tomcat中使用https提供服务,配置的方式有两种。生成或购买CA证书时会要求绑定域名、设置密码和证书别名(aliase).
tomcat可用的证书列表里用三个文件:
方式一:
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="/home/***/localhost/localhost.keystore" keystorePass="123456">
</Connector>
方式二:
<Connector port="443" protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150" SSLEnabled="true" >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
certificateFile="conf/localhost-rsa-cert.pem"
certificateChainFile="conf/localhost-rsa-chain.pem"
type="RSA" />
</SSLHostConfig>
</Connector>
方式二是tomcat8中默认提供的示例,可以配置使用Arp/Nio/Bio类型的通信协议,证书中主要使用*.keystore和*.jks。
--end