标签:http tomcat cti prot org fonts url enabled sni
1.生成keystore文件。keytool -v -genkey -alias tomcat -keyalg RSA -keystore d:/tomcat.keystore -validity 36500
这里的keytool在jdk的bin目录下,也可以写绝对地址,这里的口令一律写123456,下面要用到
这样就生成了tomcat.keystore
2、修改 tomcat/conf/server.xml ,并指定安全证书位置和密码
<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="D:/tomcat.keystore"
keystorePass="123456"/>此时是http和https都可以访问项目的,若要完全禁用http则需要修改以下
8080和8009(这里的端口改为了8003)对应改为443
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8003" protocol="AJP/1.3" redirectPort="443" />3.配置web.xm,在welcome-file-list后面加上以下
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<login-config>
<!--Authorization setting for SSL -->
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client Cert User-only Area</realm-name>
</login-config>
<security-constraint>
<!--Authorization setting for SSL-->
<web-resource-collection>
<web-resource-name>SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<login-config>
<!--Authorization setting for SSL -->
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client Cert User-only Area</realm-name>
</login-config>
<security-constraint>
<!--Authorization setting for SSL-->
<web-resource-collection>
<web-resource-name>SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>fortune</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
<http-method>HEAD</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
</web-resource-collection>
<auth-constraint></auth-constraint>
</security-constraint>
4.加载项目,启动后导入证书就可以了
访问https://localhost:443/spfxzd会出现安全证书有问题,右键
证书--详细信息--复制到文件--下一步--一直到导出文件到桌面文件为tomcat.cer
这里可以双击证书安装下
下面打开浏览器的Internet选项 ----> 内容 ---->
证书
选择"受信任的根证书颁发机构"
----> 导入证书
将生成的证书导入进来
完成
参考配置:http://www.cnblogs.com/wanghaoyuhappy/p/5267702.html
标签:http tomcat cti prot org fonts url enabled sni
原文地址:http://blog.csdn.net/lhw244/article/details/69062303
