Tomcat-ssl

目录

• Tomcat配置SSL
  • 1. 生成证书
  • 2. 修改配置文件
  • 3. 测试

Tomcat配置SSL

我的环境是Centos7.4!基础Tomcat环境已经配置好了,直接进行配置.

1. 生成证书

[root@server ~]# cd /data/apache-tomcat-8.5.38/conf
[root@server conf]# keytool -genkey -alias tomcat -keyalg RSA -keystore .keystore
↓将自己的证书和私钥转换成keystore格式.如果使用了上方的自签名就不需要配置这个了.
↓ 1.将证书和私钥一起转换成pkcs12格式的密钥文件.
[root@server ~]# openssl pkcs12 -export -in www.hyiqie.com.crt -inkey www.hyiqie.com.key -out pkcs12.key
Enter Export Password:123456
Verifying - Enter Export Password:123456
↓ 2.将pkcs12格式的密钥文件转换成keystore格式的证书文件.
[root@server ~]# keytool -importkeystore -deststorepass 123456 -destkeypass 123456 -destkeystore .keystore -srckeystore pkcs12.key -srcstoretype PKCS12 -srcstorepass 123456
Importing keystore pkcs12.key to .keystore...
Entry for alias 1 successfully imported.
Import command completed:  1 entries successfully imported, 0 entries failed or cancelled

2. 修改配置文件

[root@server conf]# vim server.xml 
需要添加以下参数.
<Connector
          protocol="HTTP/1.1"
          port="443" maxThreads="200"
          scheme="https" secure="true" SSLEnabled="true"
         keystoreFile="/data/apache-tomcat-8.5.38/conf/.keystore" keystorePass="123456"
         clientAuth="false" sslProtocol="TLS"/>
[root@server conf]# ../bin/startup.sh 
Using CATALINA_BASE:   /data/apache-tomcat-8.5.38
Using CATALINA_HOME:   /data/apache-tomcat-8.5.38
Using CATALINA_TMPDIR: /data/apache-tomcat-8.5.38/temp
Using JRE_HOME:        /usr/java/jre1.8.0_201
Using CLASSPATH:       /data/apache-tomcat-8.5.38/bin/bootstrap.jar:/data/apache-tomcat-8.5.38/bin/tomcat-juli.jar
Tomcat started.

3. 测试

[root@server conf]# curl https://192.168.32.134 -k
heheh134