tomcat 7 配置SSL，解决了TOMCAT6升级带来的问题

最新推荐文章于 2019-06-24 17:48:32 发布

置顶山里小龙

最新推荐文章于 2019-06-24 17:48:32 发布

阅读量3.9k

点赞数 1

分类专栏： TOMCAT服务器文章标签： tomcat ssl authorization pair scheme c

本文链接：https://blog.csdn.net/zilong00007/article/details/7336950

版权

TOMCAT服务器专栏收录该内容

2 篇文章 0 订阅

订阅专栏

１．生成认证文件:

1>.生成 server key ：

keytool -genkey -alias nsp -keyalg  RSA -validity 3650  -keystore /opt/apache-tomcat-7.0.26/conf/keystore/nsp.keystore
	Enter keystore password:  ← 输入密码
	Re-enter new password: 　← 输入确认密码
	What is your first and last name?
  	[Unknown]:  your name　← 输入用户
	What is the name of your organizational unit?
 	 [Unknown]:  ← 不输入，直接回车
	What is the name of your organization?
 	 [Unknown]:  your organization　 ← 输入组织名
	What is the name of your City or Locality?
  	[Unknown]:  fs　← 输入城市
	What is the name of your State or Province?
  	[Unknown]:  gd　← 输入省份
	What is the two-letter country code for this unit?
  	[Unknown]: ← 不输入，直接回车
	Is CN=jeff, OU=jeff, O=nsp, L=fs, ST=gd, C=123 correct?
  	[no]:  y

	Enter key password for <nsp>
        	(RETURN if same as keystore password):← 不输入，直接回车	Re-enter new password:← 不输入，直接回车

２>.生成 pl2文件：

keytool -genkey -v -alias nsp -keyalg RSA -storetype PKCS12 -keystore /opt/tomcat7/conf/keystore/nsp.pl2 -dname "CN=admin, OU=nsp, O=nsp, L=foshan, ST=gd, C=cn" -storepass test123 -keypass test123
	Generating 1,024 bit RSA key pair and self-signed certificate (SHA1withRSA) with a validity of 90 days
       	 for: CN=admin, OU=nsp, O=nsp, L=foshan, ST=gd, C=cn
	[Storing /opt/apache-tomcat-7.0.26/keystore2/nsp.pl2]

３>导入过程分2步，第一步是导出证书，第二步是导入到证书信任库，命令如下：

   keytool -export -alias nsp -keystore /opt/tomcat7/conf/keystore/nsp.pl2 -storetype PKCS12 -storepass test123 -rfc -file /opt/tomcat7/conf/keystore/nsp.cer
Generating 1,024 bit RSA key pair and self-signed certificate (SHA1withRSA) with a validity of 90 days
        for: CN=admin, OU=nsp, O=nsp, L=foshan, ST=gd, C=cn
[Storing /opt/apache-tomcat-7.0.26/keystore2/nsp.pl2]

keytool -import -v -file /opt/tomcat7/conf/keystore/nsp.cer -keystore /opt/tomcat7/conf/keystore/nsp.keystore -storepass test123

2.设置TOMCAT使其增加SSL支持，修改service.xml文件:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"  
              maxThreads="150" scheme="https" secure="true"  
              clientAuth="false" sslProtocol="TLS" keystoreFile="/opt/tomcat7/conf/keystore/test.keystore" keystorePass="test123" />

3.如果要对单独工程的强制安全访问，对相应工程的web.xml文件加入如下代码：

<login-config>   
		<!-- Authorization setting for SSL -->   
		<auth-method>CLIENT-CERT</auth-method>   
		<realm-name>Client Cert Users-only Area</realm-name>   
	</login-config>   
	<security-constraint>   
		<!-- Authorization setting for SSL -->   
		<web-resource-collection >   
			<web-resource-name >SSL</web-resource-name>   
			<url-pattern>/*</url-pattern>   
		</web-resource-collection>   
		<user-data-constraint>   
			<transport-guarantee>CONFIDENTIAL</transport-guarantee>   
		</user-data-constraint>   
	</security-constraint>

４．如上配置好后便可以用 Https://domain:8443 方式直接访问.

山里小龙

关注

1
点赞
踩
2

收藏

觉得还不错? 一键收藏
0
评论
tomcat 7 配置SSL，解决了TOMCAT6升级带来的问题

１．生成认证文件: 1>.生成 server key ： keytool -genkey -alias nsp -keyalg RSA -validity 3650 -keystore /opt/apache-tomcat-7.0.26/conf/keystore/nsp.keystore Enter keystore password: ← 输入密码 Re-ente
复制链接

扫一扫

专栏目录