1> Use the jdk tool to generate the key file
//Enter the following code in the bin directory of the JDK
[plain] view plaincopyprint?
keytool -genkey -alias tomcat -keyalg RSA -keypass changeit -storepass changeit -keystore server.keystore -validity 3600
2>到tomcat/config/server.xml中找到<!-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation --> <!-- <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" /> --> 去掉注释,加入key文件配置<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https"secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="server.keystore"
keystorePass="changeit"/> after saving and restarting tomcat can be accessed through https://ip:8443/webproject (your web project) through https, the above uses the port 8443, if it is changed to 443, the port can be omitted when accessing, because 443 It is the default port of https to force https access to add the following configuration after </welcome-file-list> in tomcat\conf\web.xml: <login-config> <!-- Authorization setting for SSL --> <auth- method>CLIENT-CERT</auth-method> <realm-name>Client Cert Users-only Area</realm-name> </login-config> <security-constraint> <!-- Authorization setting for SSL --> <web-resource-collection > <web-resource-name >SSL</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint> Entering http://ip:8080/webproject like this will force it to https://ip:8443/webproject If the https port is configured as another port, remember to change the http transfer port together <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" URIEncoding="UTF-8" />