一、生成证书
使用jdk 自带工具keytool 生成证书
[root@localhost61 ~]# keytool -genkeypair-alias "tomcat" -keyalg "RSA" -keystore"/usr/local/src/apache-tomcat-7.0.72/ssl/192.168.10.61.keystore"
Enter keystore password: 输入密码
Re-enter new password:
What is your first and last name? 这里输入的名字应该与域名保持一致,否则道中无法访问
[Unknown]: 192.168.10.61
What is the name of your organizationalunit? 输入组织信息
[Unknown]: 192.168.10.61
What is the name of your organization? 输入组织信息
[Unknown]: 192.168.10.61
What is the name of your City or Locality? 输入城市名称
[Unknown]: suzhou
What is the name of your State or Province?输入省份名称
[Unknown]: jiangsu
What is the two-letter country code forthis unit? 输入组织编码
[Unknown]: cn
Is CN=192.168.10.61, OU=192.168.10.61,O=192.168.10.61, L=suzhou, ST=jiangsu, C=cn correct?
[no]: y 确认组织信息 ,确认输入yes
Enter key password for <tomcat>
(RETURNif same as keystore password):
Re-enter new password: # 输入设置证书设置的密码
备注:演示设置的密码为123123
二、修改server.xml 配置文件
改下面的代码
1
2
3
4
|
87 < Connector port = "8443" protocol = "org.apache.coyote.http11.Http11Protocol"
88 maxThreads = "150" SSLEnabled = "true" scheme = "https" secure = "true"
89 clientAuth = "false" sslProtocol = "TLS" />
90 -->
|
为
1
2
3
4
5
6
7
8
9
|
87 < Connector port = "8443" protocol = "org.apache.coyote.http11.Http11Protocol"
88 maxThreads = "150" SSLEnabled = "true" scheme = "https" secure = "true"
89 clientAuth = "false" sslProtocol = "TLS"
90 keystoreFile = "/usr/local/src/apache-tomcat-7.0.72/ssl/192.168.10.61.keystore"
91 keystorePass = "123123" />
92
93
94 <!-- Define an AJP 1.3 Connector on port 8009 -->
95 < Connector port = "8009" protocol = "AJP/1.3" redirectPort = "8443" />
|
三、启动tomcat
./bin/startup.sh
四、测试
在浏览器中输入访问地址 https://192.168.10.61:8443/
添加浏览器安全例外,即可访问(备注:浏览器 flash 插件版本低,在这里就无法截图上传了)
本文转自 水滴石川1 51CTO博客,原文链接:http://blog.51cto.com/sdsca/1972712,如需转载请自行联系原作者