Web server configuration https

How to convert a web cluster from HTTP to HTTPS

To convert a web cluster from HTTP to HTTPS, you will need to complete the following steps:

Get an SSL certificate: First, you will need to obtain an SSL certificate for your domain name.

Install the SSL certificate: Install the SSL certificate on your web server. The exact installation steps may vary depending on the server software you are using. The following provides general steps:

Upload the SSL certificate file (usually a .crt file) and the private key file (usually a .key file) to a secure directory on your server.

Open the server configuration file and find the section related to HTTP listening. Typically, this is in the web server’s configuration file (such as httpd.conf for Apache or nginx.conf for Nginx).

In that section, find the configuration that listens on port 80 (HTTP) and change it to listen on port 443 (HTTPS). Make sure the SSL module is enabled on your server.

Add a configuration entry to specify the path to the SSL certificate and private key. An example is as follows:




Save the configuration file and restart the web server for the changes to take effect.

Configuring redirection: to ensure that all HTTP requests are redirected to HTTPS, you can configure a redirection rule. This will ensure that HTTPS is automatically used when users visit your site. Here are some common redirection methods:

Use server-level redirection: In the server configuration file, find the section for HTTP listening and add the following redirection rule:




RewriteRule^(. *)$https://%{HTTP_HOST}%{REQUEST_URI}[L,R=301]

Using application-level redirection: If you’re using an application framework (e.g. Django, RubyonRails, etc.), you can add a redirection rule to your application code. The exact method depends on the framework and language you are using.

How to carry out the construction of https website

How to carry out the construction of https website? Now we use the website is almost all https website, website optimization ranking, the better, the more attracted to the viewer to reach our desired goal, Baidu has publicly stated that the Https website can achieve complete inclusion, and will be put together and other ordinary website ranking, for you to introduce how to carry out the construction of https website.

https website and the traditional http website the main difference encounter security aspects, https on the site data, spread on the Internet with dynamic encryption characteristics, so the security is higher, and http website does not have this function, so from the point of view of security, https website will inevitably become the trend.

Some years ago, Baidu was not able to include the content of the https site, a very important reason is that its algorithm is not a high level of intelligence due to the development of many years, however, now Baidu is fully able to identify the encrypted https site on the content, so it will be the content of the ordinary site and the comparative analysis of the content has become possible. And this point on the https website for SEO optimization to lay an important foundation.

So what type of website is appropriate to use the https protocol to build? After all, such a site needs to involve advanced encryption technology, so the cost of building a site will be relatively high, if not on the security of the site has special requirements of the best or use the ordinary http protocol to build a site, the following to analyze which sites are suitable for the use of the https protocol for the construction of the site, and to allow enterprises to obtain the power of sustained development.

Various types of e-commerce and enterprise e-mail sites. The data in these websites is extremely important, especially the user’s registration data, if the leakage tends to bring huge losses to the user, and the corresponding will make these e-commerce websites and enterprise mailboxes website suffered a brand crisis, by the user that the security of this website is not high, then the user will be very difficult to consume in this kind of website, and also very difficult to register in the enterprise mailboxes website enterprise mailboxes, and even spend a certain amount of money to buy the enterprise mailboxes. A certain amount of money to buy enterprise mailboxes.

How to build a https website? From the above article, we can see that for the stronger economic strength of the e-commerce site, it is necessary to introduce the https protocol to build the site, and for the enterprise mailbox, the same is true, so the e-commerce site to carry out the construction of the https site can be based on the contents of the introduction of the above to operate.

The construction of the website website httpshttp

How to access webservice via HTTPS

webservice is often used in enterprise applications as a way to interface between different systems. But without any security mechanism, it is obviously difficult to be entrusted with this task. A straightforward way to encrypt webservice is to use HTTPS (SSL certificate encryption) to encrypt the connection and only allow clients with trusted certificates to connect, i.e. SSL two-way authentication. This ensures that the source of the connection is trusted and that the data is not stolen or tampered with during transmission. HTTPS encrypted access to webservice specific methods are as follows:


(1) Check whether the JDK environment variables are correct. This article uses JDK1.6

(2) Prepare for the web server, where the choice of TOMCAT6.0

(3) Prepare webservice server and client.

