tomcat配置https自签名证书（keytool生成）

生成keystore

keytool -genkeypair -alias "server" -keyalg "RSA" -validity "365" -keystore "/app/webapp/tomcat/https/server.keystore"

[webapp@machina https]$ pwd/app/webapp/tomcat/https[webapp@machina https]$ keytool -genkeypair -alias "server" -keyalg "RSA" -validity "365" -keystore "/app/webapp/tomcat/https/server.keystore"Enter keystore password: ?Re-enter new password: What is your first and last name? ?[Unknown]: ?10.13.22.102What is the name of your organizational unit? ?[Unknown]: ?aiWhat is the name of your organization? ?[Unknown]: ?aiWhat is the name of your City or Locality? ?[Unknown]: ?gzWhat is the name of your State or Province? ?[Unknown]: ?gdWhat is the two-letter country code for this unit? ?[Unknown]: ?cnIs CN=10.13.22.102, OU=ai, O=ai, L=gz, ST=gd, C=cn correct? ?[no]: ?yesEnter key password for <server> ???????(RETURN if same as keystore password): ?Re-enter new password: Warning:The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /app/webapp/tomcat/https/server.keystore -destkeystore /app/webapp/tomcat/https/server.keystore -deststoretype pkcs12".[webapp@machina https]$ 

修改配置server.xml

[webapp@machina conf]$ pwd/app/webapp/tomcat/apache-tomcat-7.0.88/conf[webapp@machina conf]$ vi server.xml

 ???<!-- ???<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" ??????????????maxThreads="150" SSLEnabled="true" scheme="https" secure="true" ??????????????clientAuth="false" sslProtocol="TLS" /> ???-->

改为：

 ???<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" ??????????????maxThreads="150" SSLEnabled="true" scheme="https" secure="true" ??????????????clientAuth="false" sslProtocol="TLS" ???????????????keystoreFile="/app/webapp/tomcat/https/server.keystore" keystorePass="123456"/>

保存：
:wq

修改https的tomcat里的默认端口8443（也可不改，用默认的）。
这里修改为18003。共修改三处。另外两处是注释里的，可不修改。

 ???<Connector port="18002" protocol="HTTP/1.1" ??????????????connectionTimeout="20000" ??????????????redirectPort="8443" /> ???<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

 ???<Connector port="18002" protocol="HTTP/1.1" ??????????????connectionTimeout="20000" ??????????????redirectPort="18003" /> ???<Connector port="18003" protocol="org.apache.coyote.http11.Http11Protocol" ??????????????maxThreads="150" SSLEnabled="true" scheme="https" secure="true" ??????????????clientAuth="false" sslProtocol="TLS" ??????????????keystoreFile="/app/webapp/tomcat/https/server.keystore" keystorePass="123456"/> ???<Connector port="8009" protocol="AJP/1.3" redirectPort="18003" />

修改tomcat的web.xml，强制http跳转到https

[webapp@machina conf]$ pwd
/app/webapp/tomcat/apache-tomcat-7.0.88/conf
[webapp@machina conf]$ vi web.xml

</welcome-file-list>后面加上这样一段：

 ???<login-config> ???????????<!-- Authorization setting for SSL --> ???????????<auth-method>CLIENT-CERT</auth-method> ???????????<realm-name>Client Cert Users-only Area</realm-name> ???????</login-config> ???????<security-constraint> ???????????<!-- Authorization setting for SSL --> ???????????<web-resource-collection > ???????????????<web-resource-name >SSL</web-resource-name> ???????????????<url-pattern>/*</url-pattern> ???????????</web-resource-collection> ???????????<user-data-constraint> ???????????????<transport-guarantee>CONFIDENTIAL</transport-guarantee> ???????????</user-data-constraint> ???????</security-constraint>

重启tomcat

[webapp@machina bin]$ pwd/app/webapp/tomcat/apache-tomcat-7.0.88/bin[webapp@machina bin]$ sh shutdown.shUsing CATALINA_BASE: ??/app/webapp/tomcat/apache-tomcat-7.0.88Using CATALINA_HOME: ??/app/webapp/tomcat/apache-tomcat-7.0.88Using CATALINA_TMPDIR: /app/webapp/tomcat/apache-tomcat-7.0.88/tempUsing JRE_HOME: ???????/opt/jdk1.8.0_151Using CLASSPATH: ??????/app/webapp/tomcat/apache-tomcat-7.0.88/bin/bootstrap.jar:/app/webapp/tomcat/apache-tomcat-7.0.88/bin/tomcat-juli.jarJava HotSpot(TM) 64-Bit Server VM warning: ignoring option PermSize=256m; support was removed in 8.0Java HotSpot(TM) 64-Bit Server VM warning: ignoring option MaxPermSize=256m; support was removed in 8.0[webapp@machina bin]$ sh startup.shUsing CATALINA_BASE: ??/app/webapp/tomcat/apache-tomcat-7.0.88Using CATALINA_HOME: ??/app/webapp/tomcat/apache-tomcat-7.0.88Using CATALINA_TMPDIR: /app/webapp/tomcat/apache-tomcat-7.0.88/tempUsing JRE_HOME: ???????/opt/jdk1.8.0_151Using CLASSPATH: ??????/app/webapp/tomcat/apache-tomcat-7.0.88/bin/bootstrap.jar:/app/webapp/tomcat/apache-tomcat-7.0.88/bin/tomcat-juli.jarTomcat started.

访问

?http://10.13.22.102:18002/ops/app
自动跳转：
?https://10.13.22.102:18003/ops/app

tomcat配置https自签名证书（keytool生成）

原文地址：http://blog.51cto.com/170023/2154885