搜索到
1
篇与
的结果
-
tomcat自签证书以及http跳转https 0x1 自签证书生成 使用java的命令: keytool -genkey -alias webgis -keyalg RSA -keypass gisplatform -storepass gisplatform -keysize 2048 -keystore webgis.keystore -validity 7300 keytool -export -alias webgis -storepass gisplatform -file webgis.cer -keystore webgis.keystore keytool -import -trustcacerts -alias webgis -storepass gisplatform -file webgis.cer -keystore cacerts server.xml 配置证书 keystoreFile="D:\apache-tomcat-8.5.15\bin\webgis.keystore" keystorePass="gisplatform" truststoreFile="D:\apache-tomcat-8.5.15\bin\cacerts" server.xml 配置tls版本以及加密套件,其中useServerCipherSuitesOrder="true"很重要,要优先使用服务端的顺序 <Connector port="8443" protocol="user.Http11Protocol" SSLEnabled="true" sslEnabledProtocols="TLSv1,TLSv1.2" useServerCipherSuitesOrder="true" ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA" scheme="https" secure="true" clientAuth="false" connectionTimeout="20000" redirectPort="8443" URIEncoding="UTF-8" keystoreFile="keystore.jks" keystorePass="password" /> 0x2 http跳转https tomcat默认配置了https是会共存http的,所以需要修改配置,使得访问http的时候自动跳转到https页面,修改web.xml <security-constraint> <web-resource-collection> <web-resource-name>SSL</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
