詳解如何給Tomcat配置Https/ssl證書

建立證照 

keytool -genkeypair -alias "tomcat" -keyalg "RSA" -keystore "localhost-rsa.jks"

後面的資訊隨便輸入，我這裡輸入的是：

效果圖

Enter keystore password: 

Re-enter new password: 

What is your first and last name?

 [Unknown]: pich

What is the name of your organizational unit?

 [Unknown]: pich

What is the name of your organization?

 [Unknown]: tomcat

What is the name of your City or Locality?

 [Unknown]: beijing

What is the name of your State or Province?

 [Unknown]: beijing

What is the two-letter country code for this unit?

 [Unknown]: cn

Is CN=pich, OU=pich, O=tomcat, L=beijing, ST=beijing, C=cn correct?

 [no]: y

Enter key password for <tomcat>

(RETURN if same as keystore password): 

Re-enter new password:

這樣就會在當前目錄建立一個localhost-rsa.jks檔案。密碼是123456，別名是tomcat。

給Tomcat配置證照

首先將上面生成的localhost-rsa.jks檔案複製到Tomcat的conf目錄，然後開啟該目錄下面的server.xml檔案，找到如下程式碼，原來是註釋了，現在需要開啟註釋更改為如下內容：

然後重新啟動Tomcat，訪問

就可以看到如下頁面：

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"

 SSLEnabled="true" maxThreads="150" scheme="https" secure="true"

 clientAuth="false" sslProtocol="TLS"

 keystoreFile="conf/localhost-rsa.jks" keystorePass="123456"

 /> 

可以看到位址列是顯示為不安全的。因為這個證照是我們自己製作的，瀏覽器預設不信任他，當然你可以手動信任他。