zoukankan      html  css  js  c++  java
  • tomcat配置https访问

    一.  创建tomcat证书

    使用JDK自带的keytool工具来生成证书:

    1. 打开cmd,启动keytool

    2. 在命令行中输入以下命令:

    keytool -genkeypair -alias "tomcat" -keyalg "RSA" -keystore "c:	omcat.keystore"  

    完成后在磁盘生成tomcat.keystore文件

    二. 配置tomcat服务器

     定位到tomcat服务器的安装目录, 找到conf下的server.xml文件

    找到如下已经被注释的代码:

    1 <!--
    2     <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
    3                maxThreads="150" scheme="https" secure="true"
    4                clientAuth="false" sslProtocol="TLS" />
    5     -->

    去掉注释,修改为:

    1 <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"  
    2               maxThreads="150" scheme="https" secure="true"  
    3               clientAuth="false" sslProtocol="TLS"   
    4        keystoreFile="c:	omcat.keystore"  
    5        keystorePass="123456" />  

     强制https访问配置如下:
    在 tomcat /conf/web.xml 中的 </welcome-file-list> 后面加上以下内容

        <login-config>  
                <!-- Authorization setting for SSL -->  
                <auth-method>CLIENT-CERT</auth-method>  
                <realm-name>Client Cert Users-only Area</realm-name>  
        </login-config>  
        <security-constraint>  
                <!-- Authorization setting for SSL -->  
                <web-resource-collection >  
                    <web-resource-name >SSL</web-resource-name>  
                    <url-pattern>/*</url-pattern>  
                </web-resource-collection>  
                <user-data-constraint>  
                    <transport-guarantee>CONFIDENTIAL</transport-guarantee>  
                </user-data-constraint>  
        </security-constraint>  

    三. 启动tomcat服务器

    在IE浏览器中输入: https://localhost

    选择高级继续浏览此网站

    Expand

    keytool

    Manages a keystore (database) of cryptographic keys, X.509 certificate chains, and trusted certificates.

    Description

    The keytool command is a key and certificate management utility. It enables users to administer their own public/private key pairs and associated certificates for use in self-authentication (where the user authenticates himself or herself to other users and services) or data integrity and authentication services, using digital signatures. The keytool command also enables users to cache the public keys (in the form of certificates) of their communicating peers.

    A certificate is a digitally signed statement from one entity (person, company, and so on.), that says that the public key (and some other information) of some other entity has a particular value. (See Certificate.) When data is digitally signed, the signature can be verified to check the data integrity and authenticity. Integrity means that the data has not been modified or tampered with, and authenticity means the data comes from whoever claims to have created and signed it.

    The keytool command also enables users to administer secret keys and passphrases used in symmetric encryption and decryption (DES).

    The keytool command stores the keys and certificates in a keystore. See KeyStore aliases.

    --https://docs.oracle.com/javase/8/docs/technotes/tools/windows/keytool.html

  • 相关阅读:
    枚举、函数关于oracle函数listagg的使用说明by小雨
    执行、Mongodb MapReduce示例1个by小雨
    事务、异常TSQL 编码时应该注意的10个问题by小雨
    源、执行GoldenGate 单向DDL同步by小雨
    Oracle中的所有权限by小雨
    数据库、版本数据库学习从此开始by小雨
    统计、案例深入理解Oracle索引(10):索引列字符类型统计信息的32位限制by小雨
    字段、数据库表三大范式及存储方式by小雨
    数据库、用户第二章Getting Start with the Oracle Server(oracle入门)by小雨
    搜索、关键字截图留念,“万能数据库查询分析器”作为关键字在百度和谷歌上的海量搜索结果by小雨
  • 原文地址:https://www.cnblogs.com/coniglio/p/9821087.html
Copyright © 2011-2022 走看看