tomcat8.5配置https

1、使用jdk自帶的工具生成數字證書

window生成方法：

keytool -genkey -v -alias tomcat -keyalg RSA -keystore D:\conf\key\tomcat.keystore -validity 36500

centos生成方法：

keytool -genkey -v -alias tomcat -keyalg RSA -keystore /usr/local/src/key/tomcat.keystore -validity 36500

命令參數部分解釋：

D:\conf\key\tomcat.keystore ：表示數字證書生成後的文件路徑
36500 ：表示有效時間，36500天，默認90天
-alias tomcat(別名)
-keypass 123456(別名密碼)

配置過程：

Enter keystore password:  
Re-enter new password: 
What is your first and last name?
  [Unknown]:  localhost
What is the name of your organizational unit?
  [Unknown]:  localhost
What is the name of your organization?
  [Unknown]:  localhost       
What is the name of your City or Locality?
  [Unknown]:  shenzhen
What is the name of your State or Province?
  [Unknown]:  guangdong
What is the two-letter country code for this unit?
  [Unknown]:  CN
Is CN=localhost, OU=localhost, O=localhost, L=shenzhen, ST=guangdong, C=CN correct?
  [no]:  y

Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 36,500 days
    for: CN=localhost, OU=localhost, O=localhost, L=shenzhen, ST=guangdong, C=CN
Enter key password for <tomcat>
    (RETURN if same as keystore password):  
Re-enter new password: 
[Storing /usr/local/src/cert/tomcat.keystore]

Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /usr/local/src/cert/tomcat.keystore -destkeystore /usr/local/src/cert/tomcat.keystore -deststoretype pkcs12".

2、tomcat的server.xml配置

一、註釋掉8080端口配置 (不是必須，也能夠不註釋，不註釋的話，則http 8080端口也能夠訪問)

<!--<Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />-->

二、取消註釋8443端口配置，並改成443端口（訪問不加端口的設置）（注意：Https訪問的端口是8443，能夠修改爲別的端口。），將生成的正式和密碼配置到keystoreFile="C:\apache-tomcat-8.5.31\conf\key\tomcat.keystore" keystorePass="123456"

 <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" 
               keystoreFile="/usr/local/tomcat/conf/server.keystore" 
               keystorePass="123456"
               >
        <!--<SSLHostConfig>
            <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
                         type="RSA" />
        </SSLHostConfig>-->
    </Connector>

注意：
若是是tomcat8.0,因爲tomcat8.0的server.xml和tomcat8.5的不一樣，tomcat8.0的server.xml文件應該這樣改動：

<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
               keystoreFile="/usr/local/tomcat/conf/server.keystore" 
               keystorePass="123456"        />

三、更改8443端口爲443

<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
改成：
<Connector port="8009" protocol="AJP/1.3" redirectPort="443" />

3、訪問，輸入 https://148.70.11.97