Tomcat 配置HTTPS

一、生成证书

keytool -genkey-alias tomcat -keyalg RSA -keystore C:\OctopusStoreKey\tomcat.keystore-validity 36500

参数简要说明：

F:\tomcat.keystore：证书文件保存在F盘，证书文件名称是tomcat.keystore 

-validity 36500：证书有效期，36500表示100年，默认值是90天

二、修改Tomcat的Server.xml配置文件

   <Connectorport="80" protocol="HTTP/1.1"                connectionTimeout="20000"                 redirectPort="443"/>   <Connector    port="443" protocol="org.apache.coyote.http11.Http11Protocol"                                     SSLEnabled="true"                                     maxThreads="150"                                     scheme="https"                                     secure="true"                <span style="white-space:pre"></span>     clientAuth="false"                                     keystoreFile="c:\OctopusStoreKey\SP2014.keystore"                                     keystorePass="123456"                                     sslProtocol="TLS"/>   <!-- Define an AJP 1.3 Connector on port 8009 -->   <Connector port="8009" enableLookups="false"protocol="AJP/1.3" redirectPort="443" />

三、修改Tomcat的Web.xml配置文件

     

   <login-config>                   <auth-method>CLIENT-CERT</auth-method>       <realm-name>Client Cert Users-only Area</realm-name>   </login-config>   <security-constraint>       <web-resource-collection>                <web-resource-name>SSL</web-resource-name>                <url-pattern>/*</url-pattern>       </web-resource-collection>       <user-data-constraint>              <transport-guarantee>CONFIDENTIAL</transport-guarantee>       </user-data-constraint>   </security-constraint>

 

借鉴博客

http://www.tuicool.com/articles/ruARjia

http://blog.csdn.net/bao19901210/article/details/8768362

http://itindex.net/detail/49585-https-%E8%AE%A4%E8%AF%81-tomcat

http://blog.sina.com.cn/s/blog_6911cf140102v2ma.html