2021-08-02

2023-11-21 10:27:06

Tomcat配置SSL证书

Tomcat8.5以上版本配置SSL过程

从阿里云或者腾讯云下载免费的SSL证书
证书下载地址：https://yundun.console.aliyun.com/?spm=5176.13329450.top-nav.dbutton.600d4df5hXMoKp&p=cas#/certExtend/free
把下载的证书解压复制到Tomcat的conf目录下
打开Tomcat/conf/server.xml，在server.xml文件中修改以下参数

<Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />

修改为

<Connector port="80" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="443" />

找到以下注释，去掉注释符号

<Connector port="8443"
           protocol="org.apache.coyote.http11.Http11NioProtocol"
           maxThreads="150"
           SSLEnabled="true">
     <SSLHostConfig>
           <Certificate certificateKeystoreFile="cert/keystore.pfx"
                 		certificateKeystorePassword="XXXXXXX"
                        certificateKeystoreType="PKCS12" />

修改为

<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true">
        <SSLHostConfig>
            <Certificate certificateKeystoreFile="conf/ssl证书名字.pfx"
						 certificateKeystorePassword="*****"
						 certificateKeystoreType="PKCS12"
                         />
        </SSLHostConfig>
    </Connector>

certificateKeystoreFile填入之前复制到conf目录下的证书名
certificateKeystorePassword填入解压后得到的txt文件中的秘钥

找到

<!--<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> -->

修改为

<Connector protocol="AJP/1.3"
               address="::1"
               port="8009"
               redirectPort="443" 
			   secretRequired=""
			   />

注：加上secretRequired="" 是为了防止tomcat启动时出现报错，如下

02-Aug-2021 13:15:24.141 严重 [main] org.apache.catalina.util.LifecycleBase.handleSubClassException 无法启动组件[Connector[AJP/1.3-8009]]
	org.apache.catalina.LifecycleException: 协议处理器启动失败
		at org.apache.catalina.connector.Connector.startInternal(Connector.java:1080)
		at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
		at org.apache.catalina.core.StandardService.startInternal(StandardService.java:454)
		at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
		at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:934)
		at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
		at org.apache.catalina.startup.Catalina.start(Catalina.java:795)
		at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
		at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
		at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
		at java.lang.reflect.Method.invoke(Method.java:498)
		at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:345)
		at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:476)
	Caused by: java.lang.IllegalArgumentException: AJP连接器配置secretRequired="true",但是属性secret确实空或者空字符串，这样的组合是无效的。
		at org.apache.coyote.ajp.AbstractAjpProtocol.start(AbstractAjpProtocol.java:270)
		at org.apache.catalina.connector.Connector.startInternal(Connector.java:1077)
		... 12 more

4.保存server.xml文件配置

5.打开web.xml文件，加入如下代码，实现网页自动跳转到https

<security-constraint> 
         <web-resource-collection > 
              <web-resource-name >SSL</web-resource-name>  
              <url-pattern>/*</url-pattern> 
       </web-resource-collection> 
       <user-data-constraint> 
                    <transport-guarantee>CONFIDENTIAL</transport-guarantee> 
       </user-data-constraint> 
    </security-constraint>

6.重启Tomcat即可

码农公寓

Tomcat配置SSL证书

相关文章