(1) Download openssl to make a private key. After executing the following command, server.key will be created in the test directory under the current directory
openssl genrsa -out test/server.key 1024
(2) To make a request certificate for the issuing authority, you need to enter some real information truthfully, and pay attention to fill in your domain name when filling in "common name (egserver FQDN or YOUR name)"
openssl req -new -key test/server.key -out test/certreq.csr
(3) Self-signed certificates are used to simulate ten years of availability. If you purchase a formal certificate, ignore this step, and the issuing agency will send two cer files, one for the server certificate and one for the root certificate.
openssl x509 -req -in test/certreq.csr -out test/cert.cer -signkey test/server.key -days 3650
(4) To configure tomcat for the signature certificate, copy the previously generated files cert.cer and server.key to the bin directory of tomcat. If you are purchasing a formal certificate, put the two certificate files given to you by the issuing agency in the bin directory.
Modify tomcat's configuration file server.xml and find
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
Uncomment it and change it to read (note that you must use 443 if you want to use port 80):
<Connector port="443" protocol="org.apache.coyote.http11.Http11AprProtocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
SSLCertificateFile="cert.cer"
SSLCertificateKeyFile="server.key"
sslProtocol="TLS" />
(5) If you only want to use https to access, you need to annotate the original 8080 window monitor
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" / >