read max rtu 双击 welcom const eight protocol
1. 生成 keystore 文件。keytool -v -genkey -alias tomcat -keyalg RSA -keystore d:/tomcat.keystore -validity 36500
这里的 keytool 在 jdk 的 bin 目录下,也可以写绝对地址,这里的口令一律写 123456,下面要用到
这样就生成了 tomcat.keystore
2、修改 tomcat/conf/server.xml ,并指定安全证书位置和密码
- <Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
- maxThreads="150" scheme="https" secure="true"
- clientAuth="false" sslProtocol="TLS"
- keystoreFile="D:/tomcat.keystore"
- keystorePass="123456"/>
此时是 http 和 https 都可以访问项目的,若要完全禁用 http 则需要修改以下
8080 和 8009(这里的端口改为了 8003) 对应改为 443
- <Connector port="8080" protocol="HTTP/1.1"
- connectionTimeout="20000"
- redirectPort="443" />
- <!-- Define an AJP 1.3 Connector on port 8009 -->
- <Connector port="8003" protocol="AJP/1.3" redirectPort="443" />
3. 配置 web.xm,在 welcome-file-list 后面加上以下
- <welcome-file-list>
- <welcome-file>
- index.html
- </welcome-file>
- <welcome-file>
- index.htm
- </welcome-file>
- <welcome-file>
- index.jsp
- </welcome-file>
- </welcome-file-list>
- <login-config>
- <!--Authorization setting for SSL -->
- <auth-method>
- CLIENT-CERT
- </auth-method>
- <realm-name>
- Client Cert User-only Area
- </realm-name>
- </login-config>
- <security-constraint>
- <!--Authorization setting for SSL-->
- <web-resource-collection>
- <web-resource-name>
- SSL
- </web-resource-name>
- <url-pattern>
- /*
- </url-pattern>
- </web-resource-collection>
- <user-data-constraint>
- <transport-guarantee>
- CONFIDENTIAL
- </transport-guarantee>
- </user-data-constraint>
- </security-constraint>
若要禁用掉 http 不安全方法,这里的配置可以这样写
- <welcome-file-list>
- <welcome-file>
- index.html
- </welcome-file>
- <welcome-file>
- index.htm
- </welcome-file>
- <welcome-file>
- index.jsp
- </welcome-file>
- </welcome-file-list>
- <login-config>
- <!--Authorization setting for SSL -->
- <auth-method>
- CLIENT-CERT
- </auth-method>
- <realm-name>
- Client Cert User-only Area
- </realm-name>
- </login-config>
- <security-constraint>
- <!--Authorization setting for SSL-->
- <web-resource-collection>
- <web-resource-name>
- SSL
- </web-resource-name>
- <url-pattern>
- /*
- </url-pattern>
- </web-resource-collection>
- <user-data-constraint>
- <transport-guarantee>
- CONFIDENTIAL
- </transport-guarantee>
- </user-data-constraint>
- </security-constraint>
- <security-constraint>
- <web-resource-collection>
- <web-resource-name>
- fortune
- </web-resource-name>
- <url-pattern>
- /*
- </url-pattern>
- <http-method>
- PUT
- </http-method>
- <http-method>
- DELETE
- </http-method>
- <http-method>
- HEAD
- </http-method>
- <http-method>
- OPTIONS
- </http-method>
- <http-method>
- TRACE
- </http-method>
- </web-resource-collection>
- <auth-constraint>
- </auth-constraint>
- </security-constraint>
4. 加载项目,启动后导入证书就可以了
访问 https://localhost:443/spfxzd 会出现安全证书有问题,右键
证书 -- 详细信息 -- 复制到文件 -- 下一步 -- 一直到导出文件到桌面文件为 tomcat.cer
这里可以双击证书安装下
下面打开浏览器的 Internet 选项 ----> 内容 ----> 证书
选择 "受信任的根证书颁发机构" ----> 导入证书
将生成的证书导入进来
完成
参考配置:http://www.cnblogs.com/wanghaoyuhappy/p/5267702.html
tomcat 配置 https
来源: http://www.bubuko.com/infodetail-2010111.html