环境参数:Tomcat8.5.9 + JDK1.8
1. 进入JDK所在的安装目录的bin目录下 ,如:D:\Java\jdk1.8.0_201\bin
运行如下命令生成证书tomcat.keystore在 D:\apache-tomcat-8.5.9\目录下,参数 -validity 3650 表示证书有效期为3650天
keytool -genkey -alias tomcat -keyalg RSA -keystore D:\apache-tomcat-8.5\tomcat.keystore -validity 3650
还可以继续运行如下命令:
keytool -importkeystore -srckeystore D:\apache-tomcat-8.5.9\tomcat.keystore -destkeystore D:\apache-tomcat-8.5.9\toomcat.keystore -deststoretype pkcs12
注意事项说明:
输入密钥库口令:123456 与下文server.xml文件中 keystorePass="123456" 对应
2. 修该Tomcat的配置文件web.xml、server.xml,目录如下:D:\apache-tomcat-8.5.9\conf\
(1)修改web.xml文件
<security-constraint>
<web-resource-collection >
<web-resource-name >SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
修改位置说明:
(2)修改server.xml文件
<Connector port="8090" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443"
SSLEnabled="true" maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="tomcat.keystore"
keystorePass="123456"
/>
<Connector port="8089" protocol="AJP/1.3" redirectPort="8443"
SSLEnabled="true" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"/>
修改位置说明:
3. 测试访问:https://127.0.0.1:8090/