Tomcat配置ssl证书

1.生成ssl证书

keytool -genkeypair -alias “tomcat” -keyalg “RSA” -keystore “D:\ssl\tomcat.keystore” -validity 36500

2.将生成证书复制到tomcat ssl文件夹下，修改tomcat配置，找到tomcat/conf/server.xml文件

<Connector port="8081" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" >
        <SSLHostConfig>
            <Certificate certificateKeystoreFile="ssl/tomcat.keystore" certificateKeystorePassword="jrealsoft" type="RSA" />
        </SSLHostConfig>
    </Connector>
    <!-- certificateKeystoreFile：为证书存储路径
    keystorePass：生成证书时的密码 -->

<Connector port="8010" protocol="AJP/1.3" redirectPort="8081" />

3.重启tomcat

4.访问应用

使用http（http://localhost:8081/test/index.html）访问时会提示“Bad Request This combination of host and port requires TLS”
需要在conf/web.xml 标签内最后一行中加入以下配置，访问时自动转向https

<!--配置网站支持https，/* 表示全部请求都走https， transport-guarantee 标签设置为 CONFIDENTIAL以便使应用支持 SSL。 如果需要关闭 SSL ，将 CONFIDENTIAL 改为 NONE 即可 -->
<login-config> 
        <!-- Authorization setting for SSL --> 
        <auth-method>CLIENT-CERT</auth-method> 
        <realm-name>Client Cert Users-only Area</realm-name> 
    </login-config> 
    <security-constraint> 
        <!-- Authorization setting for SSL --> 
        <web-resource-collection > 
            <web-resource-name >SSL</web-resource-name> 
            <url-pattern>/*</url-pattern> 
        </web-resource-collection> 
        <user-data-constraint> 
            <transport-guarantee>CONFIDENTIAL</transport-guarantee> 
        </user-data-constraint> 
    </security-constraint>

5、访问时会提示“你的连接不是专用连接”由于证书不受信任导致