配置tomcat http转https
程序员文章站
2022-03-04 23:13:28
...
创建keystore keytool -genkey -alias tomcat -keyalg RSA -keystore d:\mykeystore -dname "CN=localhost, OU=localhost, O=localhost, L=SH, ST=SH, C=CN" -keypass changeit -storepass changeit
导出证书 keytool -export -file d:\tomcat.crt -alias tomcat -keystore d:\mykeystore -storepass changeit
放到jvm里 keytool -import -trustcacerts -alias tomcat -keystore cacerts -file d:\tomcat.crt -storepass changeit
删除jvm里的证书 keytool -delete -alias tomcat –keystore "%JAVA_HOME%/jre/lib/security/cacerts" -storepass changeit
查询jvm里的证书 keytool -list -alias tomcat -keystore "%JAVA_HOME%/jre/lib/security/cacerts " -storepass changeit
最后修改 server.xml 注意::要放生成的文件,不是证书文件。
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="D:\tomcat\apache-tomcat-7.0.52\conf\mykeystore" keystorePass="changeit"
keyAlias="tomcat" keyPass="changeit"/>
导出证书 keytool -export -file d:\tomcat.crt -alias tomcat -keystore d:\mykeystore -storepass changeit
放到jvm里 keytool -import -trustcacerts -alias tomcat -keystore cacerts -file d:\tomcat.crt -storepass changeit
删除jvm里的证书 keytool -delete -alias tomcat –keystore "%JAVA_HOME%/jre/lib/security/cacerts" -storepass changeit
查询jvm里的证书 keytool -list -alias tomcat -keystore "%JAVA_HOME%/jre/lib/security/cacerts " -storepass changeit
最后修改 server.xml 注意::要放生成的文件,不是证书文件。
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="D:\tomcat\apache-tomcat-7.0.52\conf\mykeystore" keystorePass="changeit"
keyAlias="tomcat" keyPass="changeit"/>
推荐阅读