1、生成keystore文件
keytool -v -genkey -alias tomcat -keyalg RSA -keystore d:/tomcat.keystore
2. 取消注释 tomcat/conf/server.xml ,并指定安全证书位置和密码
1 <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
2 maxThreads="150" scheme="https" secure="true"
3 clientAuth="false" sslProtocol="TLS"
4 keystoreFile="D:/tomcat7/conf/keystore/tomcat.keystore"
5 keystorePass="123456"/>
3. 所有http请求强转为HTTPS请求
对应的业务工程下web.xml配置最后
01 <security-constraint>
02 <!-- Authorization setting for SSL -->
03 <web-resource-collection>
04 <web-resource-name>OPENSSL</web-resource-name>
05 <url-pattern>/*</url-pattern>
06 </web-resource-collection>
07 <user-data-constraint>
08 <transport-guarantee>CONFIDENTIAL</transport-guarantee>
09 </user-data-constraint>
10 </security-constraint>
附加:
禁用HTTP不安全的方法:
在tomcat/conf/web.xml最后加上一个节点
01 <!--禁用HTTP的不安全方法-->
02 <security-constraint>
03 <web-resource-collection>
04 <url-pattern>/*</url-pattern>
05 <http-method>PUT</http-method>
06 <http-method>DELETE</http-method>
07 <http-method>HEAD</http-method>
08 <http-method>OPTIONS</http-method>
09 <http-method>TRACE</http-method>
10 </web-resource-collection>
11 <auth-constraint></auth-constraint>
12 </security-constraint>
TOMCAT配置HTTPS和SSL并HTTP请求强转为HTTPS请求
最新推荐文章于 2021-12-06 14:51:46 发布