tomcat设置https,且http自动跳转为https访问
2016-11-21 17:11
549 查看
1. 基于jdk的keytool工具生成key
#/usr/local/tomcat/tomcat.keystore 证书存放位置; -validity 36500证书有效期,36500表示100年,默认值是90天
keytool -genkey -alias tomcat -keyalg RSA -keystore /usr/local/tomcat/tomcat.keystore -validity 36500
Enter keystore password: #此处需要输入大于6个字符的字符串
Re-enter new password:
What is your first and last name? #“您的名字与姓氏是什么?”这是必填项,并且必须是TOMCAT部署主机的域名或者IP[如:pvbutler.blog.51cto.com 或者 10.15.24.254],就是你将来要在浏览器中输入的访问地址
[Unknown]: 10.15.24.254
What is the name of your organizational unit? #“你的组织单位名称是什么?”可以按照需要填写也可以不填写直接回车,实验中直接回车
[Unknown]:
What is the name of your organization? #“您的组织名称是什么?”,同上直接回车
[Unknown]:
What is the name of your City or Locality? #“您所在城市或区域名称是什么?,同上直接回车
[Unknown]:
What is the name of your State or Province? #“您所在的州或者省份名称是什么?”
[Unknown]:
What is the two-letter country code for this unit? #“该单位的两字母国家代码是什么?”
[Unknown]:
Is CN=10.15.24.254, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct? #系统询问“正确吗?”时,对照输入信息,如果符合要求则使用键盘输入字母“y”,否则输入“n”重新填写上面的信息
[no]: y
Enter key password for <tomcat>
(RETURN if same as keystore password): #输入<tomcat>的主密码,这项较为重要,会在tomcat配置文件中使用,建议输入与keystore的密码一致,设置其它密码也可以
Re-enter new password:
[root@localhost bin]# #此时会在/usr/local/tomcat中生成文件tomcat.keystore
2. 修改配置tomcat服务器 server.xml
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
uRIEncoding="UTF-8"
/>
将8443 改成443 ,因为https默认的端口是443,http默认的80
3. 释放以下,将8443改成443,保持对称
keystoreFile 和 keystorePass 添加上
<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="D:/software/apache-tomcat-7.0.54/tomcat.keystore" keystorePass="Ab123456"
/>
4. 重启tomcat
http://ip 或者 https://ip 就都可以访问
5. 只运行 https,不允许http
web.xml 的 welcome-file-list 下面 中添加
<welcome-file-list>
<welcome-file>/</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>sslwebsokect</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
6.再次重启tomcat,访问http后会自动跳转到https
#/usr/local/tomcat/tomcat.keystore 证书存放位置; -validity 36500证书有效期,36500表示100年,默认值是90天
keytool -genkey -alias tomcat -keyalg RSA -keystore /usr/local/tomcat/tomcat.keystore -validity 36500
Enter keystore password: #此处需要输入大于6个字符的字符串
Re-enter new password:
What is your first and last name? #“您的名字与姓氏是什么?”这是必填项,并且必须是TOMCAT部署主机的域名或者IP[如:pvbutler.blog.51cto.com 或者 10.15.24.254],就是你将来要在浏览器中输入的访问地址
[Unknown]: 10.15.24.254
What is the name of your organizational unit? #“你的组织单位名称是什么?”可以按照需要填写也可以不填写直接回车,实验中直接回车
[Unknown]:
What is the name of your organization? #“您的组织名称是什么?”,同上直接回车
[Unknown]:
What is the name of your City or Locality? #“您所在城市或区域名称是什么?,同上直接回车
[Unknown]:
What is the name of your State or Province? #“您所在的州或者省份名称是什么?”
[Unknown]:
What is the two-letter country code for this unit? #“该单位的两字母国家代码是什么?”
[Unknown]:
Is CN=10.15.24.254, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct? #系统询问“正确吗?”时,对照输入信息,如果符合要求则使用键盘输入字母“y”,否则输入“n”重新填写上面的信息
[no]: y
Enter key password for <tomcat>
(RETURN if same as keystore password): #输入<tomcat>的主密码,这项较为重要,会在tomcat配置文件中使用,建议输入与keystore的密码一致,设置其它密码也可以
Re-enter new password:
[root@localhost bin]# #此时会在/usr/local/tomcat中生成文件tomcat.keystore
2. 修改配置tomcat服务器 server.xml
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
uRIEncoding="UTF-8"
/>
将8443 改成443 ,因为https默认的端口是443,http默认的80
3. 释放以下,将8443改成443,保持对称
keystoreFile 和 keystorePass 添加上
<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="D:/software/apache-tomcat-7.0.54/tomcat.keystore" keystorePass="Ab123456"
/>
4. 重启tomcat
http://ip 或者 https://ip 就都可以访问
5. 只运行 https,不允许http
web.xml 的 welcome-file-list 下面 中添加
<welcome-file-list>
<welcome-file>/</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>sslwebsokect</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
6.再次重启tomcat,访问http后会自动跳转到https
相关文章推荐
- tomcat设置http自动跳转为https访问
- tomcat设置http自动跳转为https访问
- tomcat设置https访问(http自动跳转到https)
- tomcat设置http自动跳转为https访问
- tomcat设置http自动跳转为https访问
- tomcat设置http自动跳转为https访问(转)
- tomcat设置https访问(http自动跳转到https)
- tomcat设置http自动跳转为https访问 推荐
- tomcat设置http自动跳转为https访问
- Tomcat配置https及访问http自动跳转至https
- Tomcat设置HTTP访问自动转换为HTTPS
- Tomcat配置https及访问http自动跳转至https
- Tomcat配置https、访问http自动跳转至https
- Tomcat配置https及访问http自动跳转至https
- tomcat设置http请求自动跳转为https
- Tomcat配置https及访问http自动跳转至https
- Tomcat配置https及访问http自动跳转至https
- Tomcat 强制使用https访问,http自动跳转
- 【Tomcat】配置https及访问http自动跳转至https
- Tomcat配置https及访问http自动跳转至https