主要有一下几个步骤:
(1)生成服务器端证书文件
[root@compute-02-03-77 bin]#cd {JAVA_HOME}/bin/
[root@compute-02-03-77 bin]# keytool -genkey -alias tomcat -keyalg RSA -keystore {tomcat主目录}/conf/tomcat.keystore -validity 36500
根据提示,生成一个隐藏文件
(2)配置tomcat
[root@compute-02-03-77 bin]#cd {tomcat主目录}/conf/
[root@compute-02-03-77 conf]#vi server.xml
将以下内容:
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
修改为:
<Connector port="8444" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslEnabledProtocols="TLS"
keystoreFile="conf/tomcat.keystore" keystorePass="ebsadmin">
(3)配置项目web.xml文件
[root@compute-02-03-77 conf]#cd {tomcat主目录}/webapps/EBS_Management_System/WEB-INF/
[root@compute-02-03-77 conf]#vi web.xml
在标签内末尾处添加以下内容:
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>{项目名称}</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
</web-app>
测试
启动 Tomcat 并访问 https://localhost:8444. 你将看到 Tomcat 默认的首页。