tomcat7.0.61配置https(windows)
2017-10-09 本文已影响25人
ShinEDL
因tomcat7以上开始支持pfx格式证书,所以本次https配置是根据pfx证书的方式配置。
tomcat还支持JKS格式证书。
大致步骤:
1. 首先可以参考阿里云的tomcat https配置:
image.png
由于ciphers字段内容太长,将其拷贝出来:ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"
keystoreFile:pfx证书所在路径
2.根据上文配置,有些出入,如下:
(1)keystoreFile的路径用绝对路径表示;
(2)SSLProtocol仅填写“TLS”,否则tomcat启动会报错,原因不明;
(3)protocol填写“org.apache.coyote.http11.Http11Protocol”,不然找不到协议,tomcat也会报错。
3. 配置conf/web.xml,让所有http请求转为https请求(可选)
<login-config>
<!-- Authorization setting for SSL -->
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
<!-- Authorization setting for SSL -->
<web-resource-collection >
<web-resource-name >SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
4. 重启tomcat
注意事项:
- port端口必须是开放的,可以不仅限443端口。
- 如果是apache做解析域名的工作,则apache仅需配置成正常的http访问方式即可。
apache配置示例:
############## for Dscake #######################
<VirtualHost *>
ServerName xcx.ews88.com
DocumentRoot "D:/www/htdocs/Dscake"
JkMount /*.jsp Dscake
JkMount /*.do Dscake
JkMount /*.html Dscake
<Directory "D:/www/htdocs/Dscake">
Options FollowSymLinks Indexes
AllowOverride All
Order deny,allow
Allow from all
</Directory>
<IfModule dir_module>
DirectoryIndex index.jsp
</IfModule>
SetEnv force-proxy-request-1.0.1
SetEnv proxy-nokeepalive 1
CustomLog "|bin/rotatelogs D:/apacheLogs/Dscake_logs/Dscake_access_log_%Y_%m_%d_%H.log 3600 480" combined
ErrorLog "|bin/rotatelogs D:/apacheLogs/Dscake_logs/Dscake_error_log_%Y_%m_%d_%H.log 3600 480"
</VirtualHost>
############## for Dscake #######################
附录:
- JKS格式证书安装(阿里云)
image tomcat.png
图中的帮助链接:https://help.aliyun.com/knowledge_detail/42214.html?spm=5176.2020520163.cas.53.406f1768UlMSxR
