tomcat中使用https提供服務,配置的方式有兩種。生成或購買CA證書時會要求綁定域名、設置密碼和證書別名(aliase).
tomcat可用的證書列表里用三個文件:
方式一:
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="/home/***/localhost/localhost.keystore" keystorePass="123456">
</Connector>
方式二:
<Connector port="443" protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150" SSLEnabled="true" >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
certificateFile="conf/localhost-rsa-cert.pem"
certificateChainFile="conf/localhost-rsa-chain.pem"
type="RSA" />
</SSLHostConfig>
</Connector>
方式二是tomcat8中默認提供的示例,可以配置使用Arp/Nio/Bio類型的通信協議,證書中主要使用*.keystore和*.jks。
--end