- Prerequisites have a certificate
- How to get the certificate?
Certificate configuration process
1. Environment preparation
In order to successfully configure https, you need to have the following environment:
java jdk
tomcat
2. JKS format certificate generation
1). Open your terminal or command line, enter:
keytool -genkey -v -alias testKey -keyalg RSA -validity 3650 -keystore /tomcat/tomcat/test.keystore
command explanation:
alias: alias here I named testKey
keyalg: certificate algorithm, RSA
validity: certificate validity time, 10 years
keystore: target path and file name for certificate generation, replace Just
enter your own path, what I defined is /tomcat/tomcat/test.keystore 2) Press Enter, and then you will be asked to enter some information. It is best to enter the same keystore password and secret password, and remember Give this password. Others can be filled in freely.
Of course, you can also apply for a certificate yourself
https://www.cnblogs.com/weihanli/archive/2017/05/12/httpsconfiguration.html
3. Configure https in tomcat
1). Put the keystore certificate Upload it to your tomcat server (if your tomcat is locally, you can also do not move it), and write down the path where the certificate is located.
2) Go to tomcat's conf directory, open the server.xml file, search https to find the following item, uncomment the port 8443 configuration, and change it to port 443 (access without port settings) (note: the port accessed by Https is 8443 , Can be modified to other ports.)
去掉注释,并将keystoreFile和keystorePass处替换成你自己的证书路径和生成证书时的口令即可.
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="你的keystore路径" keystorePass="生成证书时的口令" />
4. Start tomcat, and then you can use https and port 8443 to test access:
this is the pit I encountered when configuring the domain name for the server, and I hope other friends will pay attention