一、生成证书步骤
二、配置TOMCAT服务器
(1)修改 $CATALINA_HOME/conf/server.xml 文件,修改如下:
<Connector port="80" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="443" executor="tomcatThreadPool" enableLookups="false" useBodyEncodingForURI="true" URIEncoding="utf-8" compression="on" compressionMinSize="2048" noCompressionUserAgents="gozilla,traviata" compressableMimeType="text/html,text/xml,text/javascript,text/css,text/plain" />
(2)去掉注释且修改参数
<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="want" sslProtocol="TLS" keystoreFile="D:/tomcat.keystore" keystorePass="123456" truststoreFile="D:/tomcat.keystore" truststorePass="123456" />
注释:keystoreFile、keystorePass、truststoreFile、truststorePass分别是证书文件的位置和密码,在证书文件生成过程中做了设置
(3)修改参数
<Connector port="8009" protocol="AJP/1.3" redirectPort="443" />
(4)强制HTTPS访问:打开$CATALINA_HOME/conf/web.xml,或者在项目文件的web.xml最后增加下面内容:
<login-config> <!-- Authorization setting for SSL --> <auth-method>CLIENT-CERT</auth-method> <realm-name>Client Cert Users-only Area</realm-name> </login-config> <security-constraint> <!-- Authorization setting for SSL --> <web-resource-collection> <web-resource-name >SSL</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
上述配置完成后,重启TOMCAT后即可以使用SSL。IE地址栏中可以直接输入地址不必输入“http://” 或者 “https://” ;也可以输入 “http:// ” 会跳转成为 “https://” 来登录。
Tomcat配置https及访问http自动跳转至https
原文:http://my.oschina.net/zhxm/blog/343962