window生成方法:apache
keytool -genkey -v -alias tomcat -keyalg RSA -keystore D:\conf\key\tomcat.keystore -validity 36500
centos生成方法:centos
keytool -genkey -v -alias tomcat -keyalg RSA -keystore /usr/local/src/key/tomcat.keystore -validity 36500
D:\conf\key\tomcat.keystore :表示數字證書生成後的文件路徑
36500 :表示有效時間,36500天,默認90天
-alias tomcat(別名)
-keypass 123456(別名密碼)tomcat
Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: localhost What is the name of your organizational unit? [Unknown]: localhost What is the name of your organization? [Unknown]: localhost What is the name of your City or Locality? [Unknown]: shenzhen What is the name of your State or Province? [Unknown]: guangdong What is the two-letter country code for this unit? [Unknown]: CN Is CN=localhost, OU=localhost, O=localhost, L=shenzhen, ST=guangdong, C=CN correct? [no]: y Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 36,500 days for: CN=localhost, OU=localhost, O=localhost, L=shenzhen, ST=guangdong, C=CN Enter key password for <tomcat> (RETURN if same as keystore password): Re-enter new password: [Storing /usr/local/src/cert/tomcat.keystore] Warning: The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /usr/local/src/cert/tomcat.keystore -destkeystore /usr/local/src/cert/tomcat.keystore -deststoretype pkcs12".
一、註釋掉8080端口配置 (不是必須,也能夠不註釋,不註釋的話,則http 8080端口也能夠訪問)ide
<!--<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" />-->
二、取消註釋8443端口配置,並改成443端口(訪問不加端口的設置)(注意:Https訪問的端口是8443,能夠修改爲別的端口。),將生成的正式和密碼配置到keystoreFile="C:\apache-tomcat-8.5.31\conf\key\tomcat.keystore" keystorePass="123456"工具
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" keystoreFile="/usr/local/tomcat/conf/server.keystore" keystorePass="123456" > <!--<SSLHostConfig> <Certificate certificateKeystoreFile="conf/localhost-rsa.jks" type="RSA" /> </SSLHostConfig>--> </Connector>
注意:
若是是tomcat8.0,因爲tomcat8.0的server.xml和tomcat8.5的不一樣,tomcat8.0的server.xml文件應該這樣改動:this
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/usr/local/tomcat/conf/server.keystore" keystorePass="123456" />
三、更改8443端口爲4433d
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> 改成: <Connector port="8009" protocol="AJP/1.3" redirectPort="443" />