1、證書格式轉換,在tomcat安裝目錄創建ssl目錄,並將阿里雲下載的證書全部拷貝該目錄中。(如果是系統創建的CSR,請直接到第2步)
[root@lb01 ~]# mkdir /server/tomcat-8080/ssl
[root@lb01 ~]# cd /server/tomcat-8080/ssl
[root@lb01 ~]# 上傳對應證書
[root@lb01 ssl]# unzip 1524377920931.zip
# 執行如下命令完成PFX格式轉換命令,此處要設置PFX證書密碼,請牢記
[root@lb01 ssl]# openssl pkcs12 -export -out 1524377920931.pfx -inkey 1524377920931.key -in 1524377920931.pem
2.修改tomcat安裝目錄中conf/server.xml
[root@lb01 ~]# vim /server/tomcat-8080/conf/server.xml
<!--1.修改Host name為nginx.bjstack.com -->
<Host name="tomcat.oldxu.com" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<!--2.修改redirectPort="8443"為redirectPort="443"-->
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
<!--3.增加如下內容-->
<Connector port="443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150"
SSLEnabled="true"
scheme="https"
secure="true"
keystoreFile="ssl/1524377920931.pfx"
keystoreType="PKCS12"
keystorePass="123456"
clientAuth="false"
SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"
ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"/>
3.重啟Tomcat服務
[root@lb01 ~]# /server/apache-tomcat-9.0.11/bin/shutdown.sh
[root@lb01 ~]# /server/apache-tomcat-9.0.11/bin/startup.sh
[root@lb01 ~]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 29331/java
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 29331/java
tcp 0 0 127.0.0.1:8005 0.0.0.0:* LISTEN 29331/java
tcp 0 0 0.0.0.0:8009 0.0.0.0:* LISTEN 29331/java
4.使用瀏覽器訪問https://IP可訪問, 如果是http://IP則會訪問失敗
