tomcat配置SSL证书
1.获取SSL证书,格式可以有多种(比如pem,jks,pfx等),附带有密码
2.讲证书放到服务器目录,以tomcat/conf下为例
3.修改conf下server.xml文件如下部分:
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
SSLEnabled="true" scheme="https" secure="true"
keystoreFile="conf/2482931__emeet.ai.pfx" keystorePass="XXXXX" clientAuth="false" SSLProtocol="TLSv1+TLSv1.1+TLSv1.2" ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH E_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_ WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"/>
配置多个证书参考如下:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" defaultSSLHostConfigName="www.emeet.com">
<SSLHostConfig hostName="www.emeet.com">
<Certificate certificateKeystoreFile="conf/181214.com.jks" certificateKeystorePassword="XXXX" type="RSA" />
</SSLHostConfig>
<SSLHostConfig hostName="user.em.ai">
<Certificate certificateKeystoreFile="conf/2482931_xxx.pfx" certificateKeystorePassword="XXXX" certificateKeystoreType="PKCS12" />
</SSLHostConfig>
</Connector>
目前多个证书测试在tomcat7上异常,tomcat9有效
4.重启tomcat服务即可