关于SSL证书我就不多说了,这里使用的是nginx的SSL证书(大家也可以自己生成),然后转为tomcat可以使用的证书。之后再配置,实现tomcat的https访问。
1、命令行执行
以下证书由来:是我们公司项目组购买的
-bash-4.1$ pwd
/mnt/certificate/tomcat
-bash-4.1$ ll
total 36
-rw-r--r-- 1 wit wit 6128 Jul 29 11:29 linlehui001_com.crt # nginx使用的证书
-rw-r--r-- 1 wit wit 1678 Jul 29 11:29 linlehui001_com.key # nginx使用的正式
-rw-r--r-- 1 wit wit 5747 Jun 2 16:30 linlehui001_com.jks # 【这里没有使用】Java使用的证书,但是由于密码忘了,所以使用的是nginx证书转换
-bash-4.1$ openssl pkcs12 -export -in ./linlehui001_com.crt -inkey ./linlehui001_com.key -out serverbundle.p12 -name tomcat -CAfile ./linlehui001_com.crt -caname root
Enter Export Password: ## 需要输入密码
Verifying - Enter Export Password: ## 重复密码
unable to write 'random state'
-bash-4.1$ ll
total 28
-rw-r--r-- 1 wit wit 6128 Jul 29 11:29 linlehui001_com.crt
-rw-r--r-- 1 wit wit 1678 Jul 29 11:29 linlehui001_com.key
-rw-r--r-- 1 wit wit 5747 Jun 2 16:30 linlehui001_com.jks
-rw-rw-r-- 1 wit wit 6154 Jul 29 11:51 serverbundle.p12
-bash-4.1$ keytool -importkeystore -v -srckeystore ./serverbundle.p12 -srcstoretype pkcs12 -srcstorepass tomcat -destkeystore ./serverbundle.keystore -deststoretype jks -deststorepass tomcat ## 生产Java使用的证书
Entry for alias tomcat successfully imported.
Import command completed: 1 entries successfully imported, 0 entries failed or cancelled
[Storing ./serverbundle.keystore]
-bash-4.1$ ll
total 36
-rw-r--r-- 1 wit wit 6128 Jul 29 11:29 linlehui001_com.crt
-rw-r--r-- 1 wit wit 1678 Jul 29 11:29 linlehui001_com.key
-rw-r--r-- 1 wit wit 5747 Jun 2 16:30 linlehui001_com.jks
-rw-rw-r-- 1 wit wit 5752 Jul 29 11:52 serverbundle.keystore
-rw-rw-r-- 1 wit wit 6154 Jul 29 11:51 serverbundle.p12
2、tomcat配置
-bash-4.1$ pwd
/mnt/oss/oss_tomcat_test/conf
-bash-4.1$ vim server.xml
69 <Connector port="8086" protocol="HTTP/1.1"
70 connectionTimeout="20000"
71 redirectPort="8443" />
73
74 <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
75 maxThreads="150" scheme="https" secure="true"
76 clientAuth="false" sslProtocol="TLS"
77 keystoreFile="/mnt/certificate/tomcat/serverbundle.keystore"
78 keystorePass="tomcat" />
完成以上操纵,然后 重启服务就可以了
3、访问测试
1、http反问
http://yytest.linlehui001.com/ZDW_MOBILE/merchant/merchant!goMain.htm
2、https访问
https://yytest.linlehui001.com:8443/ZDW_MOBILE/merchant/merchant!goMain.htm