标签:
1,通过jdk自带的keytool生成.keystore文件执行下面的命令:
/usr/bin/keytool -genkey -alias xiaomaodan -keyalg RSA -validity 36500 -keystore c:\keystore执行上面的命令后需要输入相关的证书信息
Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: localhost What is the name of your organizational unit? [Unknown]: shizhai What is the name of your organization? [Unknown]: shizhai What is the name of your City or Locality? [Unknown]: sz What is the name of your State or Province? [Unknown]: gd What is the two-letter country code for this unit? [Unknown]: cn Is CN=shizihan, OU=shizhai, O=shizhai, L=sz, ST=gd, C=cn correct? [no]: yes Enter key password for <xiaomaodan> (RETURN if same as keystore password): Re-enter new password:
注意:
E、"-validity 36500”含义是证书有效期,36500表示100年,默认值是90天
2 ,配置tomcat的server.xml文件,打开ssl的注释,并将生成的keystore文件拷贝到tomcat的conf目录
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="D:\soft\apache-tomcat-6.0.37\conf\。keystore" keystorePass="123456"/></pre>注意:keystoryFile:生成的keystore文件.keystorePass为生成keystore填入的password<p></p><p>3,配置web.xml文件,是应用程序的http请求自动转换到https</p><p></p><pre code_snippet_id="589187" snippet_file_name="blog_20150126_5_8919926" name="code" class="html"><security-constraint>
<web-resource-collection >
<web-resource-name >SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>4,验证:在浏览器输入部署的应用地址:http://localhost:8081/361sky/,则浏览器端会自动跳转到 https://localhost:8443/361sky/
5,由于不是授信的证书机构颁发的证书,所以要把证书添加的受信任的根证书
8,再次访问后,浏览器地址栏的地址错误木有了
标签:
原文地址:http://blog.csdn.net/joeyon1985/article/details/43150353
