【Https(二】】实战 openssl 配置 tomcat

最新推荐文章于 2024-04-18 13:32:20 发布
最新推荐文章于 2024-04-18 13:32:20 发布
阅读量9.6k 收藏
点赞数
分类专栏: http 文章标签: https openssl tomcat
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/u010900754/article/details/105896007
版权

CA私钥

使用如下命令生成CA私钥:

openssl genrsa -out CaPriKey.pem

直接查看私钥文件:

-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA0iNHMj1XieO51g0qnjYKwk39PGxzzUUTZIn5dBbY5YaBZAQl
+M7QFASxsK9g42Xx7CWH0RlWQVa0CR6slISAzf2O2oMjaq2D0ejdTTSxiB1++xGA
Z1CpX9Kv+zbvYEjqaoo/5qrHbMEogoID1yBnAmyNMd3WEOtJuhN2yL+oqP5VDy5t
npsNzzCODE9ncXvuWKdGUqx2HK8ktFkNGJyWNmjRTZ3e323VJcvwCZ0RegiHalmr
/NDEAyQTzG1Z3kOegPiEuLFm8lNUDTOcId1Zqc4dQRIiLJFBXV9zs9kn4Tm5zV84
okIAPWoeUTLiqYBbCJkYRHnjaMkxlvtI7snaYwIDAQABAoIBABG0q0EObhvONlBU
16xw/UMV8ypuMOuw0Et+XKhtbGUaijh1KQXn1xx4sMgkXtOKOXIeT21M5zmmJpFG
JmB1Ma0pminLNua8LAk5x7vDntnLMnHRLbKG116dj/pozI6eVjIX5/51kUwWkmU8
szojHsrTfqoe+PR//rxQ+4c6ruleLYyYuQG6Xt6bZKMLqq3IqhDCYa3xqctGyvfn
JyQVRFWwMlb84GfXqdsvU8EtEdwzHspJeCnqhkhGYj+0SVQDMRHB/29zmceCeMuc
MgBgWh7Jq83p8vk5O3i1xQk55PXj9/aG4bqbAtvmHZ64c6XqmyQEiRpCG55M08V6
Vj+hrEECgYEA8CEWxdtL/UrbpsgvZc8pyOK7aA0ICOaK/0r9hdMIHNYZn/uilJcu
cotYSJu6nix+tvMqDjvnqA7jbwH5h3ydkrKp6voGCBVNPh0n+E3FkjYkITE6p6T2
pOK7Xb34giz4EcIQsbIqUZmSv5WJhdK8sZZ0gwIoMryrGS/258j7kRECgYEA4Aa+
Sqav7eMUUAT39s+xAYMRHxF4rMYbsn/KR8tDat4bFSvROTA62xmb2dh5cXt7ZZY8
NIt40OgTR4KpjTLNB/XZWN3Gev+wfbAF0Qyivk/5+Xwmb1lTvazuLky2izI4TGnv
SrGQnSqcbCOBMqJdnvCJCiRoOhCDP+MSTNfstDMCgYEAkK9fSVgZMUUplBSKeo2Y
X7I9uTQg4zwGBEzq9Pdyq+1VA1BbZayyD9JmH1m12Bh3QUTC0lDGBDz0TK6j6z7q
srl0KGD9wWEUaZinvLUfljmJC3beIKUE99SlkJYmZkkyL4D/DhKL7R7bjRRNCJUx
nM9K5KUoE2oardJ4srAm5AECgYBxYrhZbDhK/M3BGmKuZrw9+apmwR8Ew1gtZgRp
hfVfV375ni3M9h4z2qhJAAmnaEoyRnG+XoENqwhm/zj1oCqpxsL0+XqFsngPhVHM
Vsrf6/anUTDa1qlNrQL4KBeUKBzagBt/AJQjF/gHu4ieqhMcaL3Thk3CZa0oXrNa
dUb2hQKBgQChKLT9dCK3AxYANg31/9j0e/ZOUtE6LxozoSb9zVRxQMx2+Ym/kbKt
xlIFI214xWcVHFoHJ+MCcN4EdjUcYkNsxRu5q5OzqgCfRbgp4cl2e3l9GkPwD90j
TyR5rslxBNYNQ+EW7oaaAqPSSgbCHpl5a9Hk7jhQmZcot0Or6cEOIA==
-----END RSA PRIVATE KEY-----

openssl生成的相关文件均以pem格式存储,pem仅仅是一种文件格式,以特定的标记开头和结尾。

可以使用如下命令输出私钥明文:

openssl rsa -in CaPriKey.pem -text

明文:

