Tomcat 9安装ssl证书配置参考教程

发布日期：2022-09-21

一、进入：Tomcat项目conf文件夹，比如目录：/tomcat/conf

二、下载：server.xml、web.xml文件

三、下载SSL证书，选择Tomcat文件夹内的JKS证书上传到/tomcat/conf目录下

四、修改server.xml文件，证书密码在service.txt文件，参考如下：

<!-- A "Connector" represents an endpoint by which requests are received

and responses are returned. Documentation at :

Java HTTP Connector: /docs/config/http.html

Java AJP Connector: /docs/config/ajp.html

APR (HTTP/AJP) Connector: /docs/apr.html

Define a non-SSL/TLS HTTP/1.1 Connector on port 8080

-->

<Connector port="80" protocol="HTTP/1.1"

connectionTimeout="20000"

redirectPort="443" />

<!--

<Connector executor="tomcatThreadPool"

port="8080" protocol="HTTP/1.1"

connectionTimeout="20000"

redirectPort="8443" />

-->

<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443

This connector uses the NIO implementation. The default

SSLImplementation will depend on the presence of the APR/native

library and the useOpenSSL attribute of the

AprLifecycleListener.

Either JSSE or OpenSSL style configuration may be used regardless of

the SSLImplementation selected. JSSE style configuration is used below.

-->

<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"

maxThreads="150" SSLEnabled="true">

<Certificate certificateKeystoreFile="conf/www.wosign.com.jks"

certificateKeystorePassword="HkWUjpvDUVJPS"

type="RSA"/>

</SSLHostConfig>

</Connector>

<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2

This connector uses the APR/native implementation which always uses

OpenSSL for TLS.

Either JSSE or OpenSSL style configuration may be used. OpenSSL style

configuration is used below.

-->

五、最后修改文件：web.xml

<welcome-file-list>

<welcome-file>index.html</welcome-file>

<welcome-file>index.htm</welcome-file>

<welcome-file>index.jsp</welcome-file>

</welcome-file-list>

<login-config>

<auth-method>CLIENT-CERT</auth-method>

<realm-name>Client Cert Users-only Area</realm-name>

</login-config>

<security-constraint>

<web-resource-collection >

<web-resource-name >SSL</web-resource-name>

<url-pattern>/*</url-pattern>

</web-resource-collection>

<user-data-constraint>

<transport-guarantee>CONFIDENTIAL</transport-guarantee>

</user-data-constraint>

</security-constraint>

</web-app>

重启环境

1、首先，进入Tomcat下的bin目录

cd /usr/local/tomcat9/bin

2、使用Tomcat关闭命令

./shutdown.sh

3、查看Tomcat是否以关闭

ps -ef|grep java

如果显示以下相似信息，说明Tomcat还没有关闭

root 7010 1 0 Apr19 ? 00:30:13 /usr/local/java/bin/java

-Djava.util.logging.config.file=/usr/local/tomcat/conf/logging.properties

-Djava.awt.headless=true-Dfile.encoding=UTF-8 -server -Xms1024m -Xmx1024m

-XX:NewSize=256m -XX:MaxNewSize=256m -XX:PermSize=256m -XX:MaxPermSize=256m

-XX:+DisableExplicitGC -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager

-Djava.endorsed.dirs=/usr/local/tomcat/endorsed -classpath /usr/local/tomcat/bin/bootstrap.jar

-Dcatalina.base=/usr/local/tomcat -Dcatalina.home=/usr/local/tomcat

-Djava.io.tmpdir=/usr/local/tomcat/temp org.apache.catalina.startup.Bootstrap start

4、如果你想直接杀死Tomcat进程（进程号： 7010），可以使用kill命令

kill -9 7010

5、然后继续查看Tomcat是否关闭

ps -ef|grep java

如果出现以下信息，则表示Tomcat已经关闭

root 7010 1 0 Apr19 ? 00:30:30 [java] <defunct>

6、最后，启动Tomcat

./startup.sh

Tomcat 9安装ssl证书配置参考教程

一、进入：Tomcat项目conf文件夹，比如目录：/tomcat/conf

二、下载：server.xml、web.xml文件

三、下载SSL证书，选择Tomcat文件夹内的JKS证书上传到/tomcat/conf目录下

四、修改server.xml文件，证书密码在service.txt文件，参考如下：

五、最后修改文件：web.xml

重启环境

最新资讯

数字证书

技术支持

关于沃通

旗下网站