zoukankan      html  css  js  c++  java
  • Use HTTPS instead of HTTP

     
    The following solutions use self-signed certificates. You can see more details about self-signed steps at http://xiaohuafyle.iteye.com/blog/1538719.
     
    Certificate: self-signed (need Java keytool to generate certificates)
    System: Linux
     
    ==== 1 Generate a Self-signed CA ====
    Open a terminal and generate a self-signed CA by following:
    1. CATALINA_HOME/conf/sslCertificate> keytool -genkey -v -alias tomcat -keyalg RSA -validity 365 -keystore tomcat.keystore
    where 365 means the CA will be valid for 365 days, and the tomcat.keystore will be stored in the current directory. After pressing "Enter", you are required to input name, ..., password, ... Note that the name is domain name (e.g. www.siemens.com, more recommended) or IP address (e.g. 139.24.236.50). You have to rememebr the keystore password and tomcat password you set at this step, which will be needed later.
     
    2. CATALINA_HOME/conf/sslCertificate> keytool -export -alias tomcat -keystore tomcat.keystore -file tomcat.cer
    Enter the keystore password when required.
     
     
    ==== 2 Tomcat configuration ====
    1. Make sure that the keystore file (i.e. tomcat.keystore) is under tomcat/conf/sslCertificate/
     
    2. Open CATALINA_HOME/conf/server.xml and modify the corresponding connectors to:
        <Connector port="8888" protocol="HTTP/1.1"
            connectionTimeout="20000"
            redirectPort="8443"
        />
        <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true" 
            maxThreads="150" scheme="https" secure="true" 
            clientAuth="false" sslProtocol="TLS"
            keystoreFile="conf/sslCertificate/tomcat13.keystore" keystorePass="cas24MEGA"
        />
    Note: 
    (1) redirectPort is set because HTTP uses port 8888 and HTTPS uses port 8443. 
    (2) Remember to set keystoreFile and keystorePass
    (3) When you set path for keystoreFile, be carefull it is "conf/..." NOT "/conf/...". The difference is "/". This is important.
     
    3. Open CATALINA_HOME/conf/web.xml, and add the following lines after <welcome-file-list>...</welcome-file-list>
        <login-config> 
            <!-- Authorization setting for SSL: set authentication method --> 
            <auth-method>CLIENT-CERT</auth-method> 
            <realm-name>Client Cert Users-only Area</realm-name> 
        </login-config> 
        <security-constraint> 
            <!-- Authorization setting for SSL: force HTTPS transmission --> 
            <web-resource-collection > 
                <web-resource-name >SSL</web-resource-name> 
                <url-pattern>/*</url-pattern> 
            </web-resource-collection> 
            <user-data-constraint> 
                <transport-guarantee>CONFIDENTIAL</transport-guarantee> 
            </user-data-constraint> 
        </security-constraint>
    You can see more details at tomcat设置http自动跳转为https访问. Also, I recommend you to search more information about "CLIENT-CERT" to see the differences among different authentication methods.
     
    4. Finally, restart tomcat service and test the page.
        e.g. http://xxx.xxx.xxx.xxx:portNumber/webApp
  • 相关阅读:
    [YNOI2017][bzoj4811][luogu3613] 由乃的OJ/睡觉困难综合症 [压位+树链剖分+线段树]
    [bzoj3270] 博物馆 [期望+高斯消元]
    [bzoj4372] 烁烁的游戏 [动态点分治+线段树+容斥原理]
    [Codeforces438E][bzoj3625] 小朋友和二叉树 [多项式求逆+多项式开根]
    [bzoj3813] 奇数国 [线段树+欧拉函数]
    [BZOJ4205][FJ2015集训] 卡牌配对 [建图+最大流]
    Git常见问题解决办法
    电脑常用快捷键
    egret.Shape渲染集合图形
    TypeScript语法学习--变量的声明
  • 原文地址:https://www.cnblogs.com/skyssky/p/4210309.html
Copyright © 2011-2022 走看看