linux tomcat methods for configuring https

Create keystore.

[root@centos apache-tomcat-6.0.37]# keytool -genkey -alias tomcat -keyalg RSA -keystore /root/tomcat/apache-tomcat-6.0.37/conf/.keystore
 The input keystore Password:  
 Enter the new password again :
 What's your first and last name? 
 [Unknown] :  free4lab
 What is the name of your organization? 
 [Unknown] :  free4lab
 What is the name of your organization? 
 [Unknown] :  free4lab
 What is the name of your city or area? 
 [Unknown] :  beijing
 What is the name of your state or province? 
 [Unknown] :  beijing
 What is the two-letter country code for this unit 
 [Unknown] :  CN
CN=free4lab, OU=free4lab, O=free4lab, L=beijing, ST=beijing, C=CN  Right? 
 [ no ] :  y
 The input <tomcat> The master password 
   (if and  keystore  The same password, press Enter) :  
[root@centos apache-tomcat-6.0.37]# cat conf/.keystore

Then modify the tomcat configuration file server.xml

<Connector port="8443" SSLEnabled="true"
        maxThreads="150" scheme="https" secure="true" protocol="org.apache.coyote.http11.Http11Protocol"
        clientAuth="false" keystoreFile="P:\servers\apache-tomcat-8.0.36_2\conf\.keystore" keystorePass="wewell" sslProtocol="TLS" />

In this way, the browser access is relatively secure, the browser and the server perform asymmetric encryption handshake, then negotiate the key for symmetric encryption, and then perform relatively fast symmetric encryption transmission.

The instant ciphertext is intercepted in the network transmission because the symmetric key cannot be obtained, so http api is safe!

conclusion