tomcat configure https access (jdk self-made certificate)

Others 2022-05-18 23:53:15 views: 0

The test environment in this article is apache-tomcat-7.0.57 . After

installing jdk, you can use keytool to make a certificate

. 1. Generate a keystore file. The name of the certificate is test001. After executing the command, you are asked to enter the password of the certificate. We set it to 123456; In the current directory, a .keystore file will be generated and copied to the bin directory of tomcat. 

keytool -genkey -alias test001 -keyalg RSA -keystore


(When generating the certificate, "What are your first and last names?" Be sure to enter your ip and domain name. In short, if you want to access your website through https://xx in the future, you must fill in xx here. Otherwise, there will be a prompt that the certificate is not trusted.)

2. To export the certificate file, first enter the bin directory of tomcat from the console. After executing the following command, you will be asked to enter the password of the certificate. The following command test001 is the certificate name 

keytool -selfcert -alias test001 -keystore .keystore


3. Generate a certificate file. The following command test001 is the certificate name entered when the command was executed before, 123456 is the password, and tomcat.cer is the file name of the exported certificate (this step is to generate a certificate for the customer to install, it is also possible not to install it, but it will There is no information prompt when accessing) 

keytool -export -alias test001 -keystore .keystore -storepass 123456 -rfc -file tomcat.cer


4. Modify the tomcat configuration file server.xml to find 
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
           maxThreads="150" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS" />

Uncomment it and change it to read (note that you must use 443 if you want to use port 80): 
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
 maxThreads="150" scheme="https" secure="true"
keystoreFile="bin/.keystore" keystorePass="123456"
clientAuth="false" sslProtocol="TLS" />


5. If you only want to use https to access, you need to annotate the original 8080 window monitor 
Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" / >


6. If tomcat reports Connector attribute SSLCertificateFile must be defined when using SSL with APR. Then go to the server.xml configuration file and comment the following configuration 

<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />

Guess you like

Origin http://10.200.1.11:23101/article/api/json?id=326714267&siteId=291194637
Recommended
Ranking
ElasticSearch-- data modeling best practices
Permission Maintenance - Shadow User Backdoor
Refactor the code using MVP mode
Quantitative investment-fundamental model-PVC multi-factor model
Spark Big Data Processing Lecture Notes 3.2 Mastering RDD Operators
Blazor page components (2)
Erlernen von Kenntnissen zur Android-Entwicklung – Kodierung, Verschlüsselung, Hash, Serialisierung und Zeichensätze
About Qi high in JAVA study notes SORM summary detailed personal explanation
Will you calculate the accuracy of the rope displacement sensor in the measurement?
OPENJTAG debugging learning (3): debugging using the gdb command line
Daily
More
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)

Code World

© 2018 codetd.com