Tomcat 配置全球服务器证书

1、申请全球DNS 域名

2、根据域名申请https证书

3、vi  server.xml

1、8443 改为443,设置证书配置
修改区域
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true">
        <SSLHostConfig>
            <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>

修改为
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true">
        <SSLHostConfig>
            <Certificate certificateKeystoreFile="/usr/local/java/tomcat8/conf/key/2018sslcert_GlobalSign_pwdBJCA.....pfx"
                         certificateKeystorePassword="123456"
                         certificateKeystoreType="PKCS12"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>
    
注释:certificateKeystoreFile 为证书路径,certificateKeystorePassword 为证书生成时设置的密码,certificateKeystoreType为类型,pfx 格式证书类型就是PKCS12



2、设置把8080端口改为80,设置访问80端口重定向到443端口
修改前
    <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />

修改为
<Connector port="80" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="443" />

3、8009重定向到443
修改前
<!-- Define an AJP 1.3 Connector on port 8009 -->
    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
修改后
 <!-- Define an AJP 1.3 Connector on port 8009 -->
    <Connector port="8009" protocol="AJP/1.3" redirectPort="443" />

4、vi  web.xml

在 </welcome-file-list>下面插入如下内容即可


<login-config> <!-- Authorization setting for SSL --> <auth-method>CLIENT-CERT</auth-method> <realm-name>Client Cert Users-only Area</realm-name> </login-config> <security-constraint> <!-- Authorization setting for SSL --> <web-resource-collection > <web-resource-name >SSL</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>

注:设置完第4步骤访问80 端口才会自动重定向到443,(前3步骤只是加入了全球服务器证书,可以通过443访问了)。

5、重启服务

../bin/shutdown.sh

../bin/start.sh

 

上一篇:【k8s】cm-生成环境变量


下一篇:npm publish 400 maintainers