Nginx+Openssl实现HTTPs（重点）

[root@localhost ~]# rz -E                              //导入jdk源码包

z waiting to receive.**B0100000023be50

[root@localhost ~]#  tar xf jdk-8u191-linux-x64.tar.gz

[root@localhost ~]# ls

anaconda-ks.cfg       jdk1.8.0_191                nginx-1.15.9.tar.gz  公共  视频  文档  音乐

initial-setup-ks.cfg  jdk-8u191-linux-x64.tar.gz  original-ks.cfg      模板  图片  下载  桌面

[root@localhost ~]# mv jdk1.8.0_191/ /usr/local/java

[root@localhost ~]# rz -E                           //导入apache-tomcat源码包

z waiting to receive.**B0100000023be50

[root@localhost ~]#  tar xf apache-tomcat-8.5.40.tar.gz

[root@localhost ~]# mv apache-tomcat-8.5.40 /usr/local/tomcat8

[root@localhost ~]# vim /etc/profile

[root@localhost ~]# source /etc/profile

[root@localhost ~]#  java -version

openjdk version "1.8.0_181"

OpenJDK Runtime Environment (build 1.8.0_181-b13)

OpenJDK 64-Bit Server VM (build 25.181-b13, mixed mode)

[root@localhost ~]# rm -rf /usr/bin/java                                     //删除旧版本的java

[root@localhost ~]#  source /etc/profile                                   //启动服务

[root@localhost ~]#  java -version

java version "1.8.0_191"

Java(TM) SE Runtime Environment (build 1.8.0_191-b12)

Java HotSpot(TM) 64-Bit Server VM (build 25.191-b12, mixed mode)

[root@localhost ~]#  /usr/local/tomcat8/bin/startup.sh    

Using CATALINA_BASE:   /usr/local/tomcat8

Using CATALINA_HOME:   /usr/local/tomcat8

Using CATALINA_TMPDIR: /usr/local/tomcat8/temp

Using JRE_HOME:        /usr/local/java

Using CLASSPATH:       /usr/local/tomcat8/bin/bootstrap.jar:/usr/local/tomcat8/bin/tomcat-juli.jar

Tomcat started.

[root@localhost ~]# netstat   -anpt  |  grep  :8080                   

tcp6       0      0 :::8080                 :::*                    LISTEN      69289/java          

[root@localhost ~]#

[root@localhost ~]# keytool -genkeypair -alias tomcat -keyalg RSA -keystore /usr/local/tomcat8/keystore

输入密钥库口令:  

再次输入新口令:

您的名字与姓氏是什么?

  [Unknown]:  liuxiang

您的组织单位名称是什么?

  [Unknown]:  liuxiang

您的组织名称是什么?

  [Unknown]:  liuxiang

您所在的城市或区域名称是什么?

  [Unknown]:  beijing

您所在的省/市/自治区名称是什么?

  [Unknown]:  haidian

该单位的双字母国家/地区代码是什么?

  [Unknown]:  CN

CN=liuxiang, OU=liuxiang, O=liuxiang, L=beijing, ST=haidian, C=CN是否正确?

  [否]:  y

输入 <tomcat> 的密钥口令

(如果和密钥库口令相同, 按回车):  

再次输入新口令:

Warning:

JKS 密钥库使用专用格式。建议使用 "keytool -importkeystore -srckeystore /usr/local/tomcat8/keystore -destkeystore /usr/local/tomcat8/keystore -deststoretype pkcs12" 迁移到行业标准格式 PKCS12。

[root@localhost ~]# vim /usr/local/tomcat8/conf/server.xml

修改如下

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"

               maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/usr/local/tomcat8/keystore" keystorePass="123123">

        <!--<SSLHostConfig>                                                                                 //注销这一段

            <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"

                         type="RSA" />

        </SSLHostConfig>-->

测试：