1 Generate the key: enter the bin directory of jdk and enter:
keytool -genkeypair -alias "tomcat" -keyalg "RSA" -keystore "g:\tomcat.keystore" -validity 36500
Brief description of the parameters: "g :\tomcat.keystore" means to save the certificate file in the F drive, the name of the certificate file is tomcat.keystore; " -validity 36500 " means the validity period of the certificate, 36500 means 100 years, the default value is 90 days
The password I entered at 1 is tomcat, the 2 is the address to access, and the password at 3 is the same as that at 1.
Configure TOMCAT Server
433 is the default port for https
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" URIEncoding="UTF-8"/> changed to <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="443" URIEncoding="UTF-8"/>
<!-- <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS"/> --> Uncomment and modify parameters => <Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="G:/ssl/tomcat.keystore" keystorePass="tomcat" />
The two parameters marked in pink are the location of the certificate file and the master password of <tomcat>, which are set during the certificate file generation process
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> changed to <Connector port="8009" protocol="AJP/1.3" redirectPort="443" />
Start tomcat and access the address: https://localhost/ or http://localhost:8080/ Success
2.强制https访问
在tomcat\conf\web.xml中的</welcome-file-list>后面加上这样一段:
Java代码
1. <login-config>
2. <!-- Authorization setting for SSL -->
3. <auth-method>CLIENT-CERT</auth-method>
4. <realm-name>Client Cert Users-only Area</realm-name>
5. </login-config>
6. <security-constraint>
7. <!-- Authorization setting for SSL -->
8. <web-resource-collection >
9. <web-resource-name >SSL</web-resource-name>
10. <url-pattern>/*</url-pattern>
11. </web-resource-collection>
12. <user-data-constraint>
13. <transport-guarantee>CONFIDENTIAL</transport-guarantee>
14. </user-data-constraint>
15. </security-constraint>