Tomcat (8.5/9) 环境安装ssl证书步骤
进入Tomcat安装目录,把证书的jks格式文件放在tomcat安装目录即可。
conf/ssl/hualay.net.jks
第二步: 打开tomcat配置文件 conf/server.xml
tomcat默认一般是8080端口或者 80端口,先找到这一段。
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
在这段下面插入下面配置:
<Connector port="443"
protocol="org.apache.coyote.http11.Http11Nio2Protocol"
maxThreads="150"
SSLEnabled="true"
defaultSSLHostConfigName="hualay.net">
<SSLHostConfig hostName="hualay.net">
<Certificate certificateKeystoreFile="conf/ssl/hualay.net.jks"
certificateKeystorePassword="123456"
type="RSA" />
</SSLHostConfig>
</Connector>
使用Apache证书安装SSL
<Connector port="443"
protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150"
SSLEnabled="true"
defaultSSLHostConfigName="hualay.net">
<SSLHostConfig hostName="hualay.net">
<Certificate certificateFile="conf/ssl/hualay.net.crt"
certificateKeyFile="conf/ssl/hualay.net.key"
certificateChainFile="conf/ssl/hualay.net-ca-bundle.crt"
type="RSA" />
</SSLHostConfig>
</Connector>
Tomcat 8.5 以上版本支持 SNI(同IP可以安装多个证书),至少 jre7 以上版本
多个站点复制 SSLHostConfig
protocol 可选:
org.apache.coyote.http11.Http11NioProtocol - non blocking Java NIO connector
org.apache.coyote.http11.Http11Nio2Protocol - non blocking Java NIO2 connector
org.apache.coyote.http11.Http11AprProtocol - the APR/native connector.