Shulou(Shulou.com)06/02 Report--

I. create production keys and certificates

Currently, Tomcat can only operate keystores in JKS, PKCS11, and PKCS12 formats. JKS is the Java standard "Java KeyStore" format and is created through the keytool command line tool. The tool is included in JDK. PKCS12 format is an Internet standard that can be implemented through OpenSSL and Microsoft's Key-Manager.

Command creation

"% JAVA_HOME%\ bin\ keytool"-genkey-alias tomcat-keyalg RSA

JAVA_HOME is a configured Java environment variable

This command will create a new file under the user's home directory: .KeyStore. If you want to specify a different location or file name, you can add the-keystore parameter to the above keytool command, followed by the full pathname of the keystore file.

The copy code is as follows: "% JAVA_HOME%\ bin\ keytool"-genkey-alias tomcat-keyalg RSA-keystore c:/keystore

II. Modify tomcat configuration

Open the / conf/server.xml file to find something like this

Make a copy and remove the comments. The default port is 8443, but for SSL, the standard port number is 443.When you visit a web page, you can directly use https without entering the port number, such as https://loalhost/web.

Change redirectPort to 443,

The port number defined by SSL HTTP/1.1 Connector is also changed to: 443, adding keystoreFile= "${user.home} / .KeyStore" keystorePass= "which is the tomcat key password"

And one more.

Then start tomcat, and you can use https to access

If you want to transfer all HTTP requests to the HTTPS protocol, you can modify the web.xml under the conf of tomcat by adding the following under the node:

SSL / * CONFIDENTIAL

The above is the whole content of this article, I hope it will be helpful to your study, and I also hope that you will support it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.