zoukankan      html  css  js  c++  java

  • Tomcat SSL 设置

    1. 先用如下命令生成tomcat 证书

     1 cls 
 2 
 3 rem please set the env JAVA_HOME before run this bat file 
 4 SET JAVA_HOME=C:ProgramsJavajdk1.7.0_51
 5 SET PATH=%PATH%;%JAVA_HOME%/bin
 6 
 7 rem delete alias tomcat if it is existed 
 8 keytool -delete -alias tomcatsso -keystore  %JAVA_HOME%/jre/lib/security/cacerts -storepass changeit 
 9 
10 REM DELETE existing tomcatsso certified book 
11 keytool -delete -alias tomcatsso -storepass changeit 
12 
13 rem list all alias in the cacerts 
14 REM List ALL certified in certified warehouse
15 keytool -list -keystore %JAVA_HOME%/jre/lib/security/cacerts -storepass changeit 
16 
17 
18 rem generator a key 
19 REM use RSA algorithm, generate a certified with name=tomcatsso, password=changeit
20 REM certified DN= cn=locahost, please make sure the DN = the host name
21 keytool -genkey -keyalg RSA -alias tomcatsso -dname "cn=localhost" -storepass changeit 
22 
23 rem export the key 
24 REM expoert the certified from keystore, generate tomcatsso.crt file
25 keytool -export -alias tomcatsso -file %JAVA_HOME%/jre/lib/security/tomcatsso.crt -storepass changeit 
26 
27 REM import into trust cacerts, generate tomcatsso.crt file
28 REM import the tomcatsso.crt INTO JRE trusted certified warehouse, make sure the jre dir is the same as the jre which used by Tomcat, or Tomcat will not able to find the Certified
29 keytool -import -alias tomcatsso -file %JAVA_HOME%/jre/lib/security/tomcatsso.crt -keystore %JAVA_HOME%/jre/lib/security/cacerts -storepass changeit 
30 
31 rem list all alias in the cacerts 
32 keytool -list -keystore %JAVA_HOME%/jre/lib/security/cacerts -storepass changeit

    2.After the script run complete, verify the certificate generated correctly

    (1) check there is a tomcatsso.crt in your %JAVA_HOME%jrelibsecurity

    (2) check there is a .keystore in your C:Documents and SettingsYOUR_USERNAME

    3.在Eclipse 中的配置tomcat

    保证启动tomcat的jdk是刚才用于生成证书的jdk

    (2) 编辑Server.XML, 加入keystore和CA 证书

     <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true"
    keystoreFile="C:/Documents and Settings/e527051/.keystore" keystorePass="changeit"       truststoreFile="C:/Programs/Java/jdk1.6.0_22/jre/lib/security/cacerts"
    clientAuth="false" sslProtocol="TLS" />

    (3) 用8443端口打开应用

    https://localhost:8443/ewusu-network

    https://localhost:8443/ewusu-engine

    下一篇文章讲解如何使用jasig cas在Tomcat中设置single sign on
  • 相关阅读:
    设计模式之单一职责原则
    设计模式之策略模式
    设计模式之简单工厂模式
    基于 Docker 的微服务架构实践
    深入理解Redis内存模型
    Spring核心——设计模式与IoC
    P9架构师讲解从单机至亿级流量大型网站系统架构的演进过程
    大型分布式网站架构:缓存在分布式系统中的应用
    阿里架构师的日志:带你快速理解微服务架构;理解微服务架构的核心
    Spring核心——Bean的定义与控制
  • 原文地址:https://www.cnblogs.com/xzpp/p/3788707.html
Copyright © 2011-2022 走看看