zoukankan      html  css  js  c++  java
  • Use HTTPS instead of HTTP

     
    The following solutions use self-signed certificates. You can see more details about self-signed steps at http://xiaohuafyle.iteye.com/blog/1538719.
     
    Certificate: self-signed (need Java keytool to generate certificates)
    System: Linux
     
    ==== 1 Generate a Self-signed CA ====
    Open a terminal and generate a self-signed CA by following:
    1. CATALINA_HOME/conf/sslCertificate> keytool -genkey -v -alias tomcat -keyalg RSA -validity 365 -keystore tomcat.keystore
    where 365 means the CA will be valid for 365 days, and the tomcat.keystore will be stored in the current directory. After pressing "Enter", you are required to input name, ..., password, ... Note that the name is domain name (e.g. www.siemens.com, more recommended) or IP address (e.g. 139.24.236.50). You have to rememebr the keystore password and tomcat password you set at this step, which will be needed later.
     
    2. CATALINA_HOME/conf/sslCertificate> keytool -export -alias tomcat -keystore tomcat.keystore -file tomcat.cer
    Enter the keystore password when required.
     
     
    ==== 2 Tomcat configuration ====
    1. Make sure that the keystore file (i.e. tomcat.keystore) is under tomcat/conf/sslCertificate/
     
    2. Open CATALINA_HOME/conf/server.xml and modify the corresponding connectors to:
        <Connector port="8888" protocol="HTTP/1.1"
            connectionTimeout="20000"
            redirectPort="8443"
        />
        <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true" 
            maxThreads="150" scheme="https" secure="true" 
            clientAuth="false" sslProtocol="TLS"
            keystoreFile="conf/sslCertificate/tomcat13.keystore" keystorePass="cas24MEGA"
        />
    Note: 
    (1) redirectPort is set because HTTP uses port 8888 and HTTPS uses port 8443. 
    (2) Remember to set keystoreFile and keystorePass
    (3) When you set path for keystoreFile, be carefull it is "conf/..." NOT "/conf/...". The difference is "/". This is important.
     
    3. Open CATALINA_HOME/conf/web.xml, and add the following lines after <welcome-file-list>...</welcome-file-list>
        <login-config> 
            <!-- Authorization setting for SSL: set authentication method --> 
            <auth-method>CLIENT-CERT</auth-method> 
            <realm-name>Client Cert Users-only Area</realm-name> 
        </login-config> 
        <security-constraint> 
            <!-- Authorization setting for SSL: force HTTPS transmission --> 
            <web-resource-collection > 
                <web-resource-name >SSL</web-resource-name> 
                <url-pattern>/*</url-pattern> 
            </web-resource-collection> 
            <user-data-constraint> 
                <transport-guarantee>CONFIDENTIAL</transport-guarantee> 
            </user-data-constraint> 
        </security-constraint>
    You can see more details at tomcat设置http自动跳转为https访问. Also, I recommend you to search more information about "CLIENT-CERT" to see the differences among different authentication methods.
     
    4. Finally, restart tomcat service and test the page.
        e.g. http://xxx.xxx.xxx.xxx:portNumber/webApp
  • 相关阅读:
    解决urbuntu桌面本客户端输入ll command not found
    小白学习安全测试(二)——httrack的安装和使用
    Selenium + java不借助autolt实现下载文件到指定目录
    用例设计工具PICT — 输入组合覆盖
    解决创建maven项目Could not resolve archetype org.apache.maven.archetypes:maven-archetype-quickstart问题
    作死的自动化测试【转】
    测试开发是什么?为什么现在那么多公司都要招聘测试开发?【转】
    MySql的触发器
    MySql的存储过程
    MySql的索引操作
  • 原文地址:https://www.cnblogs.com/skyssky/p/4210309.html
Copyright © 2011-2022 走看看