eighty-nine
Tomcat certificate deployment

Get certificate

Because Tomcat is similar to Apache, certificates can be configured through the Apache interface, using certificates and private key files

Certificate installation

Configure the SSL connector, decompress the certificate to the conf/ssl directory under the Tomcat installation directory, create one without the ssl directory, and then configure the server.xml file under the same directory (the conf/directory of the Tomcat installation directory).

Find the 8443 port section, remove 8, and replace certificateKeyFile , certificateFile The value of. Delete another parameter certificateChainFile The configured contents are as follows, and then restart Tomcat.

 <Connector port=" four hundred and forty-three " protocol=" org.apache.coyote.http11.Http11AprProtocol " maxThreads=" one hundred and fifty " SSLEnabled=" true " >
 <UpgradeProtocol className=" org.apache.coyote.http2.Http2Protocol " />
 <SSLHostConfig>
 <Certificate certificateKeyFile=" D:\apache-tomcat-8.5.23\conf\SSL\niaoyun.com.key " certificateFile=" D:\apache-tomcat-8.5.23\conf\SSL\niaoyun.com.crt " type=" RSA " />
 </SSLHostConfig>
 </Connector>

If no error is reported during restart, the configuration is successful. You can open the https link test in the browser.

Security configuration of http auto jump https

reach Conf directory Lower web.xml stay </welcome-file-list> Back, </web-app> In the penultimate paragraph, add such a paragraph

 <login-config>
 <!--  Authorization setting for SSL -->
 <auth-method>CLIENT-CERT</auth-method>
 <realm-name>Client Cert Users-only Area</realm-name>
 </login-config>
 <security-constraint>
 <!--  Authorization setting for SSL -->
 <web-resource-collection>
 <web-resource-name>SSL</web-resource-name>
 <url-pattern>/*</url-pattern>
 </web-resource-collection>
 <user-data-constraint>
 <transport-guarantee>CONFIDENTIAL</transport-guarantee>
 </user-data-constraint>
 </security-constraint>

This step aims to make non ssl connectors jump to ssl connectors. So we still need to go server.xml To configure:

 <Connector port=" eight thousand and eighty " protocol=" HTTP/1.1 "
 connectionTimeout=" twenty thousand "
 redirectPort=" four hundred and forty-three " />

RedirectPort is changed to port 443 of the ssl connector. It will take effect after restart.

Does this help solve your problem? resolved Unresolved

Submitted successfully! Thank you very much for your feedback, and we will continue to strive to do better! We are sorry that we were unable to resolve your question. We have received your feedback and will give feedback in time!

  • 100 times fault compensation
  • Refund for 1 day without reason
  • 7x24 service
  • 0 yuan fast filing
  • 1V1 Special Secretary