CAS配置(1)SSL证书配置

一、配置源码

源码配置稍后提供

二、系统环境安装

安装JDK配置，版本>=1.7

环境变量配置(参考)：

JAVA_HOME=C:Program Files x86)Javajdk1.7.0_25

Path=%JAVA_HOMEin

CALSS=.;%JAVA_HOMElib ools.jar;%JAVA_HOMElibdt.jar       

三、数据库安装

可选项：MySql,MsSql,Oracle，均可

四、Tomact安装

可选项：Tomact7,Tomact8

为避免端口冲突，在Server.xml配置文件参考配置如下：

　　在Tomact安装目录,conf目录server.xml文件用编辑器比如(sublime3)打开，参考下面端代码更新自己的配置文件 　　

 <Connector port="7180" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="7143" />
    <!-- A "Connector" using the shared thread pool-->
    <!--
    <Connector executor="tomcatThreadPool"
               port="7180" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="7143" />
    -->
    <!-- Define a SSL HTTP/1.1 Connector on port 7143
         This connector uses the BIO implementation that requires the JSSE
         style configuration. When using the APR/native implementation, the
         OpenSSL style configuration is required as described in the APR/native
         documentation -->
    <!--
    <Connector port="7143" protocol="org.apache.coyote.http11.Http11Protocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />
    -->

    <!--Https配置-->
    <Connector port="7143" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true" 
               maxThreads="200" scheme="https" secure="true" 
               clientAuth="false" sslProtocol="TLS" 
               keystoreFile="d:/Keys/.keystore" 
               keystorePass="changeit" />
    <!-- Define an AJP 1.3 Connector on port 7109 -->
    <Connector port="7109" protocol="AJP/1.3" redirectPort="7143" />

 

五、SSL安装证书制作

A.        JavaHttps证书制作

建议将其存为bat文件，注意path路径

set path="C:Program Files (x86)Java"

keytool -genkey -alias tomcat -keyalg RSA -storepass changeit -keystore c:keys.keystore -validity 3600

pause

 

B.        Java导出证书

建议将其存为bat文件，注意path路径

set path="C:Program Files (x86)Java"

keytool -export -trustcacerts -alias tomcat -file c:keys omcat.cer -keystore c:keys.keystore -storepass changeit

pause

C.        Java导出证书到JDK证书信任库

建议将其存为bat文件，注意path路径

set path="C:Program Files (x86)Java"

keytool -import -trustcacerts -alias tomcat -file c:keys omcat.cer -keystore "C:Program Files (x86)Javajre7libsecuritycacerts" -storepass changeit

pause

D.        列出信任证书库所有已有证书

建议将其存为bat文件，注意path路径

set path="C:Program Files (x86)Java"

keytool -list -v -keystore "C:Program Files (x86)Javajre7libsecuritycacerts"

pause

E.         从信任证书库中删除证书

建议将其存为bat文件，注意path路径

set path=C:Program Files (x86)Java

keytool -delete -trustcacerts -alias tomcat -keystore C:Program Files (x86)Javajre7libsecuritycacerts -storepass changeit

pause

 

F.         证书与Tomact配置

配置文件：Tomact,安装Conf文件夹Server.xml配置，参考配置如下

    <!--Https配置-->
    <Connector port="7143" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true" 
               maxThreads="200" scheme="https" secure="true" 
               clientAuth="false" sslProtocol="TLS" 
               keystoreFile="d:/Keys/.keystore" 
               keystorePass="changeit" 
    />

　　

KeystoreFile,就是证书地址，keystorePass证书密码

注意：证书制作时，JDK地址是有效的