tomcat安装证书需要修改tomcat/conf下的server.xml,需要修改Connector port=”8443”开头的标签,一般情况下是注释掉的。
1、pfx
增加keystoreFile 、 keystoreType 、 keystorePass
<Connector port="8443" protocol="HTTP/1.1"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
keystoreFile="/证书路径/名称.pfx"
keystoreType="PKCS12"
keystorePass="证书密码"
clientAuth="false" sslProtocol="TLS" />
2、jks
增加keystoreFile、 keystorePass
<Connector port="8443" protocol="HTTP/1.1"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
keystoreFile="/证书路径/名称.jks"
keystorePass="证书密码"
clientAuth="false" sslProtocol="TLS" />
保存重启tomcat,访问https://127.0.0.1:8443/项目地址。能正常访问则表示证书安装成功。
如果修改端口为443,则需修改下列
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="443" />
3.
<!--默认将http转发成https-->
#在</welcome-file-list>后添加以下内容:
<login-config>
<!-- Authorization setting for SSL -->
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
<!-- Authorization setting for SSL -->
<web-resource-collection >
<web-resource-name >SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>