tomcat用https替换http的方法

1.首先用jdk自带的工具keytool生成一个证书keystore

C:\Documents and Settings\Administrator>keytool -genkey -alias sxta -keyalg RSA
-keystore D:\sxta.keystore
Enter keystore password:  sxta
Keystore password is too short - must be at least 6 characters
Enter keystore password:  sxtaweb
What is your first and last name?
  [Unknown]:  **
What is the name of your organizational unit?
  [Unknown]:  山西**科技有限公司
What is the name of your organization?
  [Unknown]:  山西**科技有限公司
What is the name of your City or Locality?
  [Unknown]:  太原
What is the name of your State or Province?
  [Unknown]:  山西
What is the two-letter country code for this unit?
  [Unknown]:  cn
Is <CN=, OU=q?npW?q??        Pl?, O=q?npW?q??       Pl?, L=*?, ST=q, C=cn>
correct?
  [no]:  y

Enter key password for <sxta>
        (RETURN if same as keystore password):

C:\Documents and Settings\Administrator>

 

2.http://java.sun.com/products/archive/jsse/ 去下载jsse，下载下来后是一个zip包，把里边lib目录下的jar包jcert.jar, jnet.jar, jsse.jar拷贝到$JAVA_HOME/jre/lib/ext  

 

3.修改tomcat目录下的server.xml文件，增加
              

  <Connector 
                port="8443" protocol="HTTP/1.1" minSpareThreads="5" maxSpareThreads="75" 
                enableLookups="true" disableUploadTimeout="true" 
                acceptCount="100" maxThreads="200" 
                scheme="https" secure="true" SSLEnabled="true" 
                keystoreFile="d:/credit.keystore" keystorePass="creditworld" 
                clientAuth="false" sslProtocol="TLS"/>

 其中keystorePass的值为生成keystore时输入的密码,keystoreFile的值为证书存放的路径.

4.web.xml 增加

<security-constraint>  
    <web-resource-collection>  
        <web-resource-name>sslapp</web-resource-name>  
        <url-pattern>/*</url-pattern>  
        <http-method>GET</http-method>  
        <http-method>POST</http-method>  
    </web-resource-collection>  
    <user-data-constraint>  
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>  
    </user-data-constraint>  
</security-constraint>