Tomcat 9安装ssl证书配置参考教程
发布日期:2022-09-21一、进入:Tomcat项目conf文件夹,比如目录:/tomcat/conf
二、下载:server.xml、web.xml文件
三、下载SSL证书,选择Tomcat文件夹内的JKS证书上传到/tomcat/conf目录下
四、修改server.xml文件,证书密码在service.txt文件,参考如下:
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
-->
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
This connector uses the NIO implementation. The default
SSLImplementation will depend on the presence of the APR/native
library and the useOpenSSL attribute of the
AprLifecycleListener.
Either JSSE or OpenSSL style configuration may be used regardless of
the SSLImplementation selected. JSSE style configuration is used below.
-->
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/www.wosign.com.jks"
certificateKeystorePassword="HkWUjpvDUVJPS"
type="RSA"/>
</SSLHostConfig>
</Connector>
<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
This connector uses the APR/native implementation which always uses
OpenSSL for TLS.
Either JSSE or OpenSSL style configuration may be used. OpenSSL style
configuration is used below.
-->
五、最后修改文件:web.xml
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<!--实现http自动跳转到https:在</welcome-file-list>标签后添加代码:-->
<login-config>
<!-- Authorization setting for SSL -->
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
<!-- Authorization setting for SSL -->
<web-resource-collection >
<web-resource-name >SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
</web-app>
重启环境
1、首先,进入Tomcat下的bin目录
cd /usr/local/tomcat9/bin
2、使用Tomcat关闭命令
./shutdown.sh
3、查看Tomcat是否以关闭
ps -ef|grep java
如果显示以下相似信息,说明Tomcat还没有关闭
root 7010 1 0 Apr19 ? 00:30:13 /usr/local/java/bin/java
-Djava.util.logging.config.file=/usr/local/tomcat/conf/logging.properties
-Djava.awt.headless=true-Dfile.encoding=UTF-8 -server -Xms1024m -Xmx1024m
-XX:NewSize=256m -XX:MaxNewSize=256m -XX:PermSize=256m -XX:MaxPermSize=256m
-XX:+DisableExplicitGC -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
-Djava.endorsed.dirs=/usr/local/tomcat/endorsed -classpath /usr/local/tomcat/bin/bootstrap.jar
-Dcatalina.base=/usr/local/tomcat -Dcatalina.home=/usr/local/tomcat
-Djava.io.tmpdir=/usr/local/tomcat/temp org.apache.catalina.startup.Bootstrap start
4、如果你想直接杀死Tomcat进程(进程号: 7010),可以使用kill命令
kill -9 7010
5、然后继续查看Tomcat是否关闭
ps -ef|grep java
如果出现以下信息,则表示Tomcat已经关闭
root 7010 1 0 Apr19 ? 00:30:30 [java] <defunct>
6、最后,启动Tomcat
./startup.sh