Tomcat SSL/TLS Configuration

最新推荐文章于 2024-07-17 18:07:49 发布

ix_fly

最新推荐文章于 2024-07-17 18:07:49 发布

阅读量855

点赞数 1

文章标签： tomcat ssl firefox

本文链接：https://blog.csdn.net/ix_fly/article/details/53761365

版权

@see https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html

//1:use jdk keytool
A:Generate Keystore    
01:============================
C:\Users\User>keytool -genkey -alias tomcat -keyalg RSA -keystore d:/ks/tomcatKeyStore
//也可参考:keytool -genkeypair -alias "tomcat" -keyalg "RSA" -keystore "d:/ks/tomcatKeyStore"
Enter keystore password:123456
Re-enter new password:123456
What is your first and last name?
  [Unknown]:  name
What is the name of your organizational unit?
  [Unknown]:  org
What is the name of your organization?
  [Unknown]:  org
What is the name of your City or Locality?
  [Unknown]:  sh
What is the name of your State or Province?
  [Unknown]:  sh
What is the two-letter country code for this unit?
  [Unknown]:  86
Is CN=name, OU=org, O=org, L=sh, ST=sh, C=86 correct?
  [no]:  yes

Enter key password for <tomcat>
    (RETURN if same as keystore password):123456
Re-enter new password:123456

02:============================
C:\Users\User>keytool -list -keystore d:/ks/tomcatKeyStore
Enter keystore password:123456

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

tomcat, Dec 20, 2016, PrivateKeyEntry,
Certificate fingerprint (SHA1): 55:50:64:83:59:6F:71:70:C2:71:5F:0A:56:BF:E0:36:
41:45:3E:44

B:Connector in tomcat/config/server.xml
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
    maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
    clientAuth="false" sslProtocol="TLS" keystorePass="123456"
    keystoreFile="d:/ks/tomcatKeyStore">
    
    <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"/>
    <SSLHostConfig honorCipherOrder="false">
    <Certificate certificateKeyFile="conf/ca.key"
        certificateFile="conf/ca.crt" />
    </SSLHostConfig>

</Connector>

keystorePass
keystoreFile
truststoreFile
truststorePass
SSLCertificateFile="conf/server.cer"
SSLCertificateKeyFile="conf/server.key"
SSLCertificateChainFile="conf/intermediate.cer"


https://localhost:8443/
若抛异常:Connector attribute SSLCertificateFile must be defined when using SSL with APR
Tomcat提供两个ssl实现:jsse实现(tomcat7默认)和apr实现(tomcat6默认),Tomcat将自动选择实现,
若安装apr则自动选择apr,否则选择jsse,也可禁用tomcat自动选择,那我们指定protocol即可

C:add in web.xml
/*:整个应用都要求是https访问,CONFIDENTIAL修改为NONE,则取消ssl支持*/
<security-constraint>
    <web-resource-collection>
        <web-resource-name>HttpsOnly</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>
    
<security-constraint>
    <web-resource-collection>
        <web-resource-name>HttpOrHttps</web-resource-name>
        <url-pattern>*.ico</url-pattern>
        <url-pattern>/img/*</url-pattern>
        <url-pattern>/css/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
</security-constraint>

ix_fly

关注

1
点赞
踩
0

收藏

觉得还不错? 一键收藏
1
评论
Tomcat SSL/TLS Configuration

@see https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html//1:use jdk keytoolA:Generate Keystore 01:============================C:\Users\User>keytool -genkey -alias tomcat -keyalg RSA -keyst
复制链接

扫一扫