Tomcat configuration HTTPS self-signed certificate (keytool generation) Build KeyStore
Keytool-genkeypair-alias "Server"-keyalg "RSA"-validity "365"-keystore "/app/webapp/tomcat/https/server.keystore"
[[email protected] https]$ pwd/app/webapp/tomcat/https[[email protected] https]$ Keytool-genkeypair- Alias "Server"-keyalg "RSA"-validity "365"-keystore "/app/webapp/tomcat/https/server.keystore" Enter KeyStore Password:re-enter New Password:what is your first and last name? [Unknown]: 10.13.22.102What is the name of the Your organizational unit? [Unknown]: Aiwhat is the name of your organization? [Unknown]: Aiwhat is the name of your city or Locality? [Unknown]: Gzwhat is the name of your state or province? [Unknown]: Gdwhat is the Two-letter country code for this unit? [Unknown]: CnIs cn=10.13.22.102, Ou=ai, O=ai, L=gz, ST=GD, c=cn correct? [No]: Yesenter key password for <server> (RETURN if same as KeyStore password): Re-enter new Password:warn Ing:the JKS KeyStore uses a proprietary format. It is recommended to migrate to PKCS12 which are an industry standard format using "keytool-importkeystore-srckeystore/a Pp/webapp/tomcat/https/server.keYstore-destkeystore/app/webapp/tomcat/https/server.keystore-deststoretype pkcs12 ". [[email protected] https]$
Modify Configuration Server.xml
[[email protected] conf]$ pwd/app/webapp/tomcat/apache-tomcat-7.0.88/conf[[email protected] conf]$ vi server.xml
<!-- <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" /> -->
Switch
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/app/webapp/tomcat/https/server.keystore" keystorePass="123456"/>
Save:
: Wq
Modify the default port in tomcat for HTTPS 8443 (also not change, with default).
This is modified to 18003. Altogether modified three places. The other two are in the comments, not modified.
<Connector port="18002" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<Connector port="18002" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="18003" /> <Connector port="18003" protocol="org.apache.coyote.http11.Http11Protocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/app/webapp/tomcat/https/server.keystore" keystorePass="123456"/> <Connector port="8009" protocol="AJP/1.3" redirectPort="18003" />
Modify Tomcat's web. XML to force HTTP to jump to HTTPS
[Email protected] conf]$ pwd
/app/webapp/tomcat/apache-tomcat-7.0.88/conf
[Email protected] conf]$ VI Web. XML
</welcome-file-list> add such a paragraph to the back:
<login-config> <!-- Authorization setting for SSL --> <auth-method>CLIENT-CERT</auth-method> <realm-name>Client Cert Users-only Area</realm-name> </login-config> <security-constraint> <!-- Authorization setting for SSL --> <web-resource-collection > <web-resource-name >SSL</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
Restart Tomcat
[[email protected] bin]$ pwd/app/webapp/tomcat/apache-tomcat-7.0.88/bin[[email protected] bin]$ sh Shutdown.shusing catalina_base:/app/webapp/tomcat/apache-tomcat-7.0.88using catalina_home:/app/webapp/tomcat/ Apache-tomcat-7.0.88using catalina_tmpdir:/app/webapp/tomcat/apache-tomcat-7.0.88/tempusing JRE_HOME:/opt/jdk1.8 .0_151using CLASSPATH:/app/webapp/tomcat/apache-tomcat-7.0.88/bin/bootstrap.jar:/app/webapp/tomcat/ Apache-tomcat-7.0.88/bin/tomcat-juli.jarjava HotSpot (TM) 64-bit Server VM warning:ignoring option permsize=256m; Support is removed in 8.0Java HotSpot (TM) 64-bit Server VM warning:ignoring option maxpermsize=256m; Support is removed in 8.0[[email protected] bin]$ sh startup.shusing catalina_base:/app/webapp/tomcat/apache-tom Cat-7.0.88using catalina_home:/app/webapp/tomcat/apache-tomcat-7.0.88using catalina_tmpdir:/app/webapp/tomcat/ Apache-tomcat-7.0.88/tempusing jre_home:/opt/jdk1.8.0_151using CLASSPATH:/app/webapp/tomcat/apache-tomcat-7.0.88/bin/bootstrap.jar:/app/webapp/tomcat/apache-tomcat-7.0.88/bin/ Tomcat-juli.jartomcat started.
Access
? http://10.13.22.102:18002/ops/app
Auto Jump:
? https://10.13.22.102:18003/ops/app
Tomcat configuration HTTPS self-signed certificate (keytool Generation)