tomcat is deployed as https protocol

1 Generate the key: enter the bin directory of jdk and enter:

keytool -genkeypair -alias "tomcat" -keyalg "RSA" -keystore "g:\tomcat.keystore" -validity 36500

Brief description of the parameters: "g :\tomcat.keystore" means to save the certificate file in the F drive, the name of the certificate file is tomcat.keystore; " -validity 36500 " means the validity period of the certificate, 36500 means 100 years, the default value is 90 days

Fill in the necessary parameters on the command line:

A. Enter the keystore password: you need to enter a string of more than 6 characters here

B. "What are your first and last names?" This is a required field, and must be the domain name or IP of the TOMCAT deployment host [eg: gbcom.com or  10.1.25.251], which is what you will enter in the browser in the future address

C. "What is the name of your organizational unit?", "What is the name of your organization?", "What is the name of your city or region?", "What is the name of your state or province?", "The What is the two-letter country code of the unit?" You can fill it in as needed or just press Enter without filling it in. When the system asks "Is it correct?", check the input information, if it meets the requirements, use the keyboard to enter the letter " y", otherwise enter " n" refill the information above

D. Enter the master password of <tomcat>. This is more important and will be used in the tomcat configuration file. It is recommended to enter the same password as the keystore. You can also set other passwords.

l After completing the above input, press Enter to find the generated file at the location you defined in the second step

The password I entered at 1 is tomcat, the 2 is the address to access, and the password at 3 is the same as that at 1.

Configure TOMCAT Server

433 is the default port for https

    <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" URIEncoding="UTF-8"/>
changed to

    <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="443" URIEncoding="UTF-8"/>

<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
              maxThreads="150" scheme="https" secure="true"
              clientAuth="false" sslProtocol="TLS"/>
 -->
Uncomment and modify parameters =>

 <Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
               keystoreFile="G:/ssl/tomcat.keystore"  
                keystorePass="tomcat"  />

The two parameters marked in pink are the location of the certificate file and the master password of <tomcat>, which are set during the certificate file generation process

<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

changed to

<Connector port="8009" protocol="AJP/1.3" redirectPort="443" />

Start tomcat and access the address: https://localhost/ or http://localhost:8080/ Success

 

2.强制https访问

在tomcat\conf\web.xml中的</welcome-file-list>后面加上这样一段：
Java代码
    1. <login-config>
    2. <!-- Authorization setting for SSL -->
    3. <auth-method>CLIENT-CERT</auth-method>
    4. <realm-name>Client Cert Users-only Area</realm-name>
    5. </login-config>
    6. <security-constraint>
    7. <!-- Authorization setting for SSL -->
    8. <web-resource-collection >
    9. <web-resource-name >SSL</web-resource-name>
    10. <url-pattern>/*</url-pattern>
    11. </web-resource-collection>
    12. <user-data-constraint>
    13. <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    14. </user-data-constraint>
    15. </security-constraint>

3. After the above configuration is completed, you can use SSL after restarting TOMCAT. You can directly enter the address in the IE address bar without entering " http:// " or  " https:// "; you can also enter " http://  " and it will jump to  "https://" to log in