tomcat configures ssl certificate to realize https access to website

I. Application Certificate

The application process is brief.
fileauth.txt,.jks secret key file and secret key password

Two, configuration

  1. Engineering code
    (1) Upload certificate files, file location:
    WebRoot/.well-known/pki-validation/fileauth.txt
    (2) Add the following code to web.xml:
<security-constraint>
	<web-resource-collection>
		<web-resource-name>SSL</web-resource-name>
		<url-pattern>/*</url-pattern>
	</web-resource-collection>
	<user-data-constraint>
		<transport-guarantee>CONFIDENTIAL</transport-guarantee>
	</user-data-constraint>
</security-constraint>

Note:

Set TRANSPORT-GUARANTEE=CONFIDENTIAL to protect sensitive resources
In order to protect sensitive data in Web applications, prevent illegal access to resources and ensure the security of transmission, Java Servlet
2.2 Specification defines Security-Constraint components, which are used to specify security constraints for one or more Web resource sets; User-Data-Constraint components are subclasses of security constraints components that specify how data transferred between clients and containers is protected.

User data constraint component also includes Transport-Guarantee component, which stipulates that the communication between client and server must be one of the following three modes: NONE, INTEGRAL and CONFIDENTIAL. NONE denotes that the specified Web resource does not require any transmission guarantee; Integral denotes that the data transmitted between the client and the server will not be tampered with during transmission; and Confidential denotes that the data is encrypted during transmission. In most cases, INTEGRAL or CONFIDENTIAL is implemented using SSL.

This paper is to verify through experiments that when transport-guarantee=CONFIDENTIAL is set up, the original protected resources will automatically be transferred from HTTP protocol to HTTPS protocol.

  1. tomcat
    (1) Place the applied. jks key file in the conf directory of tomcat.

    (2) Modify the file: conf/server.xml (see modify annotation for the location of the change)

    <Connector port="8080" protocol="HTTP/1.1" 
               connectionTimeout="20000" 
               redirectPort="443" /><!--modify:Change to jump to port 443 -->
    <!-- A "Connector" using the shared thread pool-->
    <!--
    <Connector executor="tomcatThreadPool"
               port="8080" protocol="HTTP/1.1" 
               connectionTimeout="20000" 
               redirectPort="8443" />
    -->           
    <!-- Define a SSL HTTP/1.1 Connector on port 8443
         This connector uses the JSSE configuration, when using APR, the 
         connector should be using the OpenSSL style configuration
         described in the APR documentation -->
    <!--modify:This default is commented out, let go. 
    Port: Port, https The default port number is 443. http The default port number is 80
    SSLEnabled: open ssl
     keystoreFile: Secret key file path;
    keystorePass: Password entered when creating a secret key file-->
    <Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" 
               keystoreFile="conf/AAAA.jks" 
               keystorePass="123456"/>
    

    <!-- Define an AJP 1.3 Connector on port 8009 -->
    <!--modify:Change to jump to port 443 -->
    <Connector port="8009" protocol="AJP/1.3" redirectPort="443" />

(3) Restart tomcat

Three, effect


Using http access, jump to the https path by default.

Reference:
https://www.cnblogs.com/xuegqcto/p/9116712.html
https://www.trustasia.com/news-201801-tomcat-deployment
https://www.cnblogs.com/blog5277/p/7524067.html
https://blog.csdn.net/baidu_18607183/article/details/51611720

Keywords: SSL Tomcat xml Java

Added by louie on Sat, 18 May 2019 00:09:16 +0300