Tomcat配置Https访问
2010-05-04 13:44
477 查看
关键字: tomcat https访问设置
前几天客户提出要强制使用HTTPS方式访问Tomcat中的相关项目,于是研究了下,现将具体的步骤写下:
主要分2步:让tomcat能使用https--->强制使用https访问
1.让tomcat能使用https
A.在运行命令JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg
RSA -keystore C:/Tomcat/GMAE3.0Tomcat/tomcat.keystore
这样就生成了证书,将证书放到合适的地方(任意地方都可以)
B.打开tomcat目录下的server.xml文件并找到关于ssl的相关段
Java
代码
<!-- Define a SSL HTTP/1.1
Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<!--<Connector port="8443"
protocol="HTTP/1.1"
SSLEnabled="true"
maxThreads="150"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
/>-->
C.去掉注释,添keystoreFile="C:/Tomcat/GMAE3.0Tomcat/tomcat.keystore"
keystorePass="tomcat"的属性
改动完成后配置为:
Java
代码
<Connector port="8443"
protocol="HTTP/1.1"
SSLEnabled="true"
maxThreads="150"
scheme="https"
secure="true"
clientAuth="false"
keystoreFile="C:/Tomcat/GMAE3.0Tomcat/tomcat.keystore"
keystorePass="tomcat"
sslProtocol="TLS"
/>
D.然后重启tomcat就能使用HTTPS访问
2.强制https访问
在tomcat/conf/web.xml中的</welcome-file-list>后面加上这样一段:
Java
代码
<login-config>
<!-- Authorization setting for
SSL -->
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
<!-- Authorization setting for
SSL -->
<web-resource-collection >
<web-resource-name >SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
完成以上步骤后,在浏览器中输入http的访问地址也会自动转换为https了
前几天客户提出要强制使用HTTPS方式访问Tomcat中的相关项目,于是研究了下,现将具体的步骤写下:
主要分2步:让tomcat能使用https--->强制使用https访问
1.让tomcat能使用https
A.在运行命令JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg
RSA -keystore C:/Tomcat/GMAE3.0Tomcat/tomcat.keystore
这样就生成了证书,将证书放到合适的地方(任意地方都可以)
B.打开tomcat目录下的server.xml文件并找到关于ssl的相关段
Java
代码
<!-- Define a SSL HTTP/1.1
Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<!--<Connector port="8443"
protocol="HTTP/1.1"
SSLEnabled="true"
maxThreads="150"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
/>-->
<!-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation --> <!--<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" />-->
C.去掉注释,添keystoreFile="C:/Tomcat/GMAE3.0Tomcat/tomcat.keystore"
keystorePass="tomcat"的属性
改动完成后配置为:
Java
代码
<Connector port="8443"
protocol="HTTP/1.1"
SSLEnabled="true"
maxThreads="150"
scheme="https"
secure="true"
clientAuth="false"
keystoreFile="C:/Tomcat/GMAE3.0Tomcat/tomcat.keystore"
keystorePass="tomcat"
sslProtocol="TLS"
/>
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" keystoreFile="C:/Tomcat/GMAE3.0Tomcat/tomcat.keystore" keystorePass="tomcat" sslProtocol="TLS" />
D.然后重启tomcat就能使用HTTPS访问
2.强制https访问
在tomcat/conf/web.xml中的</welcome-file-list>后面加上这样一段:
Java
代码
<login-config>
<!-- Authorization setting for
SSL -->
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
<!-- Authorization setting for
SSL -->
<web-resource-collection >
<web-resource-name >SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config> <!-- Authorization setting for SSL --> <auth-method>CLIENT-CERT</auth-method> <realm-name>Client Cert Users-only Area</realm-name> </login-config> <security-constraint> <!-- Authorization setting for SSL --> <web-resource-collection > <web-resource-name >SSL</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
完成以上步骤后,在浏览器中输入http的访问地址也会自动转换为https了
相关文章推荐
- Tomcat 访问http强制 https 访问配置方法
- 如何配置https访问tomcat
- tomcat配置https及访问
- tomcat 配置https访问
- Glassfish4.1和Tomcat配置Https访问
- TOMCAT HTTPS访问配置应用
- tomcat配置https访问chrome提示ERR_SSL_VERSION_OR_CIPHER_MISMATCH
- 在Tomcat下配置HTTPS访问方式
- linux 配置tomcat https访问
- Tomcat配置https及访问http自动跳转至https
- tomcat7 配置 https安全访问
- 本地测试Tomcat配置Https访问
- tomcat下配置https 访问
- Tomcat配置https及访问http自动跳转至https
- tomcat配置https访问系统
- tomcat配置https访问
- 创建https访问证书,增加证书到tomcat配置
- Windows下Tomcat+nginx配置证书实现登录页https访问
- Nginx+Tomcat服务器环境中配置https访问
- 本地Tomcat配置ssl 实现https访问