原理

HTTPS = HTTP + SSL

生成证书

1
2
3
4
5
6
keytool -genkey -alias tomcat -keyalg RSA -keystore ./server.keystore
//输入密钥库口令:123456
// key-alias  tomcat
// key-store  server.keystore
// key-store-type: JKS
// key-store-password: 123456

配置

conf/server.xml

1
2
3
4
5
6
7
8
9
10
11
<Connector port="80" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="443" />

<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
           maxThreads="150" SSLEnabled="true">
  <SSLHostConfig>
    <Certificate certificateKeystoreFile="d:\Tomcat9\tomcat.keystore"
                 certificateKeystorePassword="123456"  type="RSA" />
  </SSLHostConfig>
</Connector>

http 自动跳转 https

web.xml 下面添加:

1
2
3
4
5
6
7
8
9
10
11
12
13
  </welcome-file-list>

  <security-constraint>
      <web-resource-collection >
                <web-resource-name >SSL</web-resource-name>
                <url-pattern>/*</url-pattern>
         </web-resource-collection>
         <user-data-constraint>
               <transport-guarantee>CONFIDENTIAL</transport-guarantee>
         </user-data-constraint>
  </security-constraint>

</web-app>