Private-Key: (2048 bit)
modulus:
    00:d2:23:47:32:3d:57:89:e3:b9:d6:0d:2a:9e:36:
    0a:c2:4d:fd:3c:6c:73:cd:45:13:64:89:f9:74:16:
    d8:e5:86:81:64:04:25:f8:ce:d0:14:04:b1:b0:af:
    60:e3:65:f1:ec:25:87:d1:19:56:41:56:b4:09:1e:
    ac:94:84:80:cd:fd:8e:da:83:23:6a:ad:83:d1:e8:
    dd:4d:34:b1:88:1d:7e:fb:11:80:67:50:a9:5f:d2:
    af:fb:36:ef:60:48:ea:6a:8a:3f:e6:aa:c7:6c:c1:
    28:82:82:03:d7:20:67:02:6c:8d:31:dd:d6:10:eb:
    49:ba:13:76:c8:bf:a8:a8:fe:55:0f:2e:6d:9e:9b:
    0d:cf:30:8e:0c:4f:67:71:7b:ee:58:a7:46:52:ac:
    76:1c:af:24:b4:59:0d:18:9c:96:36:68:d1:4d:9d:
    de:df:6d:d5:25:cb:f0:09:9d:11:7a:08:87:6a:59:
    ab:fc:d0:c4:03:24:13:cc:6d:59:de:43:9e:80:f8:
    84:b8:b1:66:f2:53:54:0d:33:9c:21:dd:59:a9:ce:
    1d:41:12:22:2c:91:41:5d:5f:73:b3:d9:27:e1:39:
    b9:cd:5f:38:a2:42:00:3d:6a:1e:51:32:e2:a9:80:
    5b:08:99:18:44:79:e3:68:c9:31:96:fb:48:ee:c9:
    da:63
publicExponent: 65537 (0x10001)
privateExponent:
    11:b4:ab:41:0e:6e:1b:ce:36:50:54:d7:ac:70:fd:
    43:15:f3:2a:6e:30:eb:b0:d0:4b:7e:5c:a8:6d:6c:
    65:1a:8a:38:75:29:05:e7:d7:1c:78:b0:c8:24:5e:
    d3:8a:39:72:1e:4f:6d:4c:e7:39:a6:26:91:46:26:
    60:75:31:ad:29:9a:29:cb:36:e6:bc:2c:09:39:c7:
    bb:c3:9e:d9:cb:32:71:d1:2d:b2:86:d7:5e:9d:8f:
    fa:68:cc:8e:9e:56:32:17:e7:fe:75:91:4c:16:92:
    65:3c:b3:3a:23:1e:ca:d3:7e:aa:1e:f8:f4:7f:fe:
    bc:50:fb:87:3a:ae:e9:5e:2d:8c:98:b9:01:ba:5e:
    de:9b:64:a3:0b:aa:ad:c8:aa:10:c2:61:ad:f1:a9:
    cb:46:ca:f7:e7:27:24:15:44:55:b0:32:56:fc:e0:
    67:d7:a9:db:2f:53:c1:2d:11:dc:33:1e:ca:49:78:
    29:ea:86:48:46:62:3f:b4:49:54:03:31:11:c1:ff:
    6f:73:99:c7:82:78:cb:9c:32:00:60:5a:1e:c9:ab:
    cd:e9:f2:f9:39:3b:78:b5:c5:09:39:e4:f5:e3:f7:
    f6:86:e1:ba:9b:02:db:e6:1d:9e:b8:73:a5:ea:9b:
    24:04:89:1a:42:1b:9e:4c:d3:c5:7a:56:3f:a1:ac:
    41
prime1:
    00:f0:21:16:c5:db:4b:fd:4a:db:a6:c8:2f:65:cf:
    29:c8:e2:bb:68:0d:08:08:e6:8a:ff:4a:fd:85:d3:
    08:1c:d6:19:9f:fb:a2:94:97:2e:72:8b:58:48:9b:
    ba:9e:2c:7e:b6:f3:2a:0e:3b:e7:a8:0e:e3:6f:01:
    f9:87:7c:9d:92:b2:a9:ea:fa:06:08:15:4d:3e:1d:
    27:f8:4d:c5:92:36:24:21:31:3a:a7:a4:f6:a4:e2:
    bb:5d:bd:f8:82:2c:f8:11:c2:10:b1:b2:2a:51:99:
    92:bf:95:89:85:d2:bc:b1:96:74:83:02:28:32:bc:
    ab:19:2f:f6:e7:c8:fb:91:11
prime2:
    00:e0:06:be:4a:a6:af:ed:e3:14:50:04:f7:f6:cf:
    b1:01:83:11:1f:11:78:ac:c6:1b:b2:7f:ca:47:cb:
    43:6a:de:1b:15:2b:d1:39:30:3a:db:19:9b:d9:d8:
    79:71:7b:7b:65:96:3c:34:8b:78:d0:e8:13:47:82:
    a9:8d:32:cd:07:f5:d9:58:dd:c6:7a:ff:b0:7d:b0:
    05:d1:0c:a2:be:4f:f9:f9:7c:26:6f:59:53:bd:ac:
    ee:2e:4c:b6:8b:32:38:4c:69:ef:4a:b1:90:9d:2a:
    9c:6c:23:81:32:a2:5d:9e:f0:89:0a:24:68:3a:10:
    83:3f:e3:12:4c:d7:ec:b4:33
exponent1:
    00:90:af:5f:49:58:19:31:45:29:94:14:8a:7a:8d:
    98:5f:b2:3d:b9:34:20:e3:3c:06:04:4c:ea:f4:f7:
    72:ab:ed:55:03:50:5b:65:ac:b2:0f:d2:66:1f:59:
    b5:d8:18:77:41:44:c2:d2:50:c6:04:3c:f4:4c:ae:
    a3:eb:3e:ea:b2:b9:74:28:60:fd:c1:61:14:69:98:
    a7:bc:b5:1f:96:39:89:0b:76:de:20:a5:04:f7:d4:
    a5:90:96:26:66:49:32:2f:80:ff:0e:12:8b:ed:1e:
    db:8d:14:4d:08:95:31:9c:cf:4a:e4:a5:28:13:6a:
    1a:ad:d2:78:b2:b0:26:e4:01
exponent2:
    71:62:b8:59:6c:38:4a:fc:cd:c1:1a:62:ae:66:bc:
    3d:f9:aa:66:c1:1f:04:c3:58:2d:66:04:69:85:f5:
    5f:57:7e:f9:9e:2d:cc:f6:1e:33:da:a8:49:00:09:
    a7:68:4a:32:46:71:be:5e:81:0d:ab:08:66:ff:38:
    f5:a0:2a:a9:c6:c2:f4:f9:7a:85:b2:78:0f:85:51:
    cc:56:ca:df:eb:f6:a7:51:30:da:d6:a9:4d:ad:02:
    f8:28:17:94:28:1c:da:80:1b:7f:00:94:23:17:f8:
    07:bb:88:9e:aa:13:1c:68:bd:d3:86:4d:c2:65:ad:
    28:5e:b3:5a:75:46:f6:85
coefficient:
    00:a1:28:b4:fd:74:22:b7:03:16:00:36:0d:f5:ff:
    d8:f4:7b:f6:4e:52:d1:3a:2f:1a:33:a1:26:fd:cd:
    54:71:40:cc:76:f9:89:bf:91:b2:ad:c6:52:05:23:
    6d:78:c5:67:15:1c:5a:07:27:e3:02:70:de:04:76:
    35:1c:62:43:6c:c5:1b:b9:ab:93:b3:aa:00:9f:45:
    b8:29:e1:c9:76:7b:79:7d:1a:43:f0:0f:dd:23:4f:
    24:79:ae:c9:71:04:d6:0d:43:e1:16:ee:86:9a:02:
    a3:d2:4a:06:c2:1e:99:79:6b:d1:e4:ee:38:50:99:
    97:28:b7:43:ab:e9:c1:0e:20
writing RSA key
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA0iNHMj1XieO51g0qnjYKwk39PGxzzUUTZIn5dBbY5YaBZAQl
+M7QFASxsK9g42Xx7CWH0RlWQVa0CR6slISAzf2O2oMjaq2D0ejdTTSxiB1++xGA
Z1CpX9Kv+zbvYEjqaoo/5qrHbMEogoID1yBnAmyNMd3WEOtJuhN2yL+oqP5VDy5t
npsNzzCODE9ncXvuWKdGUqx2HK8ktFkNGJyWNmjRTZ3e323VJcvwCZ0RegiHalmr
/NDEAyQTzG1Z3kOegPiEuLFm8lNUDTOcId1Zqc4dQRIiLJFBXV9zs9kn4Tm5zV84
okIAPWoeUTLiqYBbCJkYRHnjaMkxlvtI7snaYwIDAQABAoIBABG0q0EObhvONlBU
16xw/UMV8ypuMOuw0Et+XKhtbGUaijh1KQXn1xx4sMgkXtOKOXIeT21M5zmmJpFG
JmB1Ma0pminLNua8LAk5x7vDntnLMnHRLbKG116dj/pozI6eVjIX5/51kUwWkmU8
szojHsrTfqoe+PR//rxQ+4c6ruleLYyYuQG6Xt6bZKMLqq3IqhDCYa3xqctGyvfn
JyQVRFWwMlb84GfXqdsvU8EtEdwzHspJeCnqhkhGYj+0SVQDMRHB/29zmceCeMuc
MgBgWh7Jq83p8vk5O3i1xQk55PXj9/aG4bqbAtvmHZ64c6XqmyQEiRpCG55M08V6
Vj+hrEECgYEA8CEWxdtL/UrbpsgvZc8pyOK7aA0ICOaK/0r9hdMIHNYZn/uilJcu
cotYSJu6nix+tvMqDjvnqA7jbwH5h3ydkrKp6voGCBVNPh0n+E3FkjYkITE6p6T2
pOK7Xb34giz4EcIQsbIqUZmSv5WJhdK8sZZ0gwIoMryrGS/258j7kRECgYEA4Aa+
Sqav7eMUUAT39s+xAYMRHxF4rMYbsn/KR8tDat4bFSvROTA62xmb2dh5cXt7ZZY8
NIt40OgTR4KpjTLNB/XZWN3Gev+wfbAF0Qyivk/5+Xwmb1lTvazuLky2izI4TGnv
SrGQnSqcbCOBMqJdnvCJCiRoOhCDP+MSTNfstDMCgYEAkK9fSVgZMUUplBSKeo2Y
X7I9uTQg4zwGBEzq9Pdyq+1VA1BbZayyD9JmH1m12Bh3QUTC0lDGBDz0TK6j6z7q
srl0KGD9wWEUaZinvLUfljmJC3beIKUE99SlkJYmZkkyL4D/DhKL7R7bjRRNCJUx
nM9K5KUoE2oardJ4srAm5AECgYBxYrhZbDhK/M3BGmKuZrw9+apmwR8Ew1gtZgRp
hfVfV375ni3M9h4z2qhJAAmnaEoyRnG+XoENqwhm/zj1oCqpxsL0+XqFsngPhVHM
Vsrf6/anUTDa1qlNrQL4KBeUKBzagBt/AJQjF/gHu4ieqhMcaL3Thk3CZa0oXrNa
dUb2hQKBgQChKLT9dCK3AxYANg31/9j0e/ZOUtE6LxozoSb9zVRxQMx2+Ym/kbKt
xlIFI214xWcVHFoHJ+MCcN4EdjUcYkNsxRu5q5OzqgCfRbgp4cl2e3l9GkPwD90j
TyR5rslxBNYNQ+EW7oaaAqPSSgbCHpl5a9Hk7jhQmZcot0Or6cEOIA==
-----END RSA PRIVATE KEY-----

