实现目的
tomcat的加密分两种情况,一种为使用Java runtime(非APR),一种为OpenSSL library (through APR/Tomcat-Native). 本文为配置实现APR方式的https。
下载安装所需软件
- 安装apr
- 下载安装所需软件
wget http://mirror.bit.edu.cn/apache//apr/apr-1.5.2.tar.gz
wget http://mirror.bit.edu.cn/apache//apr/apr-iconv-1.2.1.tar.gz
wget http://mirror.bit.edu.cn/apache//apr/apr-util-1.5.4.tar.gz
- 安装apr
tar zxf apr-1.5.2.tar.gz
cd apr-1.5.2
./configure --prefix=/usr/local/apr
make
make install
cd ..
- 安装apr-iconv
tar -zxvf apr-iconv-1.2.1.tar.gz
cd apr-iconv-1.2.1
./configure --prefix=/usr/local/apr-iconv --with-apr=/usr/local/apr
make
make install
cd ..
- 安装apr-util
tar zxvf apr-util-1.5.4.tar.gz
cd apr-util-1.5.4
./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr --with-apr-iconv=/usr/local/apr-iconv/bin/apriconv
make
make install
cd ..
- 安装native
wget http://archive.apache.org/dist/tomcat/tomcat-connectors/native/1.1.32/source/tomcat-native-1.1.32-src.tar.gz
tar zxvf tomcat-native-1.1.32-src.tar.gz
cd tomcat-native-1.1.32-src/jni/native
./configure --with-apr=/usr/local/apr --with-ssl=yes
make
make install
- 系统配置
- 配置环境变量
vi /etc/profile
# 添加环境变量
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/apr/lib
# 使环境变量生效
source /etc/profile
- 配置动态链接库
echo "/usr/local/apr/lib">/etc/ld.so.conf.d/apr.conf
# 查看
ldconfig –v
- tomcat配置
# 修改tomcat的server.xml文件的https配置模块,端口及证书路径按需修改
<Connector
protocol="org.apache.coyote.http11.Http11AprProtocol"
port="8443"
enableLookups="true"
disableUploadTimeout="true"
acceptCount="1000"
maxThreads="1500"
scheme="https"
secure="true"
SSLEnabled="true"
SSLCertificateFile="${CATALINA_HOME}/ssl-key/server.crt"
SSLCertificateKeyFile="${CATALINA_HOME}/ssl-key/server.key"
sslProtocol="TLS"/>
- 所需密钥 (haierubic.crt \ haierubic.key \ haierubicCA.csr)