tomcat配置https

標籤：http   tomcat   cti   prot   org   fonts   url   enabled   sni   

1.產生keystore檔案。keytool -v -genkey -alias tomcat -keyalg RSA -keystore  d:/tomcat.keystore -validity 36500

這裡的keytool在jdk的bin目錄下，也可以寫絕對位址，這裡的口令一律寫123456，下面要用到

這樣就產生了tomcat.keystore

2、修改  tomcat/conf/server.xml ，並指定安全性憑證位置和密碼

<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"               maxThreads="150" scheme="https" secure="true"               clientAuth="false" sslProtocol="TLS" keystoreFile="D:/tomcat.keystore"keystorePass="123456"/>

此時是http和https都可以訪問項目的，若要完全禁用http則需要修改以下

8080和8009(這裡的連接埠改為了8003)對應改為443

 <Connector port="8080" protocol="HTTP/1.1"                connectionTimeout="20000"                redirectPort="443" /><!-- Define an AJP 1.3 Connector on port 8009 -->    <Connector port="8003" protocol="AJP/1.3" redirectPort="443" />

3.配置web.xm，在welcome-file-list後面加上以下

 <welcome-file-list>        <welcome-file>index.html</welcome-file>        <welcome-file>index.htm</welcome-file>        <welcome-file>index.jsp</welcome-file>    </welcome-file-list><login-config><!--Authorization setting for SSL --><auth-method>CLIENT-CERT</auth-method><realm-name>Client Cert User-only Area</realm-name>    </login-config>    <security-constraint><!--Authorization setting for SSL--><web-resource-collection><web-resource-name>SSL</web-resource-name><url-pattern>/*</url-pattern></web-resource-collection>        <user-data-constraint>     <transport-guarantee>CONFIDENTIAL</transport-guarantee>        </user-data-constraint>    </security-constraint>

若要禁用掉http不安全方法，這裡的配置可以這樣寫

 <welcome-file-list>        <welcome-file>index.html</welcome-file>        <welcome-file>index.htm</welcome-file>        <welcome-file>index.jsp</welcome-file>    </welcome-file-list><login-config><!--Authorization setting for SSL --><auth-method>CLIENT-CERT</auth-method><realm-name>Client Cert User-only Area</realm-name>    </login-config>    <security-constraint><!--Authorization setting for SSL--><web-resource-collection><web-resource-name>SSL</web-resource-name><url-pattern>/*</url-pattern></web-resource-collection>        <user-data-constraint>     <transport-guarantee>CONFIDENTIAL</transport-guarantee>        </user-data-constraint>    </security-constraint>    <security-constraint><web-resource-collection><web-resource-name>fortune</web-resource-name><url-pattern>/*</url-pattern><http-method>PUT</http-method><http-method>DELETE</http-method><http-method>HEAD</http-method><http-method>OPTIONS</http-method><http-method>TRACE</http-method></web-resource-collection><auth-constraint></auth-constraint>    </security-constraint>

4.附加元件目，啟動後匯入認證就可以了

訪問https://localhost:443/spfxzd會出現安全性憑證有問題，右鍵

認證--詳細資料--複製到檔案--下一步--一直到匯出檔案到案頭檔案為tomcat.cer

這裡可以雙擊認證安裝下

下面開啟瀏覽器的Internet選項  ----> 內容  ----> 認證

選擇"可信任的根憑證授權單位"  ----> 匯入認證

將產生的認證匯入進來

完成

參考配置：http://www.cnblogs.com/wanghaoyuhappy/p/5267702.html

tomcat配置https