tomcat8.5配置https
作者:互联网
一、使用jdk自带的工具生成数字证书
window生成方法:
keytool -genkey -v -alias tomcat -keyalg RSA -keystore C:\apache-tomcat-8.5.31\conf\key\tomcat.keystore -validity 36500
centos生成方法:
keytool -genkey -v -alias tomcat -keyalg RSA -keystore /usr/local/apache-tomcat-8.5.31/conf/key/tomcat.keystore -validity 36500
配置过程:
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: localhost
What is the name of your organizational unit?
[Unknown]: localhost
What is the name of your organization?
[Unknown]: localhost
What is the name of your City or Locality?
[Unknown]: shenzhen
What is the name of your State or Province?
[Unknown]: guangdong
What is the two-letter country code for this unit?
[Unknown]: CN
Is CN=localhost, OU=localhost, O=localhost, L=shenzhen, ST=guangdong, C=CN correct?
[no]: y
Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 36,500 days
for: CN=localhost, OU=localhost, O=localhost, L=shenzhen, ST=guangdong, C=CN
Enter key password for <tomcat>
(RETURN if same as keystore password):
Re-enter new password:
[Storing /usr/local/src/cert/tomcat.keystore]
Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /usr/local/src/cert/tomcat.keystore -destkeystore /usr/local/src/cert/tomcat.keystore -deststoretype pkcs12".
命令参数部分解释:
C:\apache-tomcat-8.5.31\conf\key\tomcat.keystore :表示数字证书生成后的文件路径
36500 :表示有效时间,36500天,默认90天
二、tomcat的server.xml配置
1、注释掉8080端口配置 (不是必须,也可以不注释,不注释的话,则http 8080端口也可以访问)
<!--<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />-->
标签:keystore,What,tomcat,Unknown,配置,tomcat8.5,https,password,localhost 来源: https://blog.51cto.com/chenshengsheng/2378792