Tomcat 配置HTTPS
1. 生成keystore
?
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA -keystore \path\to\my\keystore
2. 配置server.xml
打开注释掉的HTTPS:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="\path\to\my\keystore" keystorePass="9c1d12eef17849c8887627b7f7922ce4" />
3. 强制使用HTTPS
server.xml里注意设置HTTP的转发端口为HTTPS的端口:8443
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" />
?web.xml里加入配置:
<security-constraint> <!-- Authorization setting for SSL --> <web-resource-collection > <web-resource-name >private</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>?
?
?