另外,RSA算法的私钥是以PCKS协议存储的,所以可以从私钥中到处匹配的公钥,详情见:https://blog.csdn.net/zhymax/article/details/7683925#

这也是为什么这一步只生成了私钥文件,而没有公钥。当然我们可以使用如下命令导入对应的公钥:

openssl rsa -in CaPriKey.pem -pubout -out CaPubKey.pem

公钥明文:

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0iNHMj1XieO51g0qnjYK
wk39PGxzzUUTZIn5dBbY5YaBZAQl+M7QFASxsK9g42Xx7CWH0RlWQVa0CR6slISA
zf2O2oMjaq2D0ejdTTSxiB1++xGAZ1CpX9Kv+zbvYEjqaoo/5qrHbMEogoID1yBn
AmyNMd3WEOtJuhN2yL+oqP5VDy5tnpsNzzCODE9ncXvuWKdGUqx2HK8ktFkNGJyW
NmjRTZ3e323VJcvwCZ0RegiHalmr/NDEAyQTzG1Z3kOegPiEuLFm8lNUDTOcId1Z
qc4dQRIiLJFBXV9zs9kn4Tm5zV84okIAPWoeUTLiqYBbCJkYRHnjaMkxlvtI7sna
YwIDAQAB
-----END PUBLIC KEY-----

CA证书请求

所谓证书请求就是一个csr文件,里面会包括申请者的身份信息以及公钥,然后由CA结构对该身份信息进行认证,生成证书。生成csr命令:

openssl req -new -out CaReq.csr -key CaPriKey.pem

如之前的介绍,这里传入私钥的目的是反解出公钥。查看该csr文件:
 

-----BEGIN CERTIFICATE REQUEST-----
MIIC1TCCAb0CAQAweTELMAkGA1UEBhMCQ04xDzANBgNVBAgMBlNoYW5YaTEQMA4G
A1UEBwwHWGluWmhvdTELMAkGA1UECgwCTFkxDjAMBgNVBAsMBUxpWWFvMRAwDgYD
VQQDDAdSb290IENBMRgwFgYJKoZIhvcNAQkBFgljYUB4eC5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSI0cyPVeJ47nWDSqeNgrCTf08bHPNRRNk
ifl0FtjlhoFkBCX4ztAUBLGwr2DjZfHsJYfRGVZBVrQJHqyUhIDN/Y7agyNqrYPR
6N1NNLGIHX77EYBnUKlf0q/7Nu9gSOpqij/mqsdswSiCggPXIGcCbI0x3dYQ60m6
E3bIv6io/lUPLm2emw3PMI4MT2dxe+5Yp0ZSrHYcryS0WQ0YnJY2aNFNnd7fbdUl
y/AJnRF6CIdqWav80MQDJBPMbVneQ56A+IS4sWbyU1QNM5wh3Vmpzh1BEiIskUFd
X3Oz2SfhObnNXziiQgA9ah5RMuKpgFsImRhEeeNoyTGW+0juydpjAgMBAAGgFzAV
BgkqhkiG9w0BCQcxCAwGMTIzMTIzMA0GCSqGSIb3DQEBCwUAA4IBAQBMLIKm36vI
JUy2FGKBaGsiFjS+roeqQYx3H5CU8bzUIpeNCMnm7LmxIJhz3GI5vsvzqSEGYen6
28E+eLcuCoer+FsfKnBYn7DlDDUC2TuLTS2d/9q3ad+J6YrnMpLHP6fyjVnr9aeJ
uz2tf6H6jM7fIPIwKbGCmSPP81TCsZAebUDjpa5iIXN2EhBV3jvv/K2epVxKseiT
ngu+Oy3NNor4Z5nb/LHIJfClJ29mzCUH8I9/Fydh0uu83tbBvwAo9HoLu7DnYo7c
2QBm2PuRXQjkogvz1UsZUzD3CuGbJBEvfuF/iQDTc45kXo3Ofjh1x6kxQUhkMwLm
mnDHF1z9oKo9
-----END CERTIFICATE REQUEST-----

