主要有一下幾個步驟:
(1)生成服務器端證書文件
[root@compute-02-03-77 bin]#cd {JAVA_HOME}/bin/
[root@compute-02-03-77 bin]# keytool -genkey -alias tomcat -keyalg RSA -keystore {tomcat主目錄}/conf/tomcat.keystore -validity 36500
根據提示,生成一個隱藏文件
(2)配置tomcat
[root@compute-02-03-77 bin]#cd {tomcat主目錄}/conf/
[root@compute-02-03-77 conf]#vi server.xml
將以下內容:
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
修改爲:
<Connector port="8444" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslEnabledProtocols="TLS"
keystoreFile="conf/tomcat.keystore" keystorePass="ebsadmin">
(3)配置項目web.xml文件
[root@compute-02-03-77 conf]#cd {tomcat主目錄}/webapps/EBS_Management_System/WEB-INF/
[root@compute-02-03-77 conf]#vi web.xml
在標籤內末尾處添加以下內容:
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>{項目名稱}</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
</web-app>
測試
啓動 Tomcat 並訪問 https://localhost:8444. 你將看到 Tomcat 默認的首頁。