Recently the company lists a lot of things, including HTTPS, nothing to say, you are incomprehensible to the bitter force of my
About HTTPS these channels can go to Baidu Google its principle, not nonsense, automatically generate secret key, need to use the JDK command keytool. For the use of Keytool please see: Here or here, I'll simply post it here. How to use
(1) Java Tools Keytool
Common commands:
( Note: When generating a certificate, the CN will be the same as the domain name of the server, if tested locally, use localhost)
Keytool-genkey-alias "Tomcat"-keyalg "RSA"-keystore "D:\mykeystore"-dname "Cn=localhost, Ou=localhost, O=localhost, L=sh, St=sh, C=CN "-keypass" Changeit "-storepass-validity 180
Parameter description:
-genkey means to create a new key
-dname represents the distinguished Names of the key,
Cn=commonname
Ou=organizationunit
O=organizationname
L=localityname
S=statename
C=country
Distinguished names indicates the identity of the issuer of the key
-KEYALG uses an encryption algorithm, this is RSA
-alias the alias of the key
-keypass the password for the private key, which is set to Changeit
The-keystore key is stored in the Mykeystore file in the D: Disk directory
-storepass access password, this is set to Changeit, this password provides the system from the Mykeystore file to remove the information
-validity The key is valid for 180 days (default is 90 days)
Delete
keytool -delete -alias catest -keystore d:\mykeystore
查看
keytool -list
-keysto
re
d:\mykeystore
Create a certificate
1. generate the certificate on the server:( Note: When generating the certificate, CN will be the same as the domain name of the server, if tested locally, use localhost)
Keytool-genkey-alias "Tomcat"-keyalg "RSA"-keystore "D:\mykeystore"-dname "Cn=localhost, Ou=localhost, O=localhost, L=sh, St=sh, C=CN "-keypass" Changeit "-storepass" Changeit "
2. Export the certificate, installed by the client:
Keytool-export-alias Tomcat-keystore d:\mykeystore-file D:\mycerts.cer-storepass Changeit
3. Client configuration: Import the key for the client's JVM (import the certificate issued by the server into the JVM)
Keytool-import-trustcacerts-alias tomcat-keystore "%java_home%/jre/lib/security/cacerts"-file d:\ Mycerts.cer (here is the path to the certificate generation, not the secret key, and the subsequent configuration is the secret key instead of the certificate, do not confuse)-storepass Changeit
After that, you can see that the Catest.cer file was generated, and then the import is done, and the keytool operation is complete.
Configure Tomcat
If it is above eclipse, find the service for Eclipse (if not, locate the Server.xml file below Tomcat), locate Server.xml and open:
The configuration is as follows:
<Connectorsslenabled= "true"Acceptcount= "+"ClientAuth= "false"Disableuploadtimeout= "true"enablelookups= "false"Keystorefile= "D:\catest.key (this is the secret key location generated in the first step)"Keystorepass= "Zuecun (here is the password for the secret key)"MaxThreads= "+"Port= "8443"Protocol= "Org.apache.coyote.http11.Http11NioProtocol"Scheme= "https"Secure= "true"Sslprotocol= "TLS"/>
If there are other 8443 ports that are directly commented out
Then find the Web. XML (in the same directory as Server.xml) and open:
Configuration at <welcome-file-list> Rear:
<Security-constraint> <web-resource-collection> <Web-resource-name>Securedapp</Web-resource-name> <Url-pattern>/*</Url-pattern> </web-resource-collection> <User-data-constraint> <Transport-guarantee>Confidential</Transport-guarantee><!--If you want to turn off SSL, just change the confidential to NONE. - </User-data-constraint> </Security-constraint>
Then start the server, the direct access will automatically jump to your configured HTTPS port to 8443, note that you have created the certificate here yourself did not apply, so there will be unsafe connection, of course, this is a local test,
The last sentence is to welcome the big God to throw bricks or suggestions, thank you ~ ~ ~
Tomcat under Eclipse configuration HTTPS (easiest to configure HTTPS)