也可以使用如下命令查看csr文件明文:

openssl req -in CaReq.csr -noout -text

明文:

Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: C=CN, ST=ShanXi, L=XinZhou, O=LY, OU=LiYao, CN=Root CA/emailAddress=ca@xx.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:d2:23:47:32:3d:57:89:e3:b9:d6:0d:2a:9e:36:
                    0a:c2:4d:fd:3c:6c:73:cd:45:13:64:89:f9:74:16:
                    d8:e5:86:81:64:04:25:f8:ce:d0:14:04:b1:b0:af:
                    60:e3:65:f1:ec:25:87:d1:19:56:41:56:b4:09:1e:
                    ac:94:84:80:cd:fd:8e:da:83:23:6a:ad:83:d1:e8:
                    dd:4d:34:b1:88:1d:7e:fb:11:80:67:50:a9:5f:d2:
                    af:fb:36:ef:60:48:ea:6a:8a:3f:e6:aa:c7:6c:c1:
                    28:82:82:03:d7:20:67:02:6c:8d:31:dd:d6:10:eb:
                    49:ba:13:76:c8:bf:a8:a8:fe:55:0f:2e:6d:9e:9b:
                    0d:cf:30:8e:0c:4f:67:71:7b:ee:58:a7:46:52:ac:
                    76:1c:af:24:b4:59:0d:18:9c:96:36:68:d1:4d:9d:
                    de:df:6d:d5:25:cb:f0:09:9d:11:7a:08:87:6a:59:
                    ab:fc:d0:c4:03:24:13:cc:6d:59:de:43:9e:80:f8:
                    84:b8:b1:66:f2:53:54:0d:33:9c:21:dd:59:a9:ce:
                    1d:41:12:22:2c:91:41:5d:5f:73:b3:d9:27:e1:39:
                    b9:cd:5f:38:a2:42:00:3d:6a:1e:51:32:e2:a9:80:
                    5b:08:99:18:44:79:e3:68:c9:31:96:fb:48:ee:c9:
                    da:63
                Exponent: 65537 (0x10001)
        Attributes:
            challengePassword        :unable to print attribute
    Signature Algorithm: sha256WithRSAEncryption
         4c:2c:82:a6:df:ab:c8:25:4c:b6:14:62:81:68:6b:22:16:34:
         be:ae:87:aa:41:8c:77:1f:90:94:f1:bc:d4:22:97:8d:08:c9:
         e6:ec:b9:b1:20:98:73:dc:62:39:be:cb:f3:a9:21:06:61:e9:
         fa:db:c1:3e:78:b7:2e:0a:87:ab:f8:5b:1f:2a:70:58:9f:b0:
         e5:0c:35:02:d9:3b:8b:4d:2d:9d:ff:da:b7:69:df:89:e9:8a:
         e7:32:92:c7:3f:a7:f2:8d:59:eb:f5:a7:89:bb:3d:ad:7f:a1:
         fa:8c:ce:df:20:f2:30:29:b1:82:99:23:cf:f3:54:c2:b1:90:
         1e:6d:40:e3:a5:ae:62:21:73:76:12:10:55:de:3b:ef:fc:ad:
         9e:a5:5c:4a:b1:e8:93:9e:0b:be:3b:2d:cd:36:8a:f8:67:99:
         db:fc:b1:c8:25:f0:a5:27:6f:66:cc:25:07:f0:8f:7f:17:27:
         61:d2:eb:bc:de:d6:c1:bf:00:28:f4:7a:0b:bb:b0:e7:62:8e:
         dc:d9:00:66:d8:fb:91:5d:08:e4:a2:0b:f3:d5:4b:19:53:30:
         f7:0a:e1:9b:24:11:2f:7e:e1:7f:89:00:d3:73:8e:64:5e:8d:
         ce:7e:38:75:c7:a9:31:41:48:64:33:02:e6:9a:70:c7:17:5c:
         fd:a0:aa:3d

可以看到csr其实就是身份信息,包括了公钥,基本信息以及签名。

生成自签证书

使用Ca的私钥对csr文件自签名:

openssl x509 -req -in CaReq.csr -out CaCer.pem -signkey CaPriKey.pem -days 365

csr原信息:

