一、生成证书
使用jdk 自带工具keytool 生成证书
[root@localhost61 ~]# keytool -genkeypair-alias "tomcat" -keyalg "RSA" -keystore"/usr/local/src/apache-tomcat-7.0.72/ssl/192.168.10.61.keystore"
Enter keystore password: 输入密码
Re-enter new password:
What is your first and last name? 这里输入的名字应该与域名保持一致,否则道中无法访问
[Unknown]: 192.168.10.61
What is the name of your organizationalunit? 输入组织信息
[Unknown]: 192.168.10.61
What is the name of your organization? 输入组织信息
[Unknown]: 192.168.10.61
What is the name of your City or Locality? 输入城市名称
[Unknown]: suzhou
What is the name of your State or Province?输入省份名称
[Unknown]: jiangsu
What is the two-letter country code forthis unit? 输入组织编码
[Unknown]: cn
Is CN=192.168.10.61, OU=192.168.10.61,O=192.168.10.61, L=suzhou, ST=jiangsu, C=cn correct?
[no]: y 确认组织信息 ,确认输入yes
Enter key password for <tomcat>
(RETURNif same as keystore password):
Re-enter new password: # 输入设置证书设置的密码
备注:演示设置的密码为123123
二、修改server.xml 配置文件
改下面的代码
|
1
2
3
4
|
87 <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
88 maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
89 clientAuth="false" sslProtocol="TLS" />
90 -->
|
为
|
1
2
3
4
5
6
7
8
9
|
87 <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
88 maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
89 clientAuth="false" sslProtocol="TLS"
90 keystoreFile="/usr/local/src/apache-tomcat-7.0.72/ssl/192.168.10.61.keystore"
91 keystorePass="123123"/>
92
93
94 <!-- Define an AJP 1.3 Connector on port 8009 -->
95 <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
|
三、启动tomcat
./bin/startup.sh
四、测试
在浏览器中输入访问地址 https://192.168.10.61:8443/
添加浏览器安全例外,即可访问(备注:浏览器 flash 插件版本低,在这里就无法截图上传了)
本文转自 水滴石川1 51CTO博客,原文链接:http://blog.51cto.com/sdsca/1972712,如需转载请自行联系原作者