Tomcat 配置HTTPS

一、生成证书

keytool -genkey-alias tomcat -keyalg RSA -keystore C:\OctopusStoreKey\tomcat.keystore-validity 36500

参数简要说明：

F:\tomcat.keystore：证书文件保存在F盘，证书文件名称是tomcat.keystore 

-validity 36500：证书有效期，36500表示100年，默认值是90天

二、修改Tomcat的Server.xml配置文件

   <Connectorport="80" protocol="HTTP/1.1"
                connectionTimeout="20000"
                 redirectPort="443"/>
   <Connector    port="443" protocol="org.apache.coyote.http11.Http11Protocol"
                                     SSLEnabled="true"
                                     maxThreads="150"
                                     scheme="https"
                                     secure="true"
                <span style="white-space:pre">		</span>     clientAuth="false"
                                     keystoreFile="c:\OctopusStoreKey\SP2014.keystore"
                                     keystorePass="123456"
                                     sslProtocol="TLS"/>
   <!-- Define an AJP 1.3 Connector on port 8009 -->
   <Connector port="8009" enableLookups="false"protocol="AJP/1.3" redirectPort="443" />

三、修改Tomcat的Web.xml配置文件

     

   <login-config>
                   <auth-method>CLIENT-CERT</auth-method>
       <realm-name>Client Cert Users-only Area</realm-name>
   </login-config>
   <security-constraint>
       <web-resource-collection>
                <web-resource-name>SSL</web-resource-name>
                <url-pattern>/*</url-pattern>
       </web-resource-collection>
       <user-data-constraint>
              <transport-guarantee>CONFIDENTIAL</transport-guarantee>
       </user-data-constraint>
   </security-constraint>

 

借鉴博客

http://www.tuicool.com/articles/ruARjia

http://blog.csdn.net/bao19901210/article/details/8768362

http://itindex.net/detail/49585-https-%E8%AE%A4%E8%AF%81-tomcat

http://blog.sina.com.cn/s/blog_6911cf140102v2ma.html