ssl证书配置实现https访问
- tomcat配置ssl证书(https)
- nginx配置ssl证书(https)
前言
我这里是在腾讯云申请的ssl证书(免费一年)
证书类型:TrustAsia TLS RSA CA(1年)
https://console.cloud.tencent.com/ssl
下载的ssl证书,有主流的Nginx、Tomcat
一、tomcat配置ssl证书(https)
1、jks格式配置
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="jks文件路径/*.jks"
keystorePass="密码"/>
2、pfx格式配置(阿里云服务)
<!-- https配置 -->
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
SSLEnabled="true"
scheme="https"
secure="true"
keystoreFile="完整证书路径.pfx"
keystoreType="PKCS12"
keystorePass="证书密码"
clientAuth="false"
SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"
ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"/>
二、nginx配置ssl证书(https)
注意: 如果文件路径报错,请将文件放在nginx的conf目录下
server {
charset utf-8;
listen 443 ssl;
server_name web.mstar.cn;
ssl_certificate ssl/1_www.*.cn_bundle.crt;
ssl_certificate_key ssl/2_www.*.cn.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
}