Remember the process of configuring tomcat's https self-signed certificate in Linux due to various needs:
Introduction to SSL certificates
1. Publicly trusted certification agencies
such as CAs, but applications are generally charged, usually hundreds to thousands of years.
Here you can Let me introduce to you that Tencent Cloud has a free one-year CA certificate service so far, you can use it.
2.
Although the security of self-generation is not so high, the advantage is that the cost is low. I am just doing a test at present, so this article is about self-generation.
Certificate configuration process
1. Environment preparation
In order to successfully configure https, you need to have the following environment:
java jdk
tomcat
2. JKS format certificate generation
1). Open your terminal or command line and enter:
keytool -genkey -v -alias testKey -keyalg RSA -validity 3650 -keystore /tomcat/tomcat/test.keystore
command explanation:
alias: alias here I named testKey
keyalg: certificate algorithm, RSA
validity: certificate validity time, 10 years
keystore: target path and file name for certificate generation, replace You can enter your own path, I defined /tomcat/tomcat/test.keystore
2) Press Enter, and then you will be asked to enter some information, in which the keystore password and the secret password are best to enter the same, and remember under this password. Others can be filled in casually ![[Tomcat] Tomcat configuration https (free certificate)](http://i2.51cto.com/images/blog/201805/03/9fca91e1fda7393ba33a9300f03d730e.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
3. Configure https in tomcat
1). Upload the keystore certificate to your tomcat server (if your tomcat is local, you can not move it), and write down the path of the certificate.
2). cd to the conf directory of tomcat and open server.xml file, search https to find the following:![[Tomcat] Tomcat configuration https (free certificate)](http://i2.51cto.com/images/blog/201805/03/bc6428c895588f5bf8903cb20524711e.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
去掉注释,并将keystoreFile和keystorePass处替换成你自己的证书路径和生成证书时的口令即可.
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="你的keystore路径" keystorePass="生成证书时的口令" />Only modify this one place, other places do not need to be moved.
4. Start tomcat, then you can use https and port 8443 to test access: ![[Tomcat] Tomcat configuration https (free certificate)](http://i2.51cto.com/images/blog/201805/03/58a34f2e9465cf117b7bba11938dcf05.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
You can also test access through the curl command:![[Tomcat] Tomcat configuration https (free certificate)](http://i2.51cto.com/images/blog/201805/03/d9a852fe7582e25062d2d54e7925e352.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)