windows环境
-
下载安装native.dll 下载地址:http://tomcat.apache.org/download-native.cgi
tomcat-native-1.1.33-win32-bin.zip包中包含了32位系统、64位系统以及(x64)两个tcnative-1.dll文件。我们只需要将对应CPU类型的文件拷贝到tomcat bin目录下即可完成APR安装(除此之外,发布包还包含一个绿色版的openssl.exe文件)。 -
修改service.xml使用tomcat以apr方式运行
<Connector connectionTimeout="20000" port="8080" protocol="org.apache.coyote.http11.Http11AprProtocol" redirectPort="8443"/>
-
重启tomcat
-
使用JDK自带keytool工具
进入JDK /bin目录下keytool -genkeypair -alias "tomcat" -keyalg "RSA" -keystore "E:\tomcat.jks" keytool -export -alias "tomcat" -keystore "tomcat.jks" -storepass 123456 -file "E:\tomcat.cer" keytool -importkeystore -srckeystore "tomcat.jks" -destkeystore “E:\outtomcat.p12” -deststoretype PKCS12
打开openSSL终端
OpenSSL> pkcs12 -in "E:\outtomcat.p12" -out "E:\outfinaltest.pem" -nodes
-
修改service.xml
将生成cer,pem文件路径加入配置<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" SSLCertificateFile="E:\tomcat.cer" SSLCertificateKeyFile="E:\outfinaltest.pem"/>
-
重启tomcat,模式变为apr,https://ip:8443可访问
linux环境
-
安装包
cd /usr/local/src wget https://mirrors.cnnic.cn/apache/apr/apr-1.6.5.tar.gz tar xf apr-1.6.5.tar.gz cd apr-1.6.5/ ./configure --prefix=/usr/local/apr make && make install cd /usr/local/src wget https://mirrors.cnnic.cn/apache/apr/apr-iconv-1.2.2.tar.gz tar xf apr-iconv-1.2.2.tar.gz cd apr-iconv-1.2.2/ ./configure --with-apr=/usr/local/apr --prefix=/usr/local/apr-iconv make && make install cd /usr/local/src wget https://mirrors.cnnic.cn/apache/apr/apr-util-1.6.1.tar.gz tar xf apr-util-1.6.1.tar.gz cd apr-util-1.6.1/ ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr --with-apr-iconv=/usr/local/apr-iconv/bin/apriconv make && make install cd /usr/local/tomcat/bin/(已安装TOMCAT用你的路径) tar xf tomcat-native.tar.gz cd /usr/local/tomcat/bin/tomcat-native-1.2.16-src/native ./configure --with-apr=/usr/local/apr --with-java-home=/java/jdk1.8.0_191 make && make install echo 'export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/apr/lib export LD_RUN_PATH=$LD_RUN_PATH:/usr/local/apr/lib' >> /etc/profile source /etc/profile
-
修改service.xml,复制windows生成的密钥证书文件到LINUX上
<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" SSLCertificateFile="/tomcat/tomcat.cer" SSLCertificateKeyFile="/tomcat/outfinaltest.pem"/>
重新运行tomcat