首页>最新数字证书问答>Tomcat 9安装ssl证书配置参考教程

Tomcat 9安装ssl证书配置参考教程

一、进入:Tomcat项目conf文件夹,比如目录:/tomcat/conf

二、下载:server.xml、web.xml文件

三、下载SSL证书,选择Tomcat文件夹内的JKS证书上传到/tomcat/conf目录下

四、修改server.xml文件,证书密码在service.txt文件,参考如下:

<!-- A "Connector" represents an endpoint by which requests are received

and responses are returned. Documentation at :

Java HTTP Connector: /docs/config/http.html

Java AJP Connector: /docs/config/ajp.html

APR (HTTP/AJP) Connector: /docs/apr.html

Define a non-SSL/TLS HTTP/1.1 Connector on port 8080

-->

<Connector port="80" protocol="HTTP/1.1"

connectionTimeout="20000"

redirectPort="443" />

<!-- A "Connector" using the shared thread pool-->

<!--

<Connector executor="tomcatThreadPool"

port="8080" protocol="HTTP/1.1"

connectionTimeout="20000"

redirectPort="8443" />

-->

<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443

This connector uses the NIO implementation. The default

SSLImplementation will depend on the presence of the APR/native

library and the useOpenSSL attribute of the

AprLifecycleListener.

Either JSSE or OpenSSL style configuration may be used regardless of

the SSLImplementation selected. JSSE style configuration is used below.

-->

<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"

maxThreads="150" SSLEnabled="true">

<SSLHostConfig>

<Certificate certificateKeystoreFile="conf/www.wosign.com.jks"

certificateKeystorePassword="HkWUjpvDUVJPS"

type="RSA"/>

</SSLHostConfig>

</Connector>

<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2

This connector uses the APR/native implementation which always uses

OpenSSL for TLS.

Either JSSE or OpenSSL style configuration may be used. OpenSSL style

configuration is used below.

-->

五、最后修改文件:web.xml

<welcome-file-list>

<welcome-file>index.html</welcome-file>

<welcome-file>index.htm</welcome-file>

<welcome-file>index.jsp</welcome-file>

</welcome-file-list>

<!--实现http自动跳转到https:在</welcome-file-list>标签后添加代码:-->

<login-config>

<!-- Authorization setting for SSL -->

<auth-method>CLIENT-CERT</auth-method>

<realm-name>Client Cert Users-only Area</realm-name>

</login-config>

<security-constraint>

<!-- Authorization setting for SSL -->

<web-resource-collection >

<web-resource-name >SSL</web-resource-name>

<url-pattern>/*</url-pattern>

</web-resource-collection>

<user-data-constraint>

<transport-guarantee>CONFIDENTIAL</transport-guarantee>

</user-data-constraint>

</security-constraint>

</web-app>

重启环境

1、首先,进入Tomcat下的bin目录

cd /usr/local/tomcat9/bin

2、使用Tomcat关闭命令

./shutdown.sh

3、查看Tomcat是否以关闭

ps -ef|grep java

如果显示以下相似信息,说明Tomcat还没有关闭

root 7010 1 0 Apr19 ? 00:30:13 /usr/local/java/bin/java

-Djava.util.logging.config.file=/usr/local/tomcat/conf/logging.properties

-Djava.awt.headless=true-Dfile.encoding=UTF-8 -server -Xms1024m -Xmx1024m

-XX:NewSize=256m -XX:MaxNewSize=256m -XX:PermSize=256m -XX:MaxPermSize=256m

-XX:+DisableExplicitGC -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager

-Djava.endorsed.dirs=/usr/local/tomcat/endorsed -classpath /usr/local/tomcat/bin/bootstrap.jar

-Dcatalina.base=/usr/local/tomcat -Dcatalina.home=/usr/local/tomcat

-Djava.io.tmpdir=/usr/local/tomcat/temp org.apache.catalina.startup.Bootstrap start

4、如果你想直接杀死Tomcat进程(进程号: 7010),可以使用kill命令

kill -9 7010

5、然后继续查看Tomcat是否关闭

ps -ef|grep java

如果出现以下信息,则表示Tomcat已经关闭

root 7010 1 0 Apr19 ? 00:30:30 [java] <defunct>

6、最后,启动Tomcat

./startup.sh

最新资讯

为什么要停止使用RSA密钥交换?

什么是DNS-over-HTTPS.是如何工作的?

Apple macOS操作系统中存在三个致命漏洞

"此网站提供的安全证书不安全"的解决方法

Chrome浏览器中出现“安全连接”错误,该如何解决?

标签推荐:数字证书申请 | ssl证书验证失败 | https证书申请| 数字签名技术| 电子签名软件| ssl证书更新| 小程序证书| ca认证电子签名| 个人代码签名| 微软代码签名| 泛域名证书| java代码签名| 代码签名证书| https证书配置| PKI技术知识| SQL注入| openssl漏洞| 识别钓鱼网站