tomcat实现https

1、创建证书

        进入tomcat的conf文件夹

cd /usr/share/tomcat9/conf

//创建证书
keytool -genkey -alias tomcat -keyalg RSA -keystore /usr/local/tomcat/tomcat.keystore -validity 36500

//(参数简要说明：“D:\home\tomcat.keystore”含义是将证书文件的保存路径，证书文件名称是tomcat.keystore ；“-validity 36500”含义是证书有效期，36500表示100年，默认值是90天 “tomcat”为自定义证书名称)。

Enter keystore password: #此处需要输入大于6个字符的字符串

Re-enter new password:

What is your first and last name? #“您的名字与姓氏是什么？”这是必填项，

[Unknown]: haha

What is the name of your organizational unit? #“你的组织单位名称是什么？”可以按照需要填写也可以不填写直接回车，实验中直接回          车

[Unknown]:

What is the name of your organization? #“您的组织名称是什么？”，同上直接回车

[Unknown]:

What is the name of your City or Locality? #“您所在城市或区域名称是什么？，同上直接回车

[Unknown]:

What is the name of your State or Province? #“您所在的州或者省份名称是什么？”

[Unknown]:

What is the two-letter country code for this unit? #“该单位的两字母国家代码是什么？”

[Unknown]:

Is CN=10.15.24.254, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct? #系统询问“正确          吗？”时，对照    输入信息，如果符合要求则使用键盘输入字母“y”，否则输入“n”重新填写上面的信息

[no]: y

Enter key password for

(RETURN if same as keystore password): #输入的主密码，这项较为重要，会在tomcat配置文件中使用，建议输入与keystore的密码一            致，设置其它密码也可以

Re-enter new password:

2、修改Tomcat的server.xml启用SSL

<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
         This connector uses the NIO implementation that requires the JSSE
         style configuration. When using the APR/native implementation, the
         OpenSSL style configuration is required as described in the APR/native
         documentation -->

    <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" 
               keystoreFile="/user/software/tomcat-8.0.28-api/.keystore" keystorePass="passWord"/>


    <!-- Define an AJP 1.3 Connector on port 8009 -->
    <!--
    <Connector port="8017" protocol="AJP/1.3" redirectPort="8451" />
    -->