tomcat配置https自簽名證書(keytool生成)
阿新 • • 發佈:2018-08-05
pri list tin led str orm unit lock pass tomcat配置https自簽名證書(keytool生成)
生成keystore
keytool -genkeypair -alias "server" -keyalg "RSA" -validity "365" -keystore "/app/webapp/tomcat/https/server.keystore"
[webapp@machina https]$ pwd /app/webapp/tomcat/https [webapp@machina https]$ keytool -genkeypair -alias "server" -keyalg "RSA" -validity "365" -keystore "/app/webapp/tomcat/https/server.keystore" Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: 10.13.22.102 What is the name of your organizational unit? [Unknown]: ai What is the name of your organization? [Unknown]: ai What is the name of your City or Locality? [Unknown]: gz What is the name of your State or Province? [Unknown]: gd What is the two-letter country code for this unit? [Unknown]: cn Is CN=10.13.22.102, OU=ai, O=ai, L=gz, ST=gd, C=cn correct? [no]: yes Enter key password for <server> (RETURN if same as keystore password): Re-enter new password: Warning: The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /app/webapp/tomcat/https/server.keystore -destkeystore /app/webapp/tomcat/https/server.keystore -deststoretype pkcs12". [webapp@machina https]$
修改配置server.xml
[webapp@machina conf]$ pwd
/app/webapp/tomcat/apache-tomcat-7.0.88/conf
[webapp@machina conf]$ vi server.xml
<!-- <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" /> -->
改為:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/app/webapp/tomcat/https/server.keystore" keystorePass="123456"/>
保存:
:wq
修改https的tomcat裏的默認端口8443(也可不改,用默認的)。
這裏修改為18003。共修改三處。另外兩處是註釋裏的,可不修改。
<Connector port="18002" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<Connector port="18002" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="18003" />
<Connector port="18003" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/app/webapp/tomcat/https/server.keystore" keystorePass="123456"/>
<Connector port="8009" protocol="AJP/1.3" redirectPort="18003" />
修改tomcat的web.xml,強制http跳轉到https
[webapp@machina conf]$ pwd
/app/webapp/tomcat/apache-tomcat-7.0.88/conf
[webapp@machina conf]$ vi web.xml
</welcome-file-list>後面加上這樣一段:
<login-config>
<!-- Authorization setting for SSL -->
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
<!-- Authorization setting for SSL -->
<web-resource-collection >
<web-resource-name >SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
重啟tomcat
[webapp@machina bin]$ pwd
/app/webapp/tomcat/apache-tomcat-7.0.88/bin
[webapp@machina bin]$ sh shutdown.sh
Using CATALINA_BASE: /app/webapp/tomcat/apache-tomcat-7.0.88
Using CATALINA_HOME: /app/webapp/tomcat/apache-tomcat-7.0.88
Using CATALINA_TMPDIR: /app/webapp/tomcat/apache-tomcat-7.0.88/temp
Using JRE_HOME: /opt/jdk1.8.0_151
Using CLASSPATH: /app/webapp/tomcat/apache-tomcat-7.0.88/bin/bootstrap.jar:/app/webapp/tomcat/apache-tomcat-7.0.88/bin/tomcat-juli.jar
Java HotSpot(TM) 64-Bit Server VM warning: ignoring option PermSize=256m; support was removed in 8.0
Java HotSpot(TM) 64-Bit Server VM warning: ignoring option MaxPermSize=256m; support was removed in 8.0
[webapp@machina bin]$ sh startup.sh
Using CATALINA_BASE: /app/webapp/tomcat/apache-tomcat-7.0.88
Using CATALINA_HOME: /app/webapp/tomcat/apache-tomcat-7.0.88
Using CATALINA_TMPDIR: /app/webapp/tomcat/apache-tomcat-7.0.88/temp
Using JRE_HOME: /opt/jdk1.8.0_151
Using CLASSPATH: /app/webapp/tomcat/apache-tomcat-7.0.88/bin/bootstrap.jar:/app/webapp/tomcat/apache-tomcat-7.0.88/bin/tomcat-juli.jar
Tomcat started.
訪問
?http://10.13.22.102:18002/ops/app
自動跳轉:
?https://10.13.22.102:18003/ops/app
tomcat配置https自簽名證書(keytool生成)