1.首先使用cmd命令切換到jdk的bin目錄下
2. 執行命令 keytool -genkey -alias tomcat -keyalg RSA -keystore E:\apache-tomcat-7.0.92\conf\tomcat.keystore -validity 36500
說明:“E:\apache-tomcat-7.0.92\conf\tomcat.keystore”含義是將證書文件保存在E:\apache-tomcat-7.0.92\conf\tomcat.keystore,證書文件名稱是tomcat.keystore ;“-validity 36500”含義是證書有效期,36500表示100年,默認值是90天
3. 配置tomcat服務器
找到tomcat的conf目錄下的server.xml文件
把上面紅框中的註釋放開,修改成:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="conf/tomcat.keystore" keystorePass="生成證書時的口令" />
此時訪問http://127.0.0.1:8080還是跟以前一樣。
打開E:\apache-tomcat-7.0.92\conf\web.xml,
,在該文件後面加上這樣一段:
<login-config>
<!-- Authorization setting for SSL -->
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
<!-- Authorization setting for SSL -->
<web-resource-collection >
<web-resource-name >SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
重啓tomact訪問http://127.0.0.1:8080會自動跳轉成https://127.0.0.1:8443