SSL certificate request can refer to my blog, this blog also nginx + tomcat ssl configuration method: https://www.cnblogs.com/HeiDi-BoKe/p/12162324.html
The application for a certificate good upload files to the server, and copied to the tomcat directory
[root @ tanbaobao conf] # mkdir CERT [root @ tanbaobao conf] # chmod -R +777 CERT / [root @ tanbaobao conf] # LS / usr / local / src / directory to store the certificate file their own creation / Tomcat / keystorePass. txt domain .jks [root @tanbaobao conf] # cp -r / usr / local / src / directory to store certificates / Tomcat / / usr / local / tomcat-2 / conf / cert /
Modify tomcat's server.xml file
# Modify 8443 443, then add 443 tag # clientAuth: If true, that Tomcat to require all SSL clients to present a security certificate for SSL client authentication. [the root @ tanbaobao the conf] # VI the server.xml <Connector Port = " 8181 " Protocol = " the HTTP / 1.1 " connectionTimeout = " 20000 " the URIEncoding = " UTF-. 8 " the redirectPort = " 443 " /> <Connector Port = " 443 " Protocol = "org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true" maxThreads="150" SSLEnabled="true"> <SSLHostConfig> <Certificate certificateKeystoreFile="/usr/local/tomcat-2/conf/cert/域名.jks" certificateKeystorePassword="秘钥文件" clientAuth="false" sslProtocol="TLS" type="RSA"/> </SSLHostConfig> </Connector> <Connector port="8010" protocol="AJP/1.3" redirectPort="443" /> <Engine name="Catalina" defaultHost="localhost"> <Realm className="org.apache.catalina.realm.LockOutRealm"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> </Realm> <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true"> <Context path="" docBase="beian" debug="0" privileged="true" reloadable="false"/> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log" suffix=".txt" pattern="%h %l %u %t "%r" %s %b" /> </Host>
Restart Service
[root@tanbaobao tomcat-2]# ./bin/startup.sh
Browser to access https: // domain name