Tomcat8.5 configure https https configuration and SpringBoot

Tomcat8.5 configuration https

The first step to generate a key file with the JDK tools keytools

C:\Users\Administrator>D:\Java\jdk1.8.0_201\bin\keytool.exe -genkeypair -alias "
tomcat" -keyalg "RSA" -keystore "F:\tomcat.keystore" -validity 365

It will appear the following prompt:

JKS 密钥库使用专用格式。建议使用 "keytool -importkeystore -srckeystore G:\tomcat
.keystore -destkeystore G:\tomcat.keystore -deststoretype pkcs12" 迁移到行业标准
格式 PKCS12。

Can choose to use the above prompt command key convert PKCS12 format, may choose not to convert, in general there is no difference.

The second step configuration tomcat8.5

Open server.xml configuration file to add the following configuration:

    <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" 
               clientAuth="false" sslProtocol="TLS"
               keystoreFile="E:\tomcat.keystore"  
               keystorePass="123456"
               >
    </Connector>

Restart Tomcat

Visit the site with https

https protocol has been configured to 443
access sites can omit the port:
https: // localhost
HTTP can still use
http: // localhost: 8080


because my 443 port is occupied by other programs, there have been 403 error, so I put https port changed to 9443, depending on the specific circumstances of this set, with 443 best.

> netstat -ano | findstr "443"

---

SpringBoot configuration https

The first step application configuration file

(Using the previously generated key file)

server:
  port: 9443
  ssl:
    key-store: E:\tomcat.keystore
    key-store-password: 123456
    key-alias: tomcat
    key-store-type: PKCS12

So that you can use https to access the site.

http turn https request access

In the application startup code to add the following class.

    @Bean
    public Connector connector(){
        Connector connector=new Connector("org.apache.coyote.http11.Http11NioProtocol");
        connector.setScheme("http");
        connector.setPort(80);
        connector.setSecure(false);
        connector.setRedirectPort(9443);
        return connector;
    }

    @Bean
    public TomcatServletWebServerFactory tomcatServletWebServerFactory(Connector connector){
        TomcatServletWebServerFactory tomcat=new TomcatServletWebServerFactory(){
            @Override
            protected void postProcessContext(Context context) {
                SecurityConstraint securityConstraint=new SecurityConstraint();
                securityConstraint.setUserConstraint("CONFIDENTIAL");
                SecurityCollection collection=new SecurityCollection();
                collection.addPattern("/*");
                securityConstraint.addCollection(collection);
                context.addConstraint(securityConstraint);
            }
        };
        tomcat.addAdditionalTomcatConnectors(connector);
        return tomcat;
    }

When using http access the site will be automatically converted to https.
Note that the default configuration port and access 80,443.