centos7.6 +tomcat8.5 配置https

1、使用jdk自带的工具生成keystore证书：

打开命令行，输入以下命令：

keytool -genkey -v -alias tomcat -keyalg RSA -keystore /root/tomcat.keystore -validity 36500

tomcat 为别名；/root/tomcat.keystore 为证书生成后保存的路径；36500 表示有效期100年；

[[email protected] ~]# keytool -genkey -v -alias tomcat -keyalg RSA -keystore /root/tomcat.keystore -validity 36500
Enter keystore password:  ##密码自己输入
Re-enter new password: 
What is your first and last name?
  [Unknown]:  wjs ##名字 随意写
What is the name of your organizational unit?
  [Unknown]:  xlkh ##单位
What is the name of your organization?
  [Unknown]:  xlkh ##组织
What is the name of your City or Locality?
  [Unknown]:  beijing ##城市
What is the name of your State or Province?
  [Unknown]:  beijing ##省份
What is the two-letter country code for this unit?
  [Unknown]:  cn
Is CN=wjs, OU=xlkh, O=xlkh, L=beijing, ST=beijing, C=cn correct?
  [no]:  y #y确认n重来

Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 36,500 days
	for: CN=wjs, OU=xlkh, O=xlkh, L=beijing, ST=beijing, C=cn
Enter key password for <tomcat>
	(RETURN if same as keystore password):  
Re-enter new password: 
[Storing /root/tomcat.keystore]

Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /root/tomcat.keystore -destkeystore /root/tomcat.keystore -deststoretype pkcs12".

我是测试的直接放在root目录下，如图生成的keystore文件：

2、修改tomcat配置文件server.xml

使用vim打开server.xml

[[email protected] ~]# vim /home/tomcat/apache-tomcat-8.5.8/conf/server.xml 

//这个8080的可注释可不注释，不注释http也可访问 ，本文不注释
 <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />

//修改这个地方，把注释放开；
//修改port=“443”，这是https默认访问端口，访问可不加端口；
//加上这两个，证书路径和密码 keystoreFile="/root/tomcat.keystore"  keystorePass="123456"

 <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
         This connector uses the NIO implementation with the JSSE engine. When
         using the JSSE engine, the JSSE configuration attributes must be used.
    -->

    <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" keystoreFile="/root/tomcat.keystore" keystorePass="123456" >
    <!--    <SSLHostConfig>
            <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
                         type="RSA" />
        </SSLHostConfig>
    -->
    </Connector>

保存退出，重启tomcat,浏览器输入url

至此说明已经配置成功。

如果有同学依旧不能访问，查看一下是否防火墙在开着

输入如下命令，查看防火墙状态

[[email protected] ~]# systemctl status firewalld.service

输入如下命令，关闭防火墙

[[email protected] ~]# systemctl stop firewalld.service

再次查看防火墙状态 # systemctl status firewalld.service