tomcat打开https端口访问

apache-tomcat-7.0.X验证

1. vim conf/server.xml

打开8443端口的Connector：

 81     <!-- Define an SSL HTTP/1.1 Connector on port 8443
 82          This connector uses the BIO implementation that requires the JSSE
 83          style configuration. When using the APR/native implementation, the
 84          OpenSSL style configuration is required as described in the APR/native
 85          documentation -->
 86     <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
 87                maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
 88                ciphers="TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384"
 88                keystoreFile="certificate/keystore.jks" keystorePass="123456"
 89                clientAuth="false" sslProtocol="TLS" />
 90

这里要配两个变量：

keystoreFile="certificate/keystore.jks" keystorePass="123456"

keystoreFile路径是相当tomcat的根路径，即CATALINA_HOME值，在这里包含：

$ pwd
.../apache-tomcat-7.0.X
$ ls
bin           certificate  CONTRIBUTING.md  LICENSE  NOTICE     RELEASE-NOTES  temp     work
BUILDING.txt  conf         lib              logs     README.md  RUNNING.txt    webapps

注意这里使用jks的keystore格式。