Tomcat

<Connector port="443" maxHttpHeaderSize="8192"
                 maxThreads="150"
                 enableLookups="false" disableUploadTimeout="true"
                 acceptCount="100" scheme="https" secure="true"
                 SSLEnabled="true"
                 SSLCertificateFile="{catalina.base}/conf/localhost.crt"
                 SSLCertificateKeyFile="{catalina.base}/conf/localhost.key" />
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore /path/to/my/keystore


<Connector
           protocol="org.apache.coyote.http11.Http11NioProtocol"
           port="8443" maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           keystoreFile="${user.home}/.keystore" keystorePass="changeit"
           clientAuth="false" sslProtocol="TLS"/>
<Connector
           protocol="org.apache.coyote.http11.Http11AprProtocol"
           port="8443" maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           SSLCertificateFile="/usr/local/ssl/server.crt"
           SSLCertificateKeyFile="/usr/local/ssl/server.pem"
           SSLVerifyClient="optional" SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"/>
openssl pkcs12 -export -out 214907629340324.pfx -inkey 214907629340324.key -in 214907629340324.pem
<Connector port="8443"
    protocol="HTTP/1.1"
    SSLEnabled="true"
    scheme="https"
    secure="true"
    keystoreFile="cert/214907629340324.pfx"
    keystoreType="PKCS12"
    keystorePass="证书密码"
    clientAuth="false"
    SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"
    ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"/>
②在web.xml末尾加上如下配置:

<security-constraint>

    <web-resource-collection >

              <web-resource-name >SSL</web-resource-name>

              <url-pattern>/*</url-pattern>

       </web-resource-collection>

       <user-data-constraint>

       <transport-guarantee>CONFIDENTIAL</transport-guarantee>

       </user-data-constraint>

</security-constraint>

 

 

 

THE END
分享
二维码
< <上一篇
下一篇>>