>         < Web-resource-collection >                 <web-resource-name >SSL</web-resource-name>                 <url-pattern>/*</url-pattern>          </web-resource-collection>                                        <user-data-constraint>                 <transport-guarantee> confidential</transport-guarantee>         </ user-data-constraint>  </security-constraint&Gt  10. Generate a security certificate file for useKeytool-export-alias tomcat-file d:/file.cer-keystore d:/tomcat.keystore-validity 36500 and then enter d:/ The KeyStore password-file d:/file.cer in Tomcat.keystore is the generated CER file, which can be directly clicked to install11. Note:(1) The time to generate the certificate, IE prompts "the security certificate has expired or is not in effect" (2) if the computer on which the IE client is located is earlier than the certificate is in effect or is later than the valid time, if IE prompts "the name on the security certificate is invalid or does not match the site name", is the domain name of the host on which the server is filled in when the certificate is generated "What is your name and last name?" "/" What is your the name? Incorrect cause (3) If the AC host can not search through the domain name, must use IP, but this IP only after the configuration to determine, so the certificate must be in the AC to determine the IP address to generate (4) certificate file can only bind an IP address, false with 192.168.1.154 and 192.168.1.200 Two IP addresses, when the certificate generated files, such as the use of 192.168.1.154, through IE can only use 192.168 1.200来 access ac-web,192.168.1.200 is unable to access Ac-web.