TaoBye

tomcat配置域名https证书,添加80和443端口,http重定向到https

1、修改conf/server.xml的redirectPort改成443

<Connector port="80" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="443" />

2、打开port=443的配置注解,并加https的配置


<Connector port="443"
    protocol="org.apache.coyote.http11.Http11Protocol"
    SSLEnabled="true"
    scheme="https"
    secure="true"
    keystoreFile="/xxx/abc.com.pfx"
    keystoreType="PKCS12"
    keystorePass="xxxxx"
    clientAuth="false"
    SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"
    ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"/>

3、修改 conf/web.xml 在 conf/web.xml 添加如下内容,可从 http 跳转到 https 

<login-config>
        <!-- Authorization setting for SSL -->
        <auth-method>CLIENT-CERT</auth-method>
        <realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
        <!-- Authorization setting for SSL -->
        <web-resource-collection >
                <web-resource-name >SSL</web-resource-name>
                <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <user-data-constraint>
                <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
</security-constraint>
阅读:355   发布:2023-02-06 08:43:28
正在加载评论...