zoukankan      html  css  js  c++  java

  • Tomcat 开启 SSL

    生成keystore

    /usr/java/default/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore ~/tomcat.keystore -validity 36500

    编辑 tomcat/conf/server.xml 启用ssl

    <Connector 
        protocol="org.apache.coyote.http11.Http11Protocol"    
        port="9443" 
        enableLookups="true" 
        disableUploadTimeout="true"    
        acceptCount="100" 
        maxThreads="200"    
        scheme="https"    
        secure="true" 
        SSLEnabled="true"    
        keystoreFile="/home/tomcat/tomcat-runtime-2/conf/server.keystore"    
        keystorePass="111111"    
        clientAuth="true"    
        sslProtocol="TLS"
        sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
        ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"
        URIEncoding="UTF-8"/>

    sslEnabledProtocols 和 ciphers 不加的话, 在新版本的浏览器可能会因为加密算法太弱而拒绝访问

    如果catalina.out中显示正常而无法访问8443端口的话, 查看一下iptables和semanage

    iptables -L -n
semanage port -l
  • 相关阅读:
    P2325 [SCOI2005]王室联邦
    P2709 小B的询问
    P4867 Gty的二逼妹子序列
    P4396 [AHOI2013]作业
    CF617E XOR and Favorite Number
    P4462 [CQOI2018]异或序列
    p4434 [COCI2017-2018#2] ​​Usmjeri
    LOJ 117 有源汇有上下界最小流
    P4137 Rmq Problem / mex
    LOJ 116 有源汇有上下界最大流
  • 原文地址:https://www.cnblogs.com/milton/p/5034098.html
Copyright © 2011-2022 走看看