centos7.2下tomcat7实现https
来源:互联网 发布:个人简介html源码 编辑:程序博客网 时间:2024/06/02 00:34
实现Tomcat的https
1、申请证书,这里申请腾讯云的证书
https://www.qcloud.com/document/product/214/6989
在下载的证书里面,包含如下三个目录,在这里只需要用到nginx的目录
注:如果申请证书时有填写私钥密码,下载可获得Tomcat文件夹,其中有密钥库www.domain.com.jks;如果没有填写私钥密码,不提供Tomcat证书文件的下载,需要用户手动转换格式生成。可以通过 Nginx 文件夹内证书文件和私钥文件生成jks格式证书,转换工具:https://www.trustasia.com/tools/cert-converter.htm。使用工具时注意填写密钥库密码 ,安装证书时配置文件中需要填写
2、转换证书
1)登录地址:https://www.trustasia.com/tools/cert-converter.htm
2)填写相关信息
3)提交之后,便会保存为一个jks文件,如下所示
3、配置tomcat
1)编译安装tomcat,这里过程省略
2)启动tomcat
[root@tomcat ~]# startup.sh
Using CATALINA_BASE: /usr/local/tomcat7
Using CATALINA_HOME: /usr/local/tomcat7
Using CATALINA_TMPDIR: /usr/local/tomcat7/temp
Using JRE_HOME: /usr/local/java
Using CLASSPATH: /usr/local/tomcat7/bin/bootstrap.jar:/usr/local/tomcat7/bin/tomcat-juli.jar
Tomcat started.
[root@tomcat ~]# netstat -anpt | grep 8080
tcp 12 0 0.0.0.0:8080 0.0.0.0:* LISTEN 12908/java
tcp 63 0 10.204.208.148:8080 10.59.162.40:29867 ESTABLISHED -
tcp 63 0 10.204.208.148:8080 10.53.70.111:18198 ESTABLISHED -
tcp 63 0 10.204.208.148:8080 10.53.82.77:44834 ESTABLISHED -
tcp 63 0 10.204.208.148:8080 10.53.80.145:15040 ESTABLISHED -
tcp 63 0 10.204.208.148:8080 10.53.82.76:53481 ESTABLISHED -
tcp 63 0 10.204.208.148:8080 10.53.80.144:38620 ESTABLISHED -
tcp 63 0 10.204.208.148:8080 10.53.70.47:11920 ESTABLISHED -
tcp 63 0 10.204.208.148:8080 10.53.70.46:39743 ESTABLISHED -
tcp 63 0 10.204.208.148:8080 10.59.162.43:40177 ESTABLISHED -
3)修改server.xml文件,修改如下内容(标红色的部分)
[root@tomcat ~]# vim /usr/local/tomcat7/conf/server.xml
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" /> #这里的redirectPort与后台的相关端口要对应
#下面这段内容需要手动添加
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https"
secure="true" clientAuth="false" sslProtocol="TLS"
keystoreFile="/usr/local/tomcat7/conf/nginx.zhouzhuorong.com.jks" keystorePass="123456"/>
注:
keystoreFile:证书文件存放位置
keystorePass:生成jks证书文件时输入的密码
<Connector port="8009" enableLookups="false" protocol="AJP/1.3" redirectPort="443" />
4)修改web.xml文件,在文件末尾添加如下内容,强制tomcat使用https方式访问
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
<web-resource-collection >
<web-resource-name >SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
5)上传相关jks文件
[root@tomcat ~]# cd /usr/local/tomcat7/conf/
[root@tomcat conf]# ls nginx.xxx.com.jks
nginx.xxx.com.jks
6)重启tomcat服务
[root@tomcat ~]# shutdown.sh
Using CATALINA_BASE: /usr/local/tomcat7
Using CATALINA_HOME: /usr/local/tomcat7
Using CATALINA_TMPDIR: /usr/local/tomcat7/temp
Using JRE_HOME: /usr/local/java
Using CLASSPATH: /usr/local/tomcat7/bin/bootstrap.jar:/usr/local/tomcat7/bin/tomcat-juli.jar
[root@tomcat ~]# startup.sh
Using CATALINA_BASE: /usr/local/tomcat7
Using CATALINA_HOME: /usr/local/tomcat7
Using CATALINA_TMPDIR: /usr/local/tomcat7/temp
Using JRE_HOME: /usr/local/java
Using CLASSPATH: /usr/local/tomcat7/bin/bootstrap.jar:/usr/local/tomcat7/bin/tomcat-juli.jar
Tomcat started.
[root@tomcat ~]# netstat -anpt | grep java
tcp 11 0 0.0.0.0:8080 0.0.0.0:* LISTEN 12383/java
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 12383/java
tcp 0 0 0.0.0.0:8009 0.0.0.0:* LISTEN 12383/java
4、切换到主域名xxx.com并添加一个A记录
5、通过浏览器访问测试
- centos7.2下tomcat7实现https
- centos7.2下apache实现https
- CentOS7下 安装tomcat7
- centos7下安装tomcat7
- CentOS7下安装Tomcat7
- centos7下安装tomcat7总结
- Centos7 下安装配置tomcat7
- Windows下配置tomcat7 https
- CentOS7.2装tomcat7
- centos7.2 安装tomcat7
- CentOS7 下安装JDK1.7 和 Tomcat7
- Centos7下nginx配置https
- centos7.2 安装jdk tomcat7.0.70
- centos7下tomcat7 或tomcat8启动超慢原因
- CentOS7安装tomcat7
- CentOS7安装Tomcat7
- CentOS7安装tomcat7
- Linux CentOS7安装Tomcat7
- 技术管理从入门到提高:RRR技术管理框架
- C语言课程设计:歌手大奖赛计分程序
- Cocoapods私有仓库创建
- materialdesign下拉刷新控件MaterialRefreshLayout的使用
- 二:redis的数据类型及常见操作
- centos7.2下tomcat7实现https
- 利用SpringMVC下载不同类型文件
- PHP+Redis的入门操作
- TCP/IP-UDP
- Servlet技术浅析(三)之-----ServletRequest接口和HttpServletRequest接口
- [LCT维护最小生成树 || CDQ分治 || 线段树 并查集 dfs树] Codeforces 603E #334 (Div. 1) E. Pastoral Oddities
- spring的数据库操作问题(具体实例是mybatis)
- Cmaera圆形小地图
- fitSystemWindow的作用