将Tomcat下的http项目迁移到https

操作概述: 

一共2步,需要配置tomcat和application.

1.配置tomcat,使其支持ssl

1.1 导出keystore文件:

keytool -v -genkey -alias tomcat -keyalg RSA -keystore /software/tomcat/tomcat.keystore

跟着提示操作就好, 密码可以用相同的

1.2 配置$TOMCAT_HOME/server.xml

启用SSL,并且设置keystorePass和keystoreFile的值

<!-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation --><Connector SSLEnabled="true" clientAuth="false" maxThreads="150"port="8443" protocol="HTTP/1.1" scheme="https" secure="true"sslProtocol="TLS" keystorePass="tigEr@53" keystoreFile="/software/tomcat/tomcat.keystore" />

2.修改web.xml文件使其重定向

在<welcome-file-list/>后边加上一段, done.

<login-config><!-- Authorization setting for SSL --><auth-method>CLIENT-CERT</auth-method><realm-name>Client Cert Users-only Area</realm-name></login-config><security-constraint><!-- Authorization setting for SSL --><web-resource-collection><web-resource-name>SSL</web-resource-name><url-pattern>/*</url-pattern></web-resource-collection><user-data-constraint><transport-guarantee>CONFIDENTIAL</transport-guarantee></user-data-constraint></security-constraint>