相关tomcat+nginx登录页https访问证书问题-问答-阿里云开发者社区-阿里云

使用OpenSSL工具生成自签名证书后在本机Tomcat配置，发布程序访问https，浏览器提示证书错误，将附件中的boot.cer根证书安装到本机再次访问，浏览器正常，但使用其他机器访问，浏览器报证书错误，求解决方法。具体证书生成请参考页面：http://www.ert7.com/install/sslinstall/1244.html

web.xml配置：

<!-- 登录页采用https访问 -->
 <security-constraint>
  <web-resource-collection>
   <web-resource-name>SSL</web-resource-name>
   <url-pattern>/index/*</url-pattern>
  </web-resource-collection>
  <user-data-constraint>
   <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
 </security-constraint>

Tomcat server.xml配置:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
        SSLEnabled="true" maxThreads="150"
        scheme="https" secure="true" disableUploadTimeout="true"
        enableLookups="false" acceptCount="100" clientAuth="false"
        SSLCertificateFile="../conf/server.cer"
        SSLCertificateKeyFile="../conf/server.key"
        SSLCertificateChainFile="../conf/intermediate1.cer"
        SSLVerifyClient="none" sslProtocol="TLS" />

nginx.conf配置：

#user  nobody;
worker_processes  1;
  
#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;
  
#pid        logs/nginx.pid;
  
 
events {
    worker_connections  1024;
}
  
 
http {
    include       mime.types;
    default_type  application/octet-stream;
  
    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';
  
    #access_log  logs/access.log  main;
  
    sendfile        on;
    #tcp_nopush     on;
  
    #keepalive_timeout  0;
    keepalive_timeout  65;
  
    #gzip  on;
  
    server {
        listen       80;
        server_name  localhost:8080;
  
        #charset koi8-r;
  
        #access_log  logs/host.access.log  main;
  
        location / {
            root   yddweb;
            #index  index.html index.htm;
     proxy_pass http://localhost:8080;
     proxy_set_header Host $host:80;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Via "nginx";
        }
  
        #error_page  404              /404.html;
  
        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
 
    # HTTPS server
    server {
        listen       443;
        #server_name  localhost:443;
  
        ssl                  on;
        ssl_certificate      server.cer;
        ssl_certificate_key  server.key;
  
        ssl_session_timeout  5m;
  
        #ssl_protocols  SSLv2 SSLv3 TLSv1;
        #ssl_ciphers  HIGH:!aNULL:!MD5;
        #ssl_prefer_server_ciphers   on;
  
        location / {
            root   yddweb;
            #index  index.html index.htm;
     proxy_pass https://localhost:8443;
     proxy_set_header Host $host:443;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Via "nginx";
        }
    }
}