[Generate a certificate]

The files used here are stored in the D:/SSL/ folder, where the files in D:/SSL/server/server/ are to be given to the server, and the files in D:/SSL/client/ are to be given to the client.

1 Generate server-side certificates

Start-Run-CMD-execute the command in a dos window:

keytool-genkey-v-aliastomcat-keyalgRSA-keystoreD:/SSL/server/tomcat. dname “CN=,OU=zlj,O=zlj,L=Peking,ST=Peking,C=CN”-validity3650-storepasszljzlj-keypasszljzlj


keytool is a JDK-provided See keytool-help

-genkey to create a new certificate

-v details

-aliastomcat to use “tomcat” as the certificate’s alias. This can be changed as needed

-keyalgRSA specified algorithm

-keystoreD:/SSL/server/tomcat.keystore save path and filename

-dname “CN=,OU=zlj,O=zlj,L= Peking,ST=Peking,C=CN” certificate issuer identity, here the CN should be consistent with the domain name of the access after the release. However, since this is a self-signed certificate, there will still be a warning prompt if accessed in the browser. In real scenarios, it is recommended to apply for an SSL certificate issued by a CA organization (wosign) to be more secure.

-validity3650 Certificate validity in days

-storepasszljzlj certificate access password

-keypasszljzlj certificate private key

2 Generate client certificate

Execute the command:

keytool -genkey-v-aliasclient-keyalgRSA-storetypePKCS12-keystoreD. /SSL/client/client.p12-dname “CN=client,OU=zlj,O=zlj,L=bj,ST=bj,C=CN”-validity3650- storepassclient-keypassclient


Parameter description as above. The -dname certificate issuer identity here can be different from the previous one, and so far the 2 certificates can have nothing to do with each other. It’s the work to be done below that establishes the trust relationship between the 2.

3 Export the client certificate

Execute the command:

keytool-export-aliasclient-keystoreD:/SSL/client/client.p12 -storetypePKCS12-storepassclient-rfc-fileD:/SSL/client/client.cer

Description. -export performs an export

-file file path to the exported file

4 Add the client certificate to the server-side certificate trust list

Execute the command:

keytool-import-aliasclient -v-fileD:/SSL/client/client.cer-keystoreD:/SSL/server/tomcat.keystore- storepasszljzl


Parameter description as before. The password provided here is the access password for the server-side certificate.

5 Export the server-side certificate

Execute the command:

keytool-export-aliastomcat-keystoreD:/SSL/server/tomcat.keystore-storepasszljzlj-rfc-fileD:/SSL/ server/tomcat.cer


Export the server-side certificate. The password provided here is also the password for the server-side certificate.

6 Generating a client-side trust list

Execute the command:

keytool-import-fileD:/SSL/server/tomcat.cer-storepasszljzlj-keystoreD:/SSL/client/client. truststore-aliastomcat-noprompt


Let the client trust the server certificate

[Configure the server to only allow HTTPS connections]

1 Configure the /conf/server. xml

Xml code:

<Connectorport=”8443″ protocol=”HTTP/1.1″ SSLEnabled=”true”

maxThreads=”150 “scheme=”https “secure=” true “clientAuth=”true”

sslProtocol=”TLS “keystoreFile=”D:/SSL/server/tomcat.keystore”

keystorePass=”zljzlj” truststoreFile=”D:/SSL/server/tomcat.keystore”



This section of the server.xml was originally commented out if you wanted to use the If you want to use the default port 443 of https, please modify the port parameter here. where clientAuth=”true” specifies two-way certificate authentication.