The original article: > Java background development Tomcat adds https to support applet development process "> blog. ouyangsihai. cn >> Java background development Tomcat adds https to support applet development process
)
1 To apply for a certificate for your domain name
Note: If the domain name is not registered with Tencent, it will not pass automatically. It needs to be validated manually. The validation method is as follows: https://cloud.tencent.com/document/product/400/6814.
The certificate will be issued to you only after the verification is successful.
2 Install https certificate for Tomcat
Operation steps
Reference document: https://cloud.tencent.com/document/product/400/4143
Certificate installation
- Download and unzip the www.domain.com certificate file package to the local directory in the SSL Certificate Management Console.
After decompression, relevant types of certificate files can be obtained. It contains Tomcat folders and CSR files:- Folder name: Tomcat
-
Folder content:
- www.domain.com.jks keystore
- KeystorePass.txt password file (keystorePass.txt password file is not available if the private key password has been set)
- CSR file content: www.domain.com.csr file
> Description: > > CSR files are uploaded by you or generated online by the system when applying for certificates and are provided to CA institutions. This file can be ignored during installation.
- Log on to the Tomcat server using "WinSCP" (the copy file tool between local and remote computers).
- Copy the obtained www.domain.com.jks keystore file from the local directory to the / usr/*/conf directory.
- Log on to Tomcat server remotely. For example, use PuTTY Tool Sign in.
- Edit the server.xml file in the / usr/*/conf directory. Add the following:
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" keystoreFile="/usr/*/conf/www.domain.com.jks" #Path of Certificate Preservation keystorePass="******"#Key Store Password clientAuth="false"/>
For details of the `server.xml'file, please refer to the following:
<?xml version="1.0" encoding="UTF-8"?> <Server port="8005" shutdown="SHUTDOWN"> <Listener className="org.apache.catalina.startup.VersionLoggerListener" /> <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /> <GlobalNamingResources> <Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" pathname="conf/tomcat-users.xml" /> </GlobalNamingResources> <Service name="Catalina"> <Connector port="80" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> <Connector port="443" protocol="HTTP/1.1" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" keystoreFile="/usr/*/conf/www.domain.com.jks" keystorePass="******" /> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> <Engine name="Catalina" defaultHost="www.domain.com"> <Realm className="org.apache.catalina.realm.LockOutRealm"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> </Realm> <Host name="www.domain.com" appBase="webapps" unpackWARs="true" autoDeploy="true" > <Context path="" docBase ="Knews" /> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log" suffix=".txt" pattern="%h %l %u %t "%r" %s %b" /> </Host> </Engine> </Service> </Server>
The main parameters of the configuration file are as follows: * ** keystore File **: Keystore files can be stored in absolute paths or relative paths to <CATALINA_HOME> (Tomcat installation directory) environment variables. If this is not set, by default Tomcat will read a file named ". keystore" from the user directory of the current operating system user. * ** keystore Pass**: Key store password, specify keystore password. If the private key password is set when applying for certificate, please fill in the private key password; if the private key password is not set when applying for certificate, please fill in the password of keystorePass.txt file in Tomcat folder. * clientAuth**: If set to true, Tomcat requires all SSL customers to present security certificates and authenticate them.
After that, restart Tomat and it's done!
If you like Wechat reading, you can also pay attention to my Wechat public number: learn java well, and get high quality learning resources.