Tomcat9安装ssl证书配置参考教程
一、进入:Tomcat项目conf文件夹,比如目录:/tomcat/conf
二、下载:server.xml、web.xml文件
三、下载SSL证书,选择Tomcat文件夹内的JKS证书上传到/tomcat/conf目录下
四、修改server.xml文件,证书密码在service.txt文件,参考如下:
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
-->
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
This connector uses the NIO implementation. The default
SSLImplementation will depend on the presence of the APR/native
library and the useOpenSSL attribute of the
AprLifecycleListener.
Either JSSE or OpenSSL style configuration may be used regardless of
the SSLImplementation selected. JSSE style configuration is used below.
-->
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/www.gworg.com.jks"
certificateKeystorePassword="HkWUjpvDUVJPS"
type="RSA"/>
</SSLHostConfig>
</Connector>
<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
This connector uses the APR/native implementation which always uses
OpenSSL for TLS.
Either JSSE or OpenSSL style configuration may be used. OpenSSL style
configuration is used below.
-->
五、最后修改文件:web.xml
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<!--实现http自动跳转到https:在</welcome-file-list>标签后添加代码:-->
<login-config>
<!-- Authorization setting for SSL -->
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
<!-- Authorization setting for SSL -->
<web-resource-collection >
<web-resource-name >SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
</web-app>
重启环境
1、首先,进入Tomcat下的bin目录
1 | cd /usr/local/tomcat9/bin |
2、使用Tomcat关闭命令
1 | ./shutdown.sh |
3、查看Tomcat是否以关闭
1 | ps -ef|grep java |
如果显示以下相似信息,说明Tomcat还没有关闭
1 2 3 4 5 6 7 8 | root 7010 1 0 Apr19 ? 00:30:13 /usr/local/java/bin/java-Djava.util.logging.config.file=/usr/local/tomcat/conf/logging.properties-Djava.awt.headless=true -Dfile.encoding=UTF-8 -server -Xms1024m -Xmx1024m-XX:NewSize=256m -XX:MaxNewSize=256m -XX:PermSize=256m -XX:MaxPermSize=256m-XX:+DisableExplicitGC -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager-Djava.endorsed.dirs=/usr/local/tomcat/endorsed -classpath /usr/local/tomcat/bin/bootstrap.jar-Dcatalina.base=/usr/local/tomcat -Dcatalina.home=/usr/local/tomcat-Djava.io.tmpdir=/usr/local/tomcat/temp org.apache.catalina.startup.Bootstrap start |
4、如果你想直接直接杀死Tomcat进程(进程号: 7010),可以使用kill命令
1 | kill -9 7010 |
5、然后继续查看Tomcat是否关闭
1 | ps -ef|grep java |
如果出现以下信息,则表示Tomcat已经关闭
1 | root 7010 1 0 Apr19 ? 00:30:30 [java] <defunct> |
6、最后,启动Tomcat
1 | ./startup.sh |
- 上一篇: 开启HSTS方法
- 下一篇: IIS服务器导入中间证书或根证书
- 数字证书 (DocSign证书)
- 代码签名证书
- S/MIME邮件证书
- PDF/Office文档签名证书
- 解决方案 (Solution)
- SSLCloud证书云监控
- MPKI SSL证书管理
- HTTPS全站加密
- 加密无处不在方案
- SSL证书安全评估
- HSTS防劫持
Copyright © 1998 - 2023 Gworg, Inc. All Rights Reserved. 江苏光网数字认证有限公司版权所有
苏ICP备15058404号 苏公网安备32058202010008号
