基本步骤:
1.使用 java 创建一个 keystore 文件
2.配置 Tomcat 以使用该 keystore 文件
3.测试
4.配置应用以便使用 SSL ,例如 https://localhost:8443/yourApp
执行 keytool -genkey -alias tomcat -keyalg RSA 结果如下
loiane:bin loiane$ keytool -genkey -alias tomcat -keyalg RSA
Enter keystore password: password
Re-enter new password: password
What is your first and last name?
[Unknown]: Loiane Groner
What is the name of your organizational unit?
[Unknown]: home
What is the name of your organization?
[Unknown]: home
What is the name of your City or Locality?
[Unknown]: Sao Paulo
What is the name of your State or Province?
[Unknown]: SP
What is the two-letter country code for this unit?
[Unknown]: BR
Is CN=Loiane Groner, OU=home, O=home, L=Sao Paulo, ST=SP, C=BR correct?
[no]: yes
Enter key password for
(RETURN if same as keystore password): password
Re-enter new password: password
这样就在用户的主目录下创建了一个 .keystore 文件
- 配置 Tomcat 以使用 keystore 文件
打开 server.xml 找到下面被注释的这段
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
干掉注释,并将内容改为
<Connector SSLEnabled="true" acceptCount="100" clientAuth="false"
disableUploadTimeout="true" enableLookups="false" maxThreads="25"
port="8443" keystoreFile="/Users/loiane/.keystore" keystorePass="password"
protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"
secure="true" sslProtocol="TLS" />
启动 Tomcat 并访问 https://localhost:8443. 你将看到 Tomcat 默认的首页。
把server.xml中8080端口的配置给注释掉就可以。
网友评论