Tomcat9 configure https link

Tomcat version: apache-tomcat-9.0.27
jdk version: 1.8.0_
Browser: Firefox

1. Generate certificate

https protocol requires certificates. During development, we can use the keytool tool provided by jdk to generate a certificate for testing;

First, make sure there is a jdk environment in the local area. You can use java version to view it. Then run the following code, and fill in the last name or whatever

keytool -genkeypair -alias testKey -keyalg RSA -storepass 123456 -keyalg RSA -keysize 2048 -validity 3650 -keystore ./testKey.jks
<!--
-alias testKey: Name of certificate item, required
-keyalg RSA: Certificate signing algorithm, tomcat proposal RSA
-storepass 123456: Keystore password, which is to be generated later test.keystore The access password of
-validity 3650: Certificate valid for 3650 days, i.e. 10 years
-keystore ./testKey.jks: The location of the file to be generated,./test.keystore Indicates that it is stored in the current directory
-->

Then we can see that there is a prompt message and run the code in the prompt message

keytool -importkeystore -srckeystore ./testKey.jks -destkeystore ./testKey.jks -deststoretype pkcs12

You can see that the certificate "testKey.jks" has been successfully generated

2. Configure https connector

2.1 copy the generated testKey.jks keystore file to the conf directory of the Tomcat server

2.2 modify the server.xml file and configure the https connector

<!-- Annotate http Connector -->
<!--
<Connector port="8080" protocol="HTTP/1.1"
                     connectionTimeout="20000"
                     redirectPort="8443" />
-->
<!-- release https Connector -->
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
                     maxThreads="150" SSLEnabled="true">
        <SSLHostConfig>
                <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
                                         type="RSA" />
        </SSLHostConfig>
</Connector>

Modify the port number of the https connector, the path of the secret key library file, and the password to configure the secret key (that is, the password set when generating the secret key file)

<Connector port="8080" protocol="org.apache.coyote.http11.Http11NioProtocol"
                     maxThreads="150" SSLEnabled="true">
        <SSLHostConfig>
                <Certificate certificateKeystoreFile="conf/testKey.jks"
                     type="RSA" certificateKeystorePassword="123456" />
        </SSLHostConfig>
</Connector>

3. test

Using http access, we can see that the access is not successful and the error message is returned

Use https to access, because we are the self generated certificate, so the browser gives a prompt message,

We can ignore it and click Advanced - > accept the risk to continue

You can see that we successfully visited the page through https

Tags: Windows Tomcat Apache JDK Firefox

Posted on Wed, 18 Mar 2020 13:01:24 -0400 by kippy