1.最基本的单点登录
客户端配置:
1.Tomcat配置SSL
1.生成证书
打开cmd或终端,命令行切换到Tomcat所在目录,执行如下命令:
D:\JayHe\Environment\tomcat-8.0.33>keytool -genkey -alias tomcat_key -keyalg RSA -storepass changeit -keystore server.keystore -validity 3600
说明:
-validity 指证书的有效期(天),缺省有效期很短,只有90天
2.导出证书
D:\JayHe\Environment\tomcat-8.0.33>keytool -export -trustcacerts -alias tomcat_key -file server.cer -keystore server.keystore -storepass changeit
说明:
证书存储在 server.cer 文件中
3.导入证书
D:\JayHe\Environment\tomcat-8.0.33>keytool -import -trustcacerts -alias tomcat_key -file server.cer -keystore cacerts -storepass changeit
2.Tomcat配置
完成密钥文件、证书文件、密钥库文件后即可进行服务端Tomcat的配置,
打开$CATALINA_HOME/conf/server.xml文件,注释掉如下代码段:
<Connector port="80"protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443"/>
并取消注释<Connectorport="8443" protocol="HTTP/1.1" SSLEnabled="true"…/>代码段,修改
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
This connector uses the NIO implementation that requires the JSSE
style configuration. When using the APR/native implementation, the
OpenSSL style configuration is required as described in the APR/native
documentation -->
<!-- keystorePass="" 是配置SSL时导入证书是填的密码,如果没有可不填 -->
<!--
<Connector port="443" protocol="HTTP/1.1" keystoreFile="/server.keystore" truststoreFile="cacerts"
keystorePass="" maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
<Connector port="443" protocol="HTTP/1.1" keystoreFile="/server.keystore" truststoreFile="cacerts"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" /&