This article is the original bloggers please indicate the source of labor of respect for what I am very grateful
Foreword
Since recently a project stuck in the https certificate, communication with partners a few days still not resolved, therefore let look big boss, but I configured it to https certificate absolutely no contact, little is known, in fact, received the task Mongolia is one, but the big boss threw a blog link I reference configuration according to what we first have to https configuration wow from ah
text
Beginning to see the document ios applet does not support self-signed certificate, what is self-signed certificate ah? My understanding of the certificate is to spend money
Let me talk about the so-called self-signed certificate is a certificate issued by ourselves when the browser opens, not issued by the authority will prompt you if it is unsafe link or simply use your own test or if you can get yourself is to use in the micro-channel or other formal occasions recommended for sensitive data or free certificate authority to buy the worst may be attached cloud services Ali cloud for a free SSL certificate attached open cloud Ali port Detailed graphics
Begin configuring the self-signed certificate
Log in to your server using the jdk that comes with keytool to generate a certificate for the server
The first step to enter the jdk installation directory does not need to go to the bin directory shift + right mouse button to open a command window here
The second step generates a certificate to perform the command window Enter
keytool -genkey -v -alias tomcat -keyalg RSA -keystore tomcat.keystore -validity 36500
Note: Here's your first and last name can not write without you write ip or domain name server of the key database password must be at least six characters
Press Enter when you can see this information printed catalog to find your jdk can see the generated certificate
其中 -genkey 是生成证书 -alias tomcat 是别名 -keyalg RSA 加密方式 tomcat.keystore 是要生成的证书名称 -validity 36500 表示的是有效期 36500天=100年 其他参数说明可以在cmd中输入keytool查看 如:
第三步 为客户端生成证书 文件为p12类型的证书
keytool -genkey -v -alias client -keyalg RSA -storetype PKCS12 -keystore client.p12 -validity 36500第四步 让服务器信任客户端证书 先转换客户端证书格式 转为cer文件并导出证书
keytool -export -alias client -keystore client.p12 -storetype PKCS12 -rfc -file client.cer 第五步 信任证书 将client.cer导入到tomcat的信任证书链中 把tomcat证书导出为tomcat.cer文件(导出根证书)
keytool -import -alias client-v -file client.cer -keystore tomcat.keystorekeytool -export -v -alias tomcat -file tomcat.cer -keystore tomcat.keystore第六步 以tomcat为例 配置https
找到在tomcat 安装目录 - conf -server.xml 文件 找到被注释掉的8443 去掉注释 补充参数:
clientAuth="false" sslProtocol="TLS"
keystoreFile="证书路径"
keystorePass="证书密码"
注意 http默认端口为80 https默认端口为443 如果修改https端口下面的图文说明
下图为被注释的https的配置:
下图为https的配置:
If you can not access the configured https https configuration protocol = "HTTP / 1.1" changed protocol = "org.apache.coyote.http11.Http11Protocol"
If Ali is the cloud server used to check whether the port is configured to open if not open access is not oh