-----BEGIN CERTIFICATE-----
MIIDbjCCAlYCCQCuIR0p0jiszjANBgkqhkiG9w0BAQUFADB5MQswCQYDVQQGEwJD
TjEPMA0GA1UECAwGU2hhblhpMRAwDgYDVQQHDAdYaW5aaG91MQswCQYDVQQKDAJM
WTEOMAwGA1UECwwFTGlZYW8xEDAOBgNVBAMMB1Jvb3QgQ0ExGDAWBgkqhkiG9w0B
CQEWCWNhQHh4LmNvbTAeFw0yMDA1MDIxNDEzNDlaFw0yMTA1MDIxNDEzNDlaMHkx
CzAJBgNVBAYTAkNOMQ8wDQYDVQQIDAZTaGFuWGkxEDAOBgNVBAcMB1hpblpob3Ux
CzAJBgNVBAoMAkxZMQ4wDAYDVQQLDAVMaVlhbzEQMA4GA1UEAwwHUm9vdCBDQTEY
MBYGCSqGSIb3DQEJARYJY2FAeHguY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA0iNHMj1XieO51g0qnjYKwk39PGxzzUUTZIn5dBbY5YaBZAQl+M7Q
FASxsK9g42Xx7CWH0RlWQVa0CR6slISAzf2O2oMjaq2D0ejdTTSxiB1++xGAZ1Cp
X9Kv+zbvYEjqaoo/5qrHbMEogoID1yBnAmyNMd3WEOtJuhN2yL+oqP5VDy5tnpsN
zzCODE9ncXvuWKdGUqx2HK8ktFkNGJyWNmjRTZ3e323VJcvwCZ0RegiHalmr/NDE
AyQTzG1Z3kOegPiEuLFm8lNUDTOcId1Zqc4dQRIiLJFBXV9zs9kn4Tm5zV84okIA
PWoeUTLiqYBbCJkYRHnjaMkxlvtI7snaYwIDAQABMA0GCSqGSIb3DQEBBQUAA4IB
AQAYsIbtdsF+B3hEJ8gNFsx0ETQ0klTdLXKWkjTyRwojLT8Ebye7T4f5/N7owTky
CkIOZPlbrLzgKRjW145oe87m270C2Pwb/4e3/65nSG5kX68ER4kDDQkg1sjwwItp
PY+8mDQdm+fXE9gkuNK8u9tiefiB5FKv37r8ewPpyDkLxK3DX+jzE1EO0LqhUfsj
TJvNEJL0vf6OcNrbDT2QTIjl63jNIG2jknk+Gdv4j7IKN4s/IKyn4g40dvbDB682
86MqLWKYut+PdupUjsC/a4CGt6mqRJJHlKYlLHpDc5jTgQTmXHdZIMo169ZjqT9f
O07O6DSrF8KkcXFtWCqe7343
-----END CERTIFICATE-----

使用如下命令查看证书明文:

openssl x509 -in CaCer.pem -noout -text

证书明文:

Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number: 12547342102288706766 (0xae211d29d238acce)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=CN, ST=ShanXi, L=XinZhou, O=LY, OU=LiYao, CN=Root CA/emailAddress=ca@xx.com
        Validity
            Not Before: May  2 14:13:49 2020 GMT
            Not After : May  2 14:13:49 2021 GMT
        Subject: C=CN, ST=ShanXi, L=XinZhou, O=LY, OU=LiYao, CN=Root CA/emailAddress=ca@xx.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:d2:23:47:32:3d:57:89:e3:b9:d6:0d:2a:9e:36:
                    0a:c2:4d:fd:3c:6c:73:cd:45:13:64:89:f9:74:16:
                    d8:e5:86:81:64:04:25:f8:ce:d0:14:04:b1:b0:af:
                    60:e3:65:f1:ec:25:87:d1:19:56:41:56:b4:09:1e:
                    ac:94:84:80:cd:fd:8e:da:83:23:6a:ad:83:d1:e8:
                    dd:4d:34:b1:88:1d:7e:fb:11:80:67:50:a9:5f:d2:
                    af:fb:36:ef:60:48:ea:6a:8a:3f:e6:aa:c7:6c:c1:
                    28:82:82:03:d7:20:67:02:6c:8d:31:dd:d6:10:eb:
                    49:ba:13:76:c8:bf:a8:a8:fe:55:0f:2e:6d:9e:9b:
                    0d:cf:30:8e:0c:4f:67:71:7b:ee:58:a7:46:52:ac:
                    76:1c:af:24:b4:59:0d:18:9c:96:36:68:d1:4d:9d:
                    de:df:6d:d5:25:cb:f0:09:9d:11:7a:08:87:6a:59:
                    ab:fc:d0:c4:03:24:13:cc:6d:59:de:43:9e:80:f8:
                    84:b8:b1:66:f2:53:54:0d:33:9c:21:dd:59:a9:ce:
                    1d:41:12:22:2c:91:41:5d:5f:73:b3:d9:27:e1:39:
                    b9:cd:5f:38:a2:42:00:3d:6a:1e:51:32:e2:a9:80:
                    5b:08:99:18:44:79:e3:68:c9:31:96:fb:48:ee:c9:
                    da:63
                Exponent: 65537 (0x10001)
    Signature Algorithm: sha1WithRSAEncryption
         18:b0:86:ed:76:c1:7e:07:78:44:27:c8:0d:16:cc:74:11:34:
         34:92:54:dd:2d:72:96:92:34:f2:47:0a:23:2d:3f:04:6f:27:
         bb:4f:87:f9:fc:de:e8:c1:39:32:0a:42:0e:64:f9:5b:ac:bc:
         e0:29:18:d6:d7:8e:68:7b:ce:e6:db:bd:02:d8:fc:1b:ff:87:
         b7:ff:ae:67:48:6e:64:5f:af:04:47:89:03:0d:09:20:d6:c8:
         f0:c0:8b:69:3d:8f:bc:98:34:1d:9b:e7:d7:13:d8:24:b8:d2:
         bc:bb:db:62:79:f8:81:e4:52:af:df:ba:fc:7b:03:e9:c8:39:
         0b:c4:ad:c3:5f:e8:f3:13:51:0e:d0:ba:a1:51:fb:23:4c:9b:
         cd:10:92:f4:bd:fe:8e:70:da:db:0d:3d:90:4c:88:e5:eb:78:
         cd:20:6d:a3:92:79:3e:19:db:f8:8f:b2:0a:37:8b:3f:20:ac:
         a7:e2:0e:34:76:f6:c3:07:af:36:f3:a3:2a:2d:62:98:ba:df:
         8f:76:ea:54:8e:c0:bf:6b:80:86:b7:a9:aa:44:92:47:94:a6:
         25:2c:7a:43:73:98:d3:81:04:e6:5c:77:59:20:ca:35:eb:d6:
         63:a9:3f:5f:3b:4e:ce:e8:34:ab:17:c2:a4:71:71:6d:58:2a:
         9e:ef:7e:37
-----BEGIN CERTIFICATE-----
MIIDbjCCAlYCCQCuIR0p0jiszjANBgkqhkiG9w0BAQUFADB5MQswCQYDVQQGEwJD
TjEPMA0GA1UECAwGU2hhblhpMRAwDgYDVQQHDAdYaW5aaG91MQswCQYDVQQKDAJM
WTEOMAwGA1UECwwFTGlZYW8xEDAOBgNVBAMMB1Jvb3QgQ0ExGDAWBgkqhkiG9w0B
CQEWCWNhQHh4LmNvbTAeFw0yMDA1MDIxNDEzNDlaFw0yMTA1MDIxNDEzNDlaMHkx
CzAJBgNVBAYTAkNOMQ8wDQYDVQQIDAZTaGFuWGkxEDAOBgNVBAcMB1hpblpob3Ux
CzAJBgNVBAoMAkxZMQ4wDAYDVQQLDAVMaVlhbzEQMA4GA1UEAwwHUm9vdCBDQTEY
MBYGCSqGSIb3DQEJARYJY2FAeHguY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA0iNHMj1XieO51g0qnjYKwk39PGxzzUUTZIn5dBbY5YaBZAQl+M7Q
FASxsK9g42Xx7CWH0RlWQVa0CR6slISAzf2O2oMjaq2D0ejdTTSxiB1++xGAZ1Cp
X9Kv+zbvYEjqaoo/5qrHbMEogoID1yBnAmyNMd3WEOtJuhN2yL+oqP5VDy5tnpsN
zzCODE9ncXvuWKdGUqx2HK8ktFkNGJyWNmjRTZ3e323VJcvwCZ0RegiHalmr/NDE
AyQTzG1Z3kOegPiEuLFm8lNUDTOcId1Zqc4dQRIiLJFBXV9zs9kn4Tm5zV84okIA
PWoeUTLiqYBbCJkYRHnjaMkxlvtI7snaYwIDAQABMA0GCSqGSIb3DQEBBQUAA4IB
AQAYsIbtdsF+B3hEJ8gNFsx0ETQ0klTdLXKWkjTyRwojLT8Ebye7T4f5/N7owTky
CkIOZPlbrLzgKRjW145oe87m270C2Pwb/4e3/65nSG5kX68ER4kDDQkg1sjwwItp
PY+8mDQdm+fXE9gkuNK8u9tiefiB5FKv37r8ewPpyDkLxK3DX+jzE1EO0LqhUfsj
TJvNEJL0vf6OcNrbDT2QTIjl63jNIG2jknk+Gdv4j7IKN4s/IKyn4g40dvbDB682
86MqLWKYut+PdupUjsC/a4CGt6mqRJJHlKYlLHpDc5jTgQTmXHdZIMo169ZjqT9f
O07O6DSrF8KkcXFtWCqe7343
-----END CERTIFICATE-----

至此CA根证书已经生成,将使用该证书签发网站证书。

生产Server私钥:

openssl genrsa -out ServerPriKey.pem 1024

生成csr请求:

openssl req -new -out ServerReq.csr -key ServerPriKey.pem

这里填入的Common Name必须与网站的域名一致,本例为localhost。

使用CA证书签发该csr:这里需要注意的是,必须为openssl的配置文件添加必要的配置信息,否则会报各种错误。

配置文件位置(Mac OS):  /private/etc/ssl/openssl.cnf

示例:

[ req ]
#default_bits		= 2048
#default_md		= sha256
#default_keyfile 	= privkey.pem
distinguished_name	= req_distinguished_name
attributes		= req_attributes

[ req_distinguished_name ]
countryName			= Country Name (2 letter code)
countryName_min			= 2
countryName_max			= 2
stateOrProvinceName		= State or Province Name (full name)
localityName			= Locality Name (eg, city)
0.organizationName		= Organization Name (eg, company)
organizationalUnitName		= Organizational Unit Name (eg, section)
commonName			= Common Name (eg, fully qualified host name)
commonName_max			= 64
emailAddress			= Email Address
emailAddress_max		= 64

[ req_attributes ]
challengePassword		= A challenge password
challengePassword_min		= 4
challengePassword_max		= 20

[ ca ]
default_ca = CA_default


[ CA_default ]
dir 				= /Users/miracle/Key/CA
new_certs_dir 			= $dir/newcerts
certs				= $dir/certs
private_key			= $dir/private/CaPriKey.pem
certificate			= $dir/certs/CaCer.pem
database			= $dir/index.txt
serial				= $dir/serial
default_md			= default
policy				= policy_match
preserve			= no
default_days			= 365
default_crl_dats		= 30

[ policy_match ]
countryName 			= match
stateOrProvinceName 		= match
organizationName    		= match
organizationalUnitName  	= optional
commonName      		= supplied
emailAddress       		= optional

这里的[ca]、[ca_default]以及[policy_match]均是后面添加的,如果不配置会报错。注意根据实际情况调整目录结构。如何生成serial文件:cat 00 >> serial。

参考:https://www.cnblogs.com/f-ck-need-u/p/6091027.html

接着,使用如下命令签发csr:

openssl ca -in ServerReq.csr -out ServerCer.pem

如果配置文件没有问题,会有如下确认信息:

Using configuration from /private/etc/ssl/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'CN'
stateOrProvinceName   :ASN.1 12:'ShanXi'
localityName          :ASN.1 12:'XinZhou'
organizationName      :ASN.1 12:'LY'
organizationalUnitName:ASN.1 12:'LiYao'
commonName            :ASN.1 12:'localhost'
emailAddress          :IA5STRING:'localhost@xx.com'
Certificate is to be certified until May  2 15:28:39 2021 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

则说明签发成功。

查看Server证书:

Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number: 0 (0x0)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=CN, ST=ShanXi, L=XinZhou, O=LY, OU=LiYao, CN=Root CA/emailAddress=ca@xx.com
        Validity
            Not Before: May  2 15:28:39 2020 GMT
            Not After : May  2 15:28:39 2021 GMT
        Subject: C=CN, ST=ShanXi, O=LY, OU=LiYao, CN=localhost/emailAddress=localhost@xx.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:a3:6e:d7:1e:33:56:48:f1:d4:51:30:3a:e4:5e:
                    94:cf:c5:c1:5e:b8:c3:eb:aa:f6:85:43:f6:9a:ad:
                    3f:ec:d7:c7:a4:cf:65:06:83:d5:08:19:0c:0a:f4:
                    14:ff:24:ea:a4:66:62:80:d3:36:ae:f2:51:f2:66:
                    fc:3b:9e:f6:ae:8d:06:52:ef:d2:d9:b3:ec:8c:36:
                    57:f0:7f:82:9d:aa:df:7d:67:91:c7:ce:de:3b:41:
                    96:0d:e7:ae:eb:50:f7:35:30:8d:30:9a:5e:b6:1d:
                    d8:1e:7a:b4:6b:6e:68:cb:51:21:11:b1:60:00:9f:
                    b7:f9:a8:62:20:73:33:78:d1
                Exponent: 65537 (0x10001)
    Signature Algorithm: sha1WithRSAEncryption
         2a:d4:20:79:ad:d6:c6:06:a7:ad:0b:dd:b4:42:c4:3c:70:78:
         7d:85:da:ce:c9:8d:f4:58:df:fc:1b:9c:48:a6:b1:27:75:02:
         3c:8c:6c:98:df:32:1b:75:e0:25:ba:fa:4d:47:02:1b:a0:3e:
         0f:30:3e:aa:95:d6:5a:47:53:cb:ae:a7:99:a5:e1:12:5a:33:
         4e:f7:a8:1b:33:4c:59:54:43:d2:f4:b3:80:f1:ea:f4:5e:03:
         a1:05:64:b6:dc:3e:57:0e:1b:cd:ae:de:c2:eb:02:70:19:ea:
         49:3d:8f:d5:33:85:38:30:85:34:b6:a0:ef:ea:5d:3e:e8:1d:
         be:b4:7e:65:1e:90:51:cf:e0:60:68:08:b4:35:e9:6d:ce:bb:
         60:23:17:38:ac:5a:80:ad:27:7b:9a:0a:cf:5d:84:47:e3:70:
         59:95:7e:6c:3f:61:74:82:a3:f9:a8:c8:5e:c5:7b:7f:0f:15:
         af:b8:4f:b5:84:74:ae:7e:93:ea:ee:d5:20:9b:47:35:29:d7:
         86:2d:29:ce:34:99:de:55:15:bf:aa:f3:f3:b3:dd:15:1f:43:
         2e:e8:5e:7c:d2:23:1b:e5:3c:a2:3e:d2:d1:f3:be:4b:d6:08:
         a5:e1:98:97:70:98:49:76:81:f5:f6:43:3c:92:50:7d:e1:a3:
         b3:ca:ea:e8
-----BEGIN CERTIFICATE-----
MIIC2TCCAcECAQAwDQYJKoZIhvcNAQEFBQAweTELMAkGA1UEBhMCQ04xDzANBgNV
BAgMBlNoYW5YaTEQMA4GA1UEBwwHWGluWmhvdTELMAkGA1UECgwCTFkxDjAMBgNV
BAsMBUxpWWFvMRAwDgYDVQQDDAdSb290IENBMRgwFgYJKoZIhvcNAQkBFgljYUB4
eC5jb20wHhcNMjAwNTAyMTUyODM5WhcNMjEwNTAyMTUyODM5WjBwMQswCQYDVQQG
EwJDTjEPMA0GA1UECAwGU2hhblhpMQswCQYDVQQKDAJMWTEOMAwGA1UECwwFTGlZ
YW8xEjAQBgNVBAMMCWxvY2FsaG9zdDEfMB0GCSqGSIb3DQEJARYQbG9jYWxob3N0
QHh4LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo27XHjNWSPHUUTA6
5F6Uz8XBXrjD66r2hUP2mq0/7NfHpM9lBoPVCBkMCvQU/yTqpGZigNM2rvJR8mb8
O572ro0GUu/S2bPsjDZX8H+CnarffWeRx87eO0GWDeeu61D3NTCNMJpeth3YHnq0
a25oy1EhEbFgAJ+3+ahiIHMzeNECAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAKtQg
ea3WxganrQvdtELEPHB4fYXazsmN9Fjf/BucSKaxJ3UCPIxsmN8yG3XgJbr6TUcC
G6A+DzA+qpXWWkdTy66nmaXhElozTveoGzNMWVRD0vSzgPHq9F4DoQVkttw+Vw4b
za7ewusCcBnqST2P1TOFODCFNLag7+pdPugdvrR+ZR6QUc/gYGgItDXpbc67YCMX
OKxagK0ne5oKz12ER+NwWZV+bD9hdIKj+ajIXsV7fw8Vr7hPtYR0rn6T6u7VIJtH
NSnXhi0pzjSZ3lUVv6rz87PdFR9DLuhefNIjG+U8oj7S0fO+S9YIpeGYl3CYSXaB
9fZDPJJQfeGjs8rq6A==
-----END CERTIFICATE-----

其中的Issuer就是证书的签发机构,即我们之前创建的Root CA。

配置tomcat:

这里以Tomcat9为例:

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" >
        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
        <SSLHostConfig>
            <Certificate certificateKeyFile="/Users/miracle/Key/ServerPriKey.pem"
                         certificateFile="/Users/miracle/Key/ServerCer.pem"
                         certificateChainFile="/Users/miracle/Key/CA/certs/CaCer.pem"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>

然后将javaweb项目的war包部署至Tomcat,访问链接:

始终报NET::ERR_CERT_INVALID错误,原因待排查。。。

 

绝世好阿狸
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 1
    评论
专栏目录
关于https的双向认证详解tomcat+java实现交叉验证
Ender__的专栏
06-18 3058
关于https的双向认证详解 原doc文档导出pdf https://github.com/enderwsp/share4u/raw/master/%E5%85%B3%E4%BA%8Ehttps%E7%9A%84%E5%8F%8C%E5%90%91%E8%AE%A4%E8%AF%81%E8%AF%A6%E8%A7%A3tomcat%2Bjava%E5%AE%9E%E7%8E%B0%E4%BA%...
tomcathttps加密方式(jsse.openssl
08-17
tomcathttps加密方式(jsse.openssl),亲自测试方法可行,真实有效。
HTTP转HTTPS—使用OpenSSL创建自签名SSL证书以及Tomcat配置SSL证书实战
麦克劳林
12-05 1270
HTTPS是以安全为目标的HTTP通道,简单讲是HTTP的安全版。即HTTP下加入SSL层,HTTPS的安全基础是SSL,因此加密的详细内容就需要SSL。它是一个URI scheme(抽象标识符体系),句法类同http:体系,用于安全的HTTP数据传输。https:URL表明它使用了HTTPS,但HTTPS存在不同于HTTP的默认端口及一个加密/身份验证层(在HTTP与TCP之间)。
实战Tomcat配置SSL,使用openssl制作证书
weixin_30876945的博客
06-26 106
制作证书以及Tomcat配置 搭建openssl环境,下载openssl并设置环境变量方便命令行的使用; 修改openssl配置文件,设置dir目录,如设置dir=e:/temp/openssl_ca,然后根据配置文件分别建立子目录:certs、crl、newcerts、private分别用来存放签发的证书、吊销的证书、证书申请、私钥; cd /d e:\temp\openssl_c...
tomcat常见配置及优化、升级_修改tomcat 安装目录下conf web
最新发布
2401_84264915的博客
04-18 675
先自我介绍一下,小编浙江大学毕业,去过华为、字节跳动等大厂,目前阿里P7深知大多数程序员,想要提升技能,往往是自己摸索成长,但自己不成体系的自学效果低效又漫长,而且极易碰到天花板技术停滞不前!因此收集整理了一份《2024年最新软件测试全套学习资料》,初衷也很简单,就是希望能够帮助到想自学提升又不知道该从何学起的朋友。 既有适合小白学习的零基础资料,也有适合3年以上经验的小伙伴深入学习提升的进阶课程,涵盖了95%以上软件测试知识点,真正体系化!由于文件比较多,这里只是将部分目录截图出来,全套包含大厂面
nginx https实战配置
热门推荐
风的专栏
09-03 1万+
原理参考:https://blog.csdn.net/mynamepg/article/details/79074766 网站 HTTP 升级 HTTPS 完全配置手册   Nginx + Tomcat + HTTPS 配置原来不需要在 Tomcat 上启用 SSL 支持 https 加密那点事漫画(挺不错,来自公众号码农有道) 实战: ////////////////////////...
tomcat配置https
kyfxbl
02-06 1300
java平台的keystore是对https证书的一种包装,配置方式和http服务器的证书配置略有不同 最近和一个第三方系统对接,需要安全认证。安全认证有2种方式,一种是在应用层实现,比如通过ws-security或者在报文头增加一些字段等;另外一种是借助https,对应用层透明。本次对接采用的是https的方案根据部署方式的不同,具体的实现也有区别。一般在tomcat前面会有一个http服务器如
Tomcat服务器配置https双向认证过程实战
好读书,每有会意,便欣然忘食。
06-30 586
什么是https? 百度百科足够解释它:http://baike.baidu.com/view/14121.htm 工具:keytool (Windows下路径:%JAVA_HOME%/bin/keytool.exe) 环境:Windows8.1企业版、Tomcat-7.0.27、JDK1.6、IE11、Chrome 一、为服务器生成证书 C:\Windows\system32>k
SSL/TLS协议详解以及配置实战
swadian2008的博客
04-17 9346
SSL/TLS协议是一种安全通信协议,用于在计算机网络上保护数据传输的机密性、完整性和身份验证。SSL代表安全套接字层(Secure Socket Layer)TLS代表传输层安全性(Transport Layer Security),它是SSL的继任者。// 实际上还是非对称加密的算法客户端发送一个SSL/TLS连接请求到服务器。服务器发送一个数字证书给客户端。数字证书包含服务器的公钥和其他信息。客户端验证数字证书,以确保证书来自可信的证书颁发机构,没有被篡改。
Centos7.4配置使用tomcat8.5.40+nginx1.6.2反向代理实战
kadwf123的专栏
04-28 704
目录 1、配置yum源... 1 1.1、镜像... 1 1.2、挂载... 1 1.3、本地yum配置... 1 1.4、更新yum源... 1 2、安装java. 1 2.1、安装openjdk. 1 3、安装tomcat. 2 3.1、下载安装包... 2 3.2、上传到安装目录... 2 3.3、解压缩... 2 3.4、安装... 2 3.5、启动和停止... ...
Tomcat配置HTTPS证书认证
05-20
本篇文章将详细介绍如何在Tomcat配置HTTPS证书认证,以便实现安全的Web服务。 首先,我们需要了解HTTPS的基本原理。HTTPS是在HTTP协议的基础上加入SSL/TLS(Secure Socket Layer/Transport Layer Security)协议...
openSSL制作证书并在tomcat配置
05-21
openSSL证书生成及Tomcat配置 本文将详细介绍openSSL证书生成和在Tomcat上的配置。首先,我们将学习openSSL的基本概念和命令,然后逐步生成服务器端和客户端的证书文件,并介绍如何使用CA证书签名这些证书文件。...
tomcat服务器配置httpstomcat需要设置的server.xml与web.xml配置
03-10
本篇将详细解释如何配置Tomcat以支持HTTPS,并涉及到两个关键的配置文件:`server.xml`和`web.xml`。 首先,我们需要准备一个SSL证书。你可以从权威的证书颁发机构(CA)购买,或者使用自签名证书。对于测试环境,...
tomcatopenSSL构建https双向认证
07-28
这是我实战的笔记,全程直播。 #### TomcatOpenssl构建HTTPS双向认证 ###### 选择HTTPS WEB服务器 Linux下安装OpenSSL 一、创建服务器证书、客户端...2、配置Tomcat支持HTTPS双向认证(服务器将认证客户端证书)
【http】xss和csrf 攻击
u010900754的专栏
12-15 451
xss攻击: xss,也叫作css,cross-site-script,跨站脚本攻击,原理大致是将一段恶意的js代码注入到目标网站,用户浏览被注入的网站时就会被攻击。 常规来讲,有以下三种途径: 1.反射型 将恶意的js代码作为参数或者表单信息,提交给服务端,服务端没有对输入做校验或者处理,而是直接将参数嵌入到返回页面中,返回给用户,这样恶意的js代码就会在返回页面中被执行。 2.dom...
【http】相关知识
u010900754的专栏
09-18 441
1.http1.1协议 主要是增加了持久连接的技术,浏览器访问一个web页面时,会根据返回的html页面解析,如果遇到比如img,css或者js文件时,它会发起后续的http请求去获取资源,每一次都会有tcp的建立和关闭,很消耗性能。 来自http://blog.csdn.net/zhangxiaoxiang/article/details/765082。 所以http1.1提出了持久化连...
Https(一)】理论
u010900754的专栏
05-02 413
因为网络是不安全的,直接使用Http协议,会有如下问题: 1.明文传输;如果信息被第三方截获,信息会被泄露; 2.信息完整性;如果信息被第三方截获,信息可能被篡改; 3.身份验证;交互的双方无法确认对方的身份,可能有第三方冒充; 那么Https又是如何解决以上问题呢? 针对问题1:交互双方在握手阶段,使用非对称加密算法交换秘钥,后续的信息传递使用该秘钥进行对称加密; 针对问题2:在发送...
【http】常见的content-type
u010900754的专栏
08-04 295
1.application/x-www-form-urlencoded 参数会是一个一个的键值对:key1=value1&key2=value2。后端可以直接使用web容器的内置的方法get。 2.mulpart/form-data 参数之间被分隔符分开,常用于文件上传。 如果是文件,分隔符之间是进制数据。 3.application/json: ...
OpenSSL实战指南:常用特性和命令
全书分为三部分:第一部分是SSL/TLS和PKI的基础知识,第部分关注部署和开发,第三部分提供了一系列实用配置的指导,包括OpenSSL命令行工具的使用、性能优化、Apache、Java和Tomcat、Microsoft Windows和IIS以及...
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值