確認系統中裝好了openssl,如果沒有則安裝!
通過https協議訪問,需要安裝證書!這裏使用java去生成證書:cmd,命令行執行命令:
keytool -v -genkey -alias tomcat -keyalg RSA -keystore /weblogic/apache-tomcat-6.0.32/conf/tomcat.keystore
keytool -v -genkey -alias tomcat -keyalg RSA -keystore D:\tomcat.keystore
輸入密碼和確認密碼,再輸入相關信息。這裏把證書生成到了。/weblogic/apache-tomcat-6.0.32/conf/tomcat.keystore目錄下,如果是windows,則是D:\tomcat.keystore目錄。
打開tomcat目錄conf下的server.xml,8080端口的redirectPort指向443,或者8443,443爲ssl協議默認的端口。
<Connector port="8080" protocol="HTTP/1.1"
maxThreads="150" connectionTimeout="20000"
redirectPort="443" />
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<!--keystoreFile就是java生成的證書文件,我放在了tomcat的conf目錄下,keystorePass就是生成證書時輸入的密碼-->
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="conf/server.keystore" keystorePass="zyujiePass"/>
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="443" />
上述配置完成了,輸入https://127.0.0.1:443/可以訪問了。不過443是https默認的端口,我們只用https://127.0.0.1/即可。
在tomcat下面conf的目錄:web.xml最後添加下面配置。這樣我們訪問webapp下面的系統,都會轉發成https了。
<security-constraint>
<web-resource-collection>
<web-resource-name>securedapp</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
http://127.0.0.1:8080/xxx/login.jsp 會被轉發成 https://127.0.0.1/xxx/login.jsp