天天看點
傳回

Tomcat配置Https通路(1)

1. 生成證書

在指令行運作指令JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg

RSA -keystore C:\Tomcat\GMAE3.0Tomcat\tomcat.keystore(指定一個位置)

這樣就生成了證書,将證書放到合适的地方(任意地方都可以)

2. 配置server.xml

找到關于ssl的相關段,去掉注釋,添keystoreFile="C:\Tomcat\GMAE3.0Tomcat\tomcat.keystore"

keystorePass="tomcat"的屬性

<Connector protocol="org.apache.coyote.http11.Http11Protocol" 
port="8443" maxHttpHeaderSize="8192" maxThreads="150" 
minSpareThreads="25" maxSpareThreads="75" 
enableLookups="false" disableUploadTimeout="true" 
acceptCount="100" scheme="https" secure="true" 
clientAuth="false" sslProtocol="TLS" 
keystoreFile="D:\TRS\TRSIDS3500_trunk_https\tomcat.keystore" 
algorithm="SunX509" keystorePass="trsadmin"/>

tomcat不同版本配置是不同的

Tomcat5.5.9配置: 

<Connector port="8443" maxHttpHeaderSize="8192" 
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
 enableLookups="false" disableUploadTimeout="true" 
acceptCount="100" scheme="https" secure="true" 
clientAuth="false" sslProtocol="TLS" keystoreFile="server.keystore" 
keystorePass="changeit"/>

    Tomcat5.5.20配置(此配置同樣可用于Tomcat6.0)   

<Connector protocol="org.apache.coyote.http11.Http11Protocol" 
port="8443" maxHttpHeaderSize="8192" maxThreads="150" 
minSpareThreads="25" maxSpareThreads="75" 
enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" 
clientAuth="false" sslProtocol="TLS" keystoreFile="server.keystore" 
keystorePass="changeit"/>

   Tomcat6.0.10 配置:

<Connector protocol="org.apache.coyote.http11.Http11NioProtocol" 
port="8443" minSpareThreads="5" maxSpareThreads="75" 
enableLookups="true" disableUploadTimeout="true" 
acceptCount="100" maxThreads="200" scheme="https" 
secure="true" SSLEnabled="true" clientAuth="false" 
sslProtocol="TLS" 
keystoreFile="D:/tools/apache-tomcat-6.0.10/server.keystore" 
keystorePass="changeit"/>

  tomcat6支援3種,請參考以下文檔: http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html

3. 重新開機tomcat就能使用HTTPS通路

4. 強制https通路

在tomcat\conf\web.xml中的</welcome-file-list>後面加上這樣一段:

<login-config>
    <!-- Authorization setting for SSL -->
    <auth-method>CLIENT-CERT</auth-method>
    <realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
    <!-- Authorization setting for SSL -->
    <web-resource-collection >
	<web-resource-name >SSL</web-resource-name>
	<url-pattern>/root_home</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
	<transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>
ssl java web.xml
上一篇: dataframe添加一列并疊代指派_python入門筆記—list2删除,添加,清單生成
下一篇: 基于TFIDF實作文本分類,并比較詞集模型與詞袋模型的分類效果

繼續閱讀