一.生成证书配置
//在linux中输入生成证书(/opt/tomcat8/conf/tomcat.keystore是你生成证书的地方)
keytool -genkey -alias tomcat -keyalg RSA -keystore /opt/tomcat8/conf/tomcat.keystore
输入密码 123456
姓氏 LT
地区 china
地区代码 cn
是否正确 y
二.tomcat配置
1.tomcat的conf中的server.xml的配置
可以看到我配置了俩个service标签 他们的engine都是一样的 (解释就是俩个service的配置方式,分别给一个项目对外提供俩种访问方式一个是http另一个是https)
1.1:第一个servcie标签名字叫Catalina1,我配置了8090端口,请求方式为http
1.2:第二个service标签名字叫Catalina2,我配置了80端口,请求方式为https
<?xml version="1.0" encoding="UTF-8"?>
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina1">
<!-- 此处配置了原始的http方式访问(注意服务器白名单开放8090端口) -->
<Connector port="8090" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<!--下面就是你自己的项目-->
<Engine name="Catalina1" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
<Service name="Catalina2">
<!-- 此处使用了ssl配置,需用https才可访问(注意服务器白名单开放80端口) -->
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
<Connector port="8099" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Connector port="443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150"
SSLEnabled="true">
<SSLHostConfig>
<!-- 证书生成存放的地方 加密方式 生成证书所输入的密码 -->
<Certificate certificateKeystoreFile="/usr/local/apache-tomcat-8.5.50/conf/tomcat.keystore"
type="RSA" certificateKeystorePassword="123456" />
</SSLHostConfig>
</Connector>
<Connector port="8009" protocol="AJP/1.3" redirectPort="443" />
<!--下面就是你自己的项目-->
<Engine name="Catalina2" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
2.tomcat的conf中的web.xml的配置
请注意串代码是将所有的请求使用ssl的方式过滤未https的请求方式
2.1:如果你想要支持俩种请求方式http和https就搜一下,有的话就注释掉他
2.2如果你想要所有的请求都变成https就保留他 上面配置的server.xml保留第二个service标签就可以了
<security-constraint>
<web-resource-collection >
<web-resource-name >SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
三.来看下效果
8090端口是我第一个server标签配置的http的请求方式
80端口(80端口是默认端口所以这里不需要输入)是我第二个server标签配置的https的请求方式
四.另一种的证书
如果你的证书的生成方式是PKCS12
那么你的server对应的https的配置方式就是这样的(就是改一个ssl配置的类型) 其他都是类似
<Service name="Catalina2">
<!-- 此处使用了ssl配置,需用https才可访问(注意服务器白名单开放80端口) -->
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
<Connector port="8099" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Connector port="443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150"
SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="/usr/local/apache-tomcat-8.5.50/conf/7380169_npdv2.matrix-united.com.pfx"
certificateKeystorePassword="123456"
certificateKeystoreType="PKCS12" />
</SSLHostConfig>
</Connector>
<Connector port="8009" protocol="AJP/1.3" redirectPort="443" />
<!--下面就是你自己的项目-->
<Engine name="Catalina